Forum Discussion

filzah's avatar
filzah
Copper Contributor
Aug 20, 2021

Export members for a list of security groups from AAD

Hi. I need to download the members of 1000 security groups in AAD. Can I export members (name, email, upn) for a specific list of security groups with name begins with 'FP3' or from a csv file? Tried using the PS command from this post but the script seems incorrect as line 3 is asking to key just one security group. Tried using wildcard, FP3* but doesn't seem to work too. Thanks in advanced. 

  • aliat_IMANAMI's avatar
    aliat_IMANAMI
    Brass Contributor

    This is the same script that you highlighted and has been adjusted a little bit. 

     

    When prompted, simply provide the name with which your group starts. e.g. FP3. 

    The normal limit on returned results is 100 objects, which has been increased to max or "All $True" in this case. 

     

     Connect-AzureAD  $PathCsv = "C:\GroupMembers.csv"  $GroupName = Read-Host -Prompt "Enter group name to search"  $groups = Get-AzureADGroup -SearchString $GroupName -all $true  $groupCount = $groups | measure  $count = $groupCount.Count         $groupMembers = foreach($group in $groups){​​​​​​​      $GroupId = $group.ObjectId      $GroupName = $group.DisplayName      Write-Progress -Activity "No of Groups found: $count`                                Fetching members for GroupName: $GroupName"      Start-Sleep -Milliseconds 200      Get-AzureADGroupMember -ObjectId $GroupId -All $true | Select-Object -Property @{​​​​​​​Name = 'GroupName'; Expression= {​​​​​​​$GroupName}​​​​​​​}​​​​​​​, DisplayName, UserPrincipalName  }​​​​​​​       $groupMembers | Export-Csv -Path $PathCsv -NoTypeInformation -Force

     

     

    Original script:

     

    https://docs.microsoft.com/en-us/answers/questions/139633/powershell-script-to-export-all-azure-ad-groups-st-1.html

    • filzah's avatar
      filzah
      Copper Contributor
      Hi. I keyed FP3 but results were inaccurate as it is showing other groups that doesn't begin with FP3 too.
      • aliat_IMANAMI's avatar
        aliat_IMANAMI
        Brass Contributor

        filzah 

        Here is an updated Powershell script, It will now only look for the Groups starting with input value.
        In this case just key in FP3 and it will only bring groups that begin with FP3.
         
        Connect-AzureAD
        $PathCsv = "C:\temp\GroupMembers.csv"
        $GroupName = Read-Host -Prompt "Enter group Displayname to search"
        $groups = Get-AzureADGroup -All $true | Where-object {$_.DisplayName -like "$GroupName*"}
        $groupCount = $groups | measure
        $count = $groupCount.Count
        $groupMembers = foreach($group in $groups){
        $GroupId = $group.ObjectId
        $GroupName = $group.DisplayName
        Write-Progress -Activity "No of Groups found: $count`
        Fetching members for GroupName: $GroupName"
        Start-Sleep -Milliseconds 200
        Get-AzureADGroupMember -ObjectId $GroupId -All $true | Select-Object -Property @{Name = 'GroupName'; Expression= {$GroupName}}, DisplayName, UserPrincipalName
        }

        $groupMembers | Export-Csv -Path $PathCsv -NoTypeInformation
  • Schnittlauch's avatar
    Schnittlauch
    Steel Contributor
    Wait a second, didn't get it. Do the groups have the name FP3 or the users? πŸ˜„
  • Schnittlauch's avatar
    Schnittlauch
    Steel Contributor

    Hi filzah 

     

    I can offer you this script:

     

    $Groups = Get-AzureADGroup -SearchString FP3
    foreach ($group in $groups) {
    Get-AzureADGroupMember -ObjectId $group.ObjectId | fl DisplayName,UserPrincipalName
    }

     

    You can simply change the Searchstring. I used your "FP3"

     

    Don't forget to export it into your format (CSV or whatever) 

     

    Please give me a little feedback, if I met your requirements :'D

     

    Best regards,
    Schnittlauch

    "First, No system is safe. Second, Aim for the impossible. Third, no Backup, no Mercy" - Schnittlauch

    My answer helped you? Don't forget to leave a like. Also mark the answer as solved when your problem is solved. πŸ™‚

    • filzah's avatar
      filzah
      Copper Contributor

      Hi Schnittlauch Thanks so much for replying. Almost there! I used the code below but somehow the results are incomplete. Would you know why and how I can rectify this?

      Connect-AzureAD
      $groups=Get-AzureADGroup -SearchString FP3_Share_IS_
      $resultsarray =@()
      ForEach ($group in $groups){
          $members = Get-AzureADGroupMember -ObjectId $group.ObjectId -All $true 
          ForEach ($member in $members){
             $UserObject = new-object PSObject
             $UserObject | add-member  -membertype NoteProperty -name "Group Name" -Value $group.DisplayName
             $UserObject | add-member  -membertype NoteProperty -name "Member Name" -Value $member.DisplayName
             $UserObject | add-member  -membertype NoteProperty -name "ObjType" -Value $member.ObjectType
             $UserObject | add-member  -membertype NoteProperty -name "UserType" -Value $member.UserType
             $UserObject | add-member  -membertype NoteProperty -name "UserPrinicpalName" -Value $member.UserPrincipalName
             $resultsarray += $UserObject
          }
      }
      $resultsarray | Export-Csv -Encoding UTF8  -Delimiter ";" -Path "C:\scripts\output.csv" -NoTypeInformation

       

Resources