Due to the popularity of the initial script (over 5000 views and 3rd in the list on a google search – hooray!) Azure AD – Export Groups and Members to CSV, and thanks to David for asking, this script goes next level and will export the groups and the members with properties ObjectID, Display Name, UserPrincipalName and Email Address. It caters for the main member ‘types’, User, Device, Group, and Contact. If another type of object is a member the output will say ‘Unknown object’. This could be a service principal or other object which you can investigate using the ObjectId. If a group has no members, ‘No members’ is output as the member display name.
The script uses the AzAD cmdlets as well as the AzureAD cmdlets, so make sure you have installed and imported them.
To install them:
Install-Module Az -SkipPublisherCheck -Force -AllowClobber -Confirm:$false
Install-Module AzureAD -SkipPublisherCheck -Force -AllowClobber -Confirm:$false
To import them:
Import-Module Az
Import-Module AzureAD
Then connect to Azure AD:
Connect-AzureAD
Enjoy! 🍻🤟🙂🤟🍻
$allgroups = Get-AzADGroup
$result = foreach ( $group in $allgroups ) {
$hash = @{
GroupName=$group.DisplayName
Member=''
Email=''
UserPrincipalName=''
ObjectId=''
}
$groupid = $group.id
$groupdisplayname = $group.DisplayName
if ( $members = Get-AzADGroupMember -GroupObjectId $groupid ) {
foreach ( $member in $members ) {
if ( $member.OdataType -eq '#microsoft.graph.user' ) {
$objectid = $member.Id
$userinfo = Get-AzADUser -ObjectId $objectid
$displayname = $userinfo.DisplayName
$email = $userinfo.Mail
$upn = $userinfo.UserPrincipalName
$hash.Member = $displayname
$hash.Email = $email
$hash.UserPrincipalName = $upn
$hash.ObjectId = $objectid
New-Object psObject -Property $hash
}
elseif ( $member.OdataType -eq '#microsoft.graph.group' ) {
$objectid = $member.Id
$userinfo = Get-AzADGroup -ObjectId $objectid
$displayname = $userinfo.DisplayName
$email = $userinfo.Mail
$upn = 'No UPN - Nested Group'
$hash.Member = $displayname
$hash.Email = $email
$hash.UserPrincipalName = $upn
$hash.ObjectId = $objectid
New-Object psObject -Property $hash
}
elseif ( $member.OdataType -eq '#microsoft.graph.orgContact' ) {
$objectid = $member.Id
$userinfo = Get-AzureADContact -ObjectId $objectid
$displayname = $userinfo.DisplayName
$email = $userinfo.Mail
$upn = 'No UPN - Contact'
$hash.Member = $displayname
$hash.Email = $email
$hash.UserPrincipalName = $upn
$hash.ObjectId = $objectid
New-Object psObject -Property $hash
}
elseif ( $member.OdataType -eq '#microsoft.graph.device' ) {
$objectid = $member.Id
$userinfo = Get-AzureADDevice -ObjectId $objectid
$displayname = $userinfo.DisplayName
$email = 'No Email - Device'
$upn = 'No UPN - Device'
$hash.Member = $displayname
$hash.Email = $email
$hash.UserPrincipalName = $upn
$hash.ObjectId = $objectid
New-Object psObject -Property $hash
}
else {
$objectid = $member.Id
$displayname = 'Unknown object'
$email = 'Unknown object'
$upn = 'Unknown object'
$hash.Member = $displayname
$hash.Email = $email
$hash.UserPrincipalName = $upn
$hash.ObjectId = $objectid
New-Object psObject -Property $hash
}
}
}
else {
$hash.Member = 'No members'
$hash.Email = ''
$hash.UserPrincipalName = ''
$hash.ObjectId = ''
New-Object psObject -Property $hash
}
}
$result | Export-Csv -Path c:\temp\aadgroupsandmembers.csv -NoTypeInformation
Could you please say as layman’s term?
Obviously not SandySanthosh! =) Happy to try though, which bit, or bits are not making sense?
Cheers,
Simon
Hay Simon.. Thanks I was also searching same kind of script and I found here.
…and I am glad =)
Thank you, Simon; this is precisely what we need, if possible, how to add both company and title attributes. Also, I receive this warning when running the script “WARNING: This cmdlet is using a preview API version and is subject to breaking change in a future release.”
Oops not sure how I missed your comment! Thanks Mark – hopefully you worked it out to grab those additional attributes under the “Get-AzADUser” command. Cheers, Simon