Forum Discussion
William Tait
May 12, 2017Brass Contributor
Azure AD Dynamic Groups - Display Membership and count members
Created Azure AD Dynamic Groups. These Groups have thousands of members. The Azure Portal GUI will show the group as having "1000+ Members". Drilling into this Dynamic group will display the following message: "Group members cannot be shown for this group. This group has more than 1000 members".
So if I attempt to get the membership from this group using the following Powershell:
get-azureadgroup -SearchString "GroupName" | Get-AzureADGroupMember
The results show 100 members.
Getting a count also shows 100 members.
(get-azureadgroup -SearchString "GroupName" | Get-AzureADGroupMember).COUNT
Appears to be a limit on the results returned. How can I display all the members in a Dynamic Group and get a proper count?
Try the -All parameter?
- JimBritt-MSFT
Microsoft
You could also leverage the following with the new Az module to simply get the count similar to some of the other versions recommended here in this post.
(Get-AzADGroup -DisplayName "<DisplayNameofGroup>" | Get-AzADGroupMember).count - Ananda Prasad BandaruBrass Contributor
I would just browse to the AAD group in Azure portal and get the Object ID from the Overview blade.
Then run the below:
(Get-AzureADGroupMember -All $true -ObjectId "GUID OF AAD GROUP" | select mail).Count
Try the -All parameter?
- Himanshu SinghIron Contributor
What about the -All parameter in case of Office 365 groups
LDAP display name Available on cmdlets Value Comments n/a Get-UnifiedGroup Integer For example, Get-UnifiedGroup -Filter "GroupExternalMemberCount -gt 0". Filterable properties for the Filter parameter
https://docs.microsoft.com/en-us/powershell/exchange/exchange-server/recipient-filters/filter-properties?view=exchange-ps-All parameter - when used the command does not generate any output,
but it works without but then not sure if it was able to check/traverse/enumerate all groups or not ,
As in just the first 100 or something when -All or unlimited is not specified
BR,
/HS
- paulsugarclCopper Contributor
Himanshu Singh hi!!!
less complex (Get-AzureADGroupMember -all 1 -ObjectId "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx").count
- William TaitBrass ContributorYes, that works. Documentation doesn't explain why without -ALL the limit is 100.
Awkward syntax but it works:
(Get-AzureADGroup -ALL 1 -Filter "DisplayName eq 'GroupName'" | Get-AzureADGroupMember -ALL 1).COUNT
Thanks.It's a boolean parameter, 1 equals $true :) And don't get me started on the stupid syntax used by the AzureAD module, gotta love programmers...