Forum Discussion

William Tait's avatar
William Tait
Brass Contributor
May 12, 2017

Azure AD Dynamic Groups - Display Membership and count members

Created Azure AD Dynamic Groups. These Groups have thousands of members. The Azure Portal GUI will show the group as having "1000+ Members". Drilling into this Dynamic group will display the following message: "Group members cannot be shown for this group. This group has more than 1000 members". 

 

So if I attempt to get the membership from this group using the following Powershell:

get-azureadgroup -SearchString "GroupName" | Get-AzureADGroupMember

 

The results show 100 members.

 

Getting a count also shows 100 members. 

(get-azureadgroup -SearchString "GroupName" | Get-AzureADGroupMember).COUNT

 

Appears to be a limit on the results returned. How can I display all the members in a Dynamic Group and get a proper count? 

 

  • You could also leverage the following with the new Az module to simply get the count similar to some of the other versions recommended here in this post.

    (Get-AzADGroup -DisplayName "<DisplayNameofGroup>" | Get-AzADGroupMember).count
  • William Tait 

    I would just browse to the AAD group in Azure portal and get the Object ID from the Overview blade.

    Then run the below:

    (Get-AzureADGroupMember -All $true -ObjectId "GUID OF AAD GROUP" | select mail).Count

    • Himanshu Singh's avatar
      Himanshu Singh
      Iron Contributor

      VasilMichev 

      What about the -All parameter in case of Office 365 groups

      LDAP display nameAvailable on cmdletsValueComments
      n/aGet-UnifiedGroupIntegerFor example, Get-UnifiedGroup -Filter "GroupExternalMemberCount -gt 0".

       

      Filterable properties for the Filter parameter
      https://docs.microsoft.com/en-us/powershell/exchange/exchange-server/recipient-filters/filter-properties?view=exchange-ps

       

      -All parameter - when used the command does not generate any output,

      but it works without but then not sure if it was able to check/traverse/enumerate all groups or not ,

      As in just the first 100 or something when -All or unlimited is not specified

       

      BR,

      /HS

       

       

      • paulsugarcl's avatar
        paulsugarcl
        Copper Contributor

        Himanshu Singh hi!!!

         

        less complex (Get-AzureADGroupMember -all 1 -ObjectId "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx").count

         

         

    • William Tait's avatar
      William Tait
      Brass Contributor
      Yes, that works. Documentation doesn't explain why without -ALL the limit is 100.

      Awkward syntax but it works:
      (Get-AzureADGroup -ALL 1 -Filter "DisplayName eq 'GroupName'" | Get-AzureADGroupMember -ALL 1).COUNT

      Thanks.
      • VasilMichev's avatar
        VasilMichev
        MVP

        It's a boolean parameter, 1 equals $true :) And don't get me started on the stupid syntax used by the AzureAD module, gotta love programmers...

Resources