Azure AD – export groups and members #2 – advanced version!

8 Comments / By /

Due to the popularity of the initial script (over 5000 views and 3rd in the list on a google search – hooray!) Azure AD – Export Groups and Members to CSV, and thanks to David for asking, this script goes next level and will export the groups and the members with properties ObjectID, Display Name, UserPrincipalName and Email Address. It caters for the main member ‘types’, User, Device, Group, and Contact. If another type of object is a member the output will say ‘Unknown object’. This could be a service principal or other object which you can investigate using the ObjectId. If a group has no members, ‘No members’ is output as the member display name.

The script uses the AzAD cmdlets as well as the AzureAD cmdlets, so make sure you have installed and imported them.

To install them:

Install-Module Az -SkipPublisherCheck -Force -AllowClobber -Confirm:$false

Install-Module AzureAD -SkipPublisherCheck -Force -AllowClobber -Confirm:$false

To import them:

Import-Module Az

Import-Module AzureAD

Then connect to Azure AD:

Connect-AzureAD

Enjoy! 🍻🤟🙂🤟🍻 

$allgroups = Get-AzADGroup

$result = foreach ( $group in $allgroups ) {

    $hash = @{
        GroupName=$group.DisplayName
        Member=''
        Email=''
        UserPrincipalName=''
        ObjectId=''
    }
    
    $groupid = $group.id
    $groupdisplayname = $group.DisplayName

        if ( $members = Get-AzADGroupMember -GroupObjectId $groupid ) {

            foreach ( $member in $members ) {

                if ( $member.OdataType -eq '#microsoft.graph.user' ) {

                    $objectid = $member.Id
                    $userinfo = Get-AzADUser -ObjectId $objectid
                    $displayname = $userinfo.DisplayName
                    $email = $userinfo.Mail
                    $upn = $userinfo.UserPrincipalName
                     
                    $hash.Member = $displayname
                    $hash.Email = $email
                    $hash.UserPrincipalName = $upn
                    $hash.ObjectId = $objectid
                    New-Object psObject -Property $hash
                }

                elseif ( $member.OdataType -eq '#microsoft.graph.group' ) {

                    $objectid = $member.Id
                    $userinfo = Get-AzADGroup -ObjectId $objectid
                    $displayname = $userinfo.DisplayName
                    $email = $userinfo.Mail
                    $upn = 'No UPN - Nested Group'
                     
                    $hash.Member = $displayname
                    $hash.Email = $email
                    $hash.UserPrincipalName = $upn
                    $hash.ObjectId = $objectid
                    New-Object psObject -Property $hash                
                }
                
                elseif ( $member.OdataType -eq '#microsoft.graph.orgContact' ) {

                    $objectid = $member.Id
                    $userinfo = Get-AzureADContact -ObjectId $objectid
                    $displayname = $userinfo.DisplayName
                    $email = $userinfo.Mail
                    $upn = 'No UPN - Contact'
                     
                    $hash.Member = $displayname
                    $hash.Email = $email
                    $hash.UserPrincipalName = $upn
                    $hash.ObjectId = $objectid
                    New-Object psObject -Property $hash
                }

                elseif ( $member.OdataType -eq '#microsoft.graph.device' ) {

                    $objectid = $member.Id
                    $userinfo = Get-AzureADDevice -ObjectId $objectid
                    $displayname = $userinfo.DisplayName
                    $email = 'No Email - Device'
                    $upn = 'No UPN - Device'
                     
                    $hash.Member = $displayname
                    $hash.Email = $email
                    $hash.UserPrincipalName = $upn
                    $hash.ObjectId = $objectid
                    New-Object psObject -Property $hash
                
                }

                else {
                    $objectid = $member.Id
                    $displayname = 'Unknown object'
                    $email = 'Unknown object'
                    $upn = 'Unknown object'
                     
                    $hash.Member = $displayname
                    $hash.Email = $email
                    $hash.UserPrincipalName = $upn
                    $hash.ObjectId = $objectid
                    New-Object psObject -Property $hash

                }
            }
        }

        else {
           $hash.Member = 'No members'
           $hash.Email = ''
           $hash.UserPrincipalName = ''
           $hash.ObjectId = ''
           New-Object psObject -Property $hash

        }
}

$result | Export-Csv -Path c:\temp\aadgroupsandmembers.csv -NoTypeInformation

Loading

8 thoughts on “Azure AD – export groups and members #2 – advanced version!”

  3. Mark Beshay

    Thank you, Simon; this is precisely what we need, if possible, how to add both company and title attributes. Also, I receive this warning when running the script “WARNING: This cmdlet is using a preview API version and is subject to breaking change in a future release.”

    Reply
    1. simon.burbery

      Oops not sure how I missed your comment! Thanks Mark – hopefully you worked it out to grab those additional attributes under the “Get-AzADUser” command. Cheers, Simon

      Reply
      1. Achu

        When I run this script it’s showing warning API persists is that mean is this exporting to the CSV or stopped working?

        Reply
        1. simon.burbery

          Hi Achu, I understand the AzureAD module will be deprecated at some stage but should be working fine for the foreseeable future… did the data get exported correctly?
          I have run the script just now and do not receive this warning. Can you let me know the point at which this appears, and the full warning message?

          Thanks,
          Simon

          Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top