Reputation: 765
Powershell : Get-AzureADGroupMember get all memebers of nested groups
I have an azure AD group that is composed of 3 other groups.
Previewing the group in Azure I can see two tabs, "direct" and "all members". Direct shows the three groups, and "all memebers" lists the groups and all the members of those groups.
I'm trying to get a list of all the members in this composed group, but when I use
Get-AzureADGroupMember it only gives me the "direct" version.
What method can I call instead?
Upvotes: 0
Views: 4776
Answers (2)
Reputation: 11
Agneum,
I made some changes on your function for it to returns devices and users. In addition, it removes repeated itens and accepts pipelined ObjectId.
function Get-AadGroupMembers{
[CmdletBinding()]
param (
[Parameter(Mandatory,
ValueFromPipelineByPropertyName)]
[string]$ObjectID
)
# inicialização de variáveis
$output=@()
#verifica se o parâmetro informado é um objeto do tipo grupo do AAD
try {
$object = Get-AzureADObjectByObjectId -ObjectId $objectid
}
catch {
Write-Error "Objeto não pode ser avaliado. Verifique se é você está conectado ao Azure AD usando o comando Connect-AzureAD
e se o parâmetro passado é um objeto do Azure AD"
return
}
if ($object.ObjectType -ne "Group")
{
Write-Error "Objeto não é do tipo Grupo"
}
# obter todos os membros do grupo (usuários e subgrupos)
$members = Get-AzureADGroupMember -ObjectId $ObjectID -all $true
# laço lê todos os membros. Se não forem grupos, adiciona à variável output. Se for grupo, executa a própria função no grupo
foreach ($member in $members)
{
if ($member.ObjectType -ne 'Group')
{
$output += $member
}
else
{
$output += get-AadGroupMembers $member.ObjectId
}
}
# exclui linhas repetidas do resultado final
$output | Select-Object -Unique
}
Upvotes: 1
Reputation: 765
For the time being I've made my own function to tackle this problem, it takes an objectId as a paramter (must be a group) and then loops through the list recursively.
Function Get-AzureADGroupMembers($groupId) {
$output = @()
$group = (Get-AzureADGroupMember -ObjectId $groupId -All $True| Select ObjectId).ObjectId
foreach($objectid in $group)
{
$aad_object = Get-AzureADObjectByObjectId -ObjectId $objectid
#Add to output if object is a user
if ($aad_object.ObjectType -eq 'User')
{
$output += New-Object PSObject -property @{
ObjectId = $aad_object.ObjectId
}
}
#Recursive call if the object is a group
if ($aad_object.ObjectType -eq 'Group')
{
$output += Get-AzureADGroupMembers -groupId $aad_object.ObjectId
}
}
return $output
}
Upvotes: 0
Related Questions
- Export all Azure AD groups, including nested groups, their members and owners (PowerShell)
- View groups for every user in Azure AD with powershell
- How to find which of nested ad groups user belongs to
- Get-AzureADGroup for groups starting with XX and YY
- Fetch Azure role assignments to AAD groups
- List members from nested Azure AD group
- Powershell: Get-AzureADGroupMember doesnt give me the whole list
- List all groups of a user in Azure Active directory using the Azure API call
- Getting nested members of AD security group
- Find out nested group name using Get-AdGroupMember recursive