SOLVED

How to list azure AD groups for a user using Power shell

Brass Contributor

Hi,

 

Could you please help me how to get list of azure AD groups for a user using power shell.

 

Thanks,

Brahma

9 Replies
best response confirmed by Brahmaiah (Brass Contributor)
Solution

Hi @Brahmaiah 

 

I use the below:

 

Get-AzureADUser -SearchString user@domain.com | Get-AzureADUserMembership | % {Get-AzureADObjectByObjectId -ObjectId $_.ObjectId | select DisplayName,ObjectType,MailEnabled,SecurityEnabled,ObjectId} | ft

 

Where the user@domain.com is the UPN of who you want to search. This will return all groups aside from Dynamic groups.

 

groups.png

 

Source: https://www.michev.info/Blog/Post/1655/quickly-list-all-groups-a-user-is-member-of-or-owner-of-in-of...

 

thanks @HidMov for your reply.

 

I am getting below error, can you please suggest me how to run this command on my powershell ISE.

 

Brahmaiah_0-1598024211813.png

 

I changed to az instead of azure in commands. But still few commands not working.

 

Brahmaiah_1-1598024396504.png

 

Thanks,

Brahma

@HidMov  It is working after instaling below module.

 

Install-Module AzureAD -Repository PSGallery -Force -Scope CurrentUser

 

thank you so much for your help. It is resolved my issue.

Hi @Brahmaiah 

 

Glad it's all working for you now :smile:

Hi @HidMov ,

 

I am trying to get Azure AD groups Owners list, executing below command but it not working, can you please help on this.

 

Get-AzureADUser -SearchString "xxxxxx" | Get-AzureADGroupOwner | % {Get-AzureADObjectByObjectId -ObjectId $_.ObjectId | select DisplayName,ObjectType,MailEnabled,SecurityEnabled,ObjectId} | ft

 

Thanks,

Brahma

Hi @Brahmaiah 

 

To find which groups a user is a owner for, the below works for me:

 

Get-AzureADUser -SearchString user@domain.com | Get-AzureADUserOwnedObject | ft DisplayName,Description

 

Hope this helps,

thanks you so much @HidMov , it is working as expected.

 

I have one more issue :)

 

I am fetching list of AAD groups for a Service Principal, Executing below script but it is taking too much of time due to for loop. Do we have any optimized :)

 

$ADGroups = Get-AzADGroup
foreach ($ADGroup in $ADGroups)
{
$GroupMembers = Get-AzADGroupMember -ObjectId $ADGroup.Id | where-Object {$_.Type -eq "ServicePrincipal"}

$GroupMember = $GroupMembers | where-Object {$_.DisplayName -eq "xxxxxxxxx"}
if($GroupMember)
{
$string = [pscustomobject]@{
    "ServicePrincipalName" = $GroupMember.DisplayName
    "ADGroupName" = $ADGroup.DisplayName
    }
$string

}

Hi @Brahmaiah 

 

I'm afraid this is beyond my skill - I'm ok at one-liners, but need to improve when it comes to really leveraging Powershell.

 

I'm sure someone in the Powershell community will be able to help with your query.

thanks @HidMov your help so far. I got solution :)

 

$ServicePrincipalId = Get-AzureADServicePrincipal -All $true | Where {$_.DisplayName -eq 'xxxxxxx'}

Get-AzureADServicePrincipalMembership -ObjectId $ServicePrincipalId.ObjectId
1 best response

Accepted Solutions
best response confirmed by Brahmaiah (Brass Contributor)
Solution

Hi @Brahmaiah 

 

I use the below:

 

Get-AzureADUser -SearchString user@domain.com | Get-AzureADUserMembership | % {Get-AzureADObjectByObjectId -ObjectId $_.ObjectId | select DisplayName,ObjectType,MailEnabled,SecurityEnabled,ObjectId} | ft

 

Where the user@domain.com is the UPN of who you want to search. This will return all groups aside from Dynamic groups.

 

groups.png

 

Source: https://www.michev.info/Blog/Post/1655/quickly-list-all-groups-a-user-is-member-of-or-owner-of-in-of...

 

View solution in original post