Groups

Azure AD – export groups and members #2 – advanced version!

Due to the popularity of the initial script (over 5000 views and 3rd in the list on a google search – cheers!) Azure AD – Export Groups and Members to CSV, and thanks to David for asking, this script goes next level and will export the groups and the members with properties ObjectID, Display Name, UserPrincipalName and Email Address. It caters for the main member ‘types’, User, Device, Group, and Contact. If another type of object is a member the output will say ‘Unknown object’. This could be a service principal or other object which you can investigate using the ObjectId. If a group has no members, ‘No members’ is output as the member display name.

The script uses the AzAD cmdlets as well as the AzureAD cmdlets, so make sure you have installed and imported them.

To install them:

Install-Module Az -SkipPublisherCheck -Force -AllowClobber -Confirm:$false

Install-Module AzureAD -SkipPublisherCheck -Force -AllowClobber -Confirm:$false

To import them:

Import-Module Az

Import-Module AzureAD

Enjoy! 🍻🤟🙂🤟🍻

$allgroups = Get-AzADGroup

$result = foreach ( $group in $allgroups ) {

    $hash = @{
        GroupName=$group.DisplayName
        Member=''
        Email=''
        UserPrincipalName=''
        ObjectId=''
    }
    
    $groupid = $group.id
    $groupdisplayname = $group.DisplayName

        if ( $members = Get-AzADGroupMember -GroupObjectId $groupid ) {

            foreach ( $member in $members ) {

                if ( $member.OdataType -eq '#microsoft.graph.user' ) {

                    $objectid = $member.Id
                    $userinfo = Get-AzADUser -ObjectId $objectid
                    $displayname = $userinfo.DisplayName
                    $email = $userinfo.Mail
                    $upn = $userinfo.UserPrincipalName
                     
                    $hash.Member = $displayname
                    $hash.Email = $email
                    $hash.UserPrincipalName = $upn
                    $hash.ObjectId = $objectid
                    New-Object psObject -Property $hash
                }

                elseif ( $member.OdataType -eq '#microsoft.graph.group' ) {

                    $objectid = $member.Id
                    $userinfo = Get-AzADGroup -ObjectId $objectid
                    $displayname = $userinfo.DisplayName
                    $email = $userinfo.Mail
                    $upn = 'No UPN - Nested Group'
                     
                    $hash.Member = $displayname
                    $hash.Email = $email
                    $hash.UserPrincipalName = $upn
                    $hash.ObjectId = $objectid
                    New-Object psObject -Property $hash                
                }
                
                elseif ( $member.OdataType -eq '#microsoft.graph.orgContact' ) {

                    $objectid = $member.Id
                    $userinfo = Get-AzureADContact -ObjectId $objectid
                    $displayname = $userinfo.DisplayName
                    $email = $userinfo.Mail
                    $upn = 'No UPN - Contact'
                     
                    $hash.Member = $displayname
                    $hash.Email = $email
                    $hash.UserPrincipalName = $upn
                    $hash.ObjectId = $objectid
                    New-Object psObject -Property $hash
                }

                elseif ( $member.OdataType -eq '#microsoft.graph.device' ) {

                    $objectid = $member.Id
                    $userinfo = Get-AzureADDevice -ObjectId $objectid
                    $displayname = $userinfo.DisplayName
                    $email = 'No Email - Device'
                    $upn = 'No UPN - Device'
                     
                    $hash.Member = $displayname
                    $hash.Email = $email
                    $hash.UserPrincipalName = $upn
                    $hash.ObjectId = $objectid
                    New-Object psObject -Property $hash
                
                }

                else {
                    $objectid = $member.Id
                    $displayname = 'Unknown object'
                    $email = 'Unknown object'
                    $upn = 'Unknown object'
                     
                    $hash.Member = $displayname
                    $hash.Email = $email
                    $hash.UserPrincipalName = $upn
                    $hash.ObjectId = $objectid
                    New-Object psObject -Property $hash

                }
            }
        }

        else {
           $hash.Member = 'No members'
           $hash.Email = ''
           $hash.UserPrincipalName = ''
           $hash.ObjectId = ''
           New-Object psObject -Property $hash

        }
}

$result | Export-Csv -Path c:\temp\aadgroupsandmembers.csv -NoTypeInformation

3 September 2022 by simon.burbery PowerShell 1

Active Directory – Export Groups and Members to a CSV file (with email addresses)

Greetings! 👀 After a comment on my initial post asking for user email addresses in the output, I ended up getting a bit confused for 4 hours while trying to achieve the goal (it was a Friday night so several beers were involved) 🍻 !!

When I started seeing the dreaded pages of red errors in my results I soon realised I was not thinking that objects other than users can be members of a group. Of course! So I need to cater for computers, nested groups and users with no email address.

The result is below and from initial testing it seems to work well. Key points:

As with the original script, the CSV will output AD groups and members.
Where a group has no members, the group name is output with ‘No Members’ in the members column (and also now in the EmailAddress column).
The CSV has an ‘EmailAddress’ column added:
- Where the member is a user and has an email address, the address is displayed.
- Where the member is a user and does not have an address, ‘No Email Address’ is displayed.
- Where the member is a computer, ‘Computer Object’ is displayed.
- Where the member is a group, ‘Nested Group’ is displayed.

Voilà mes amis ! Code is below – as usual please comment if it helped or you made it better or it didn’t work for you ✌😃🤞. Thanks for coming, until nek tiya !

Also check out the Azure AD script: export-azure-ad-groups-and-members-to-csv

# export active directory groups and members to csv (also output empty groups with 'No Members' value)
# assumes run on 2012 R2 or newer domain controller or import of ActiveDirectory module
# 2022-04-02 - added logic to output email address column, catering for other object types that do not have addresses.

$allgroups = Get-ADGroup -Filter *

$result = foreach ( $group in $allgroups ) {

    $hash = @{GroupName=$group.SamAccountName;Member='';EmailAddress=''}
    $groupid = $group.DistinguishedName
    
    if ( $members = Get-ADGroupMember $groupid ) {
            
         foreach ( $member in $members ) {
            
                if ( $member.objectClass -eq 'user' ) {
                    $memberemail = (Get-ADUser -Properties mail $member.distinguishedName).mail
                        if ( $memberemail -ne $null ) {
                            $hash.Member = $member.Name
                            $hash.EmailAddress = $memberemail
                            New-Object psObject -Property $hash
                        }
                        else {
                            $memberemail = "No Email Address"
                            $hash.Member = $member.Name
                            $hash.EmailAddress = $memberemail
                            New-Object psObject -Property $hash
                        }       
                }       
                        else {                
                            if ( $member.objectClass -eq 'group' ) {
                                $memberemail = "Nested Group"
                                $hash.Member = $member.Name
                                $hash.EmailAddress = $memberemail
                                New-Object psObject -Property $hash
                            }
                            if ( $member.objectClass -eq 'computer' ) {
                                $memberemail = "Computer Object"
                                $hash.Member = $member.Name
                                $hash.EmailAddress = $memberemail
                                New-Object psObject -Property $hash
                            }
                        }
            }
    }
        else {
        $emailaddress = "No Members"
        $displayname = "No Members"
        $hash.Member = $displayname
        $hash.EmailAddress = $emailaddress
        New-Object psObject -Property $hash
    }
}

$result | Export-Csv -Path C:\temp\ActiveDirectoryGroupsAndMembers.csv -NoTypeInformation

# End

2 April 2022 by simon.burbery PowerShell 4

Azure AD – export groups and members to CSV

UPDATE Feb ’23 – David made me do it – well, he didn’t make me at all really, but I did it anyway 🙂. Check out this new post which uses AzAD and AzureAD cmdlets to get the groups and members email, UPN and ObjectID (catering for different member types and groups with no members):

Azure AD – export groups and members #2

UPDATE June ’22 – for on-premises AD check out Active Directory – export groups and members (with email addresses).

# export azure ad groups and members to csv (also output empty groups with 'No Members' value) 
# assumes existing connection to Azure AD using Connect-AzureAD (or use a runbook)

$allgroups = Get-AzureADGroup -All $true | select ObjectId,DisplayName

$result = foreach ( $group in $allgroups ) {

    $hash = @{GroupName=$group.DisplayName;Member=''}
    $groupid = $group.ObjectId
    
    if ( $members = Get-AzureADGroupMember -ObjectId $groupid ) {
            
            foreach ( $member in $members ) {

                $hash.Member = $member.DisplayName
                New-Object psObject -Property $hash
            }
            }
    else
        {
        $displayname = "No Members"
        $hash.Member = $displayname
        New-Object psObject -Property $hash
        }
}

$result | Export-Csv -Path C:\temp\AzureADGroups.csv -NoTypeInformation

# End

PowerShell get azure ad group members export to csv

export azure ad group members to csv PowerShell

PowerShell export azure ad user group membership to csv

12 September 2021 by simon.burbery PowerShell 9

Export Active Directory groups and members to CSV file

UPDATE 2022-04-02 – if you would like email addresses with the output, check out my new post at: https://www.howdoiuseacomputer.com/index.php/2022/04/02/export-active-directory-groups-and-members-to-a-csv-file-with-email-addresses/

# export active directory groups and members to csv (also output empty groups with 'No Members' value)
# assumes run on domain controller or import of ActiveDirectory module

$allgroups = Get-ADGroup -Filter *

$result = foreach ( $group in $allgroups ) {

    $hash = @{GroupName=$group.SamAccountName;Member=''}
    $groupid = $group.distinguishedname
    
    if ( $members = Get-ADGroupMember $groupid ) {
            
            foreach ( $member in $members ) {

                $hash.Member = $member.Name
                New-Object psObject -Property $hash
            }
    }
    else {
        $displayname = "No Members"
        $hash.Member = $displayname
        New-Object psObject -Property $hash
    }
}

$result | Export-Csv -Path C:\temp\ActiveDirectoryGroupsAndMembers.csv -NoTypeInformation

# End

12 September 2021 by simon.burbery PowerShell 4

Azure AD – export groups and members #2 – advanced version!

Active Directory – Export Groups and Members to a CSV file (with email addresses)

Azure AD – export groups and members to CSV

Export Active Directory groups and members to CSV file

send me your new stuff!

recent stuff…

recent comms…

practical365 stuff…