Azure AD – export groups and members to CSV

11 Comments / By /

UPDATE Feb ’23 – David made me do it – well, he didn’t make me at all really, but I did it anyway 🙂. Check out this new post which uses AzAD and AzureAD cmdlets to get the groups and members email, UPN and ObjectID (catering for different member types and groups with no members):

Azure AD – export groups and members #2

UPDATE June ’22 – for on-premises AD check out Active Directory – export groups and members (with email addresses).

# export azure ad groups and members to csv (also output empty groups with 'No Members' value) 
# assumes existing connection to Azure AD using Connect-AzureAD (or use a runbook)

$allgroups = Get-AzureADGroup -All $true | select ObjectId,DisplayName

$result = foreach ( $group in $allgroups ) {

    $hash = @{GroupName=$group.DisplayName;Member=''}
    $groupid = $group.ObjectId
    
    if ( $members = Get-AzureADGroupMember -ObjectId $groupid ) {
            
            foreach ( $member in $members ) {

                $hash.Member = $member.DisplayName
                New-Object psObject -Property $hash
            }
            }
    else
        {
        $displayname = "No Members"
        $hash.Member = $displayname
        New-Object psObject -Property $hash
        }
}

$result | Export-Csv -Path C:\temp\AzureADGroups.csv -NoTypeInformation

# End

PowerShell get azure ad group members export to csv

export azure ad group members to csv PowerShell

PowerShell export azure ad user group membership to csv

Loading

11 thoughts on “Azure AD – export groups and members to CSV”

  1. kai

    This script is perfect! Thank you.
    I want to add the user subject name, is it possible?

    Group name, member, Userprincipalname. I want to check.

    Reply
  2. Brian

    Hi, first of all thanks for this script, it is exactly what I was looking for. Secondly I am noticing that not all groups are being listed in the output. We’ve got 166 groups in our tenant and they are a mixture of Security and Microsoft 365 groups. I’m noticing that instances of both types are missing. Any help with this issue please?

    Reply
      1. Brian

        Hi Simon, thanks for your reply, but I still can’t get it to work. Excuse my lack of knowledge in Powershell, but I’m still getting to know my way around scripting.

        When running the newer script, I am getting the below error for different resources. What resources are they referring to?

        Az.MSGraph.internal\Get-AzADUser : Resource ‘d5591f41-94b1-4ff3-b596-f45812e28a93’ does not exist or one of its queried
        reference-property objects are not present.
        At C:\Program Files\WindowsPowerShell\Modules\Az.Resources\6.5.2\MSGraph.Autorest\custom\Get-AzADUser.ps1:205 char:9
        + Az.MSGraph.internal\Get-AzADUser @PSBoundParameters
        + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo : InvalidOperation: ({ Id = d5591f41…= , Expand = }:f__AnonymousType4`4) [Get-AzADUser_Get], Exc
        eption
        + FullyQualifiedErrorId : Request_ResourceNotFound,Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Cmdlets.GetAzADUser_G
        et

        I have already installed the module as explained in your article. Thanks for your help!

        Reply
        1. simon.burbery

          Hi Brian, I’ve done some testing and found that Get-AzureADGroup limits output unless the switch -All $true is added. This may explain the missing groups in your output. I’ve updated the page so try it again and see if you get the expected results. The new cmdlet Get-AzADGroup appears to get all groups by default… I’ll see if I can replicate the error you are getting. Cheers, Simon.

          Reply
        2. simon.burbery

          Hello again! I’ve updated the new script as well so you shouldn’t get those resource errors now Brian. I was only considering users, but of course there are other objects as well – devices, contacts and other groups can be members, so I’ve added the logic to cater for those.

          Cheers! Simon

          Reply
    1. simon.burbery

      Sure you can! Check out the Tenant Mailbox Migration post for an option to create users – https://www.howdoiuseacomputer.com/index.php/2022/04/02/microsoft-365-cross-tenant-migration
      Create groups and add members using:
      $csvdata = import-csv c:\temp\file.csv
      foreach ($line in $csvdata) {
      $groupdisplayname = $line.GroupName
      $groupnickname = $line.GroupName -replace ‘[^a-zA-Z0-9]’, ”
      $userprincipalname = $line.UserPrincipalName
      if (!( Get-AzADGroup $groupdisplayname )) {
      New-AzADGroup -DisplayName $groupdisplayname -MailNickname $groupnickname -GroupType Security
      }
      Add-AzADGroupMember -TargetGroupDisplayName $groupdisplayname -MemberUserPrincipalName $userprincipalname
      }

      Cheers

      Reply
    1. simon.burbery

      Hi David, check out my other post https://www.howdoiuseacomputer.com/index.php/2022/04/02/export-active-directory-groups-and-members-to-a-csv-file-with-email-addresses.
      It is for legacy AD but you can modify it for Azure using the “azAD” commands. Install the Azure modules: install-module az -skippublishercheck -force -allowclobber -confirm:$false

      Here is an example of getting groups then members with Name and UPN:
      $allgroups = Get-AzADGroup

      foreach ( $group in $allgroups ) {
      $groupid = $group.id
      $groupdisplayname = $group.DisplayName
      $members = Get-AzADGroupMember -GroupObjectId $groupid

      foreach ( $member in $members ) {
      $memberid = $member.Id
      $userinfo = Get-AzADUser -ObjectId $memberid
      $username = $userinfo.DisplayName
      $upn = $userinfo.UserPrincipalName

      Write-Host “$groupdisplayname,$username,$upn”
      }
      }

      Cheers, Simon

      Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top