CODEWITHSUNDEEP
powershellazure-active-directoryazure-ad-powershell-v2
zibs
zibs

Reputation: 1

Export all Azure AD groups, including nested groups, their members and owners (PowerShell)

What would be a PowerShell script to export all Azure AD groups, their members and owners into one CSV file?

I also need an expanded nested groups.

Upvotes: 0

Views: 2973

Answers (2)

ChatGPT_Replaced_Me
ChatGPT_Replaced_Me

Reputation: 1

Sorry couldn't comment as I don't have enough rep, I created an account to thank you Peter.

This worked a treat. I had tried multiple other articles but this one works. All I did was to target groups with a specific naming scheme was change this line and remove $true as that said 'a positional parameter cannot be found that accepts the argument True'

$groups = Get-AzureADGroup -SearchString "File Share"

That then searches for any group starting with 'File Share'

Upvotes: 0

alphaz18
alphaz18

Reputation: 2766

Here is something I came up with. It should work as long as you have the AzureAD PowerShell module.

function get-recursivegroupmembers {
    param($grouplistname, $currgroup, $groupmemtype)
    $members = if ($groupmemtype -eq "owner") {get-azureadgroupowner -ObjectId $currgroup.ObjectId -All $true} else {get-azureadgroupmember -ObjectId $currgroup.ObjectId -All $true}
    $grouptype = "Distribution Group"
    if ($currgroup.SecurityEnabled -eq $true)
    {
        $grouptype = "Security Group"
    }

    foreach ($member in $members)
    {
        if($member.ObjectType -eq "Group" )
        {
            get-recursivegroupmembers "$grouplistname->$($member.DisplayName)" $member $groupmemtype
        }
        else
        {
            Add-Content -Path $filename -Value "$grouplistname,$grouptype,$groupmemtype,$($member.ObjectId),$($member.ObjectType) $($member.UserType),$($member.UserPrincipalName)"
        }
    }
}

Connect-AzureAD
$filename = ".\groupusers-$(get-date -f 'ddMMyyyy-HHmmss').csv"
$groups = Get-AzureADGroup -All $true
Add-Content -Path $filename -Value "Group(s),Group Type,Member Type,User ObjectId,AAD Object Type,UPN"

ForEach ($group in $groups)
{
    get-recursivegroupmembers $group.DisplayName $group "owner"
    get-recursivegroupmembers $group.DisplayName $group "member"
}

This will give you a file in the current folder where the script is. Called groupusers, the first field will contain the group and if it's a nested group member it would show like group->nestedgroup, owner or member, etc.

Upvotes: 4

Related Questions