Aug 21 2020 04:01 AM
Hi,
Could you please help me how to get list of azure AD groups for a user using power shell.
Thanks,
Brahma
Aug 21 2020 05:57 AM
SolutionHi @Brahmaiah
I use the below:
Get-AzureADUser -SearchString user@domain.com | Get-AzureADUserMembership | % {Get-AzureADObjectByObjectId -ObjectId $_.ObjectId | select DisplayName,ObjectType,MailEnabled,SecurityEnabled,ObjectId} | ft
Where the user@domain.com is the UPN of who you want to search. This will return all groups aside from Dynamic groups.
Aug 21 2020 08:41 AM
thanks @HidMov for your reply.
I am getting below error, can you please suggest me how to run this command on my powershell ISE.
I changed to az instead of azure in commands. But still few commands not working.
Thanks,
Brahma
Aug 21 2020 08:59 AM
@HidMov It is working after instaling below module.
Install-Module AzureAD -Repository PSGallery -Force -Scope CurrentUser
thank you so much for your help. It is resolved my issue.
Aug 21 2020 10:02 AM
Aug 25 2020 04:12 AM
Hi @HidMov ,
I am trying to get Azure AD groups Owners list, executing below command but it not working, can you please help on this.
Get-AzureADUser -SearchString "xxxxxx" | Get-AzureADGroupOwner | % {Get-AzureADObjectByObjectId -ObjectId $_.ObjectId | select DisplayName,ObjectType,MailEnabled,SecurityEnabled,ObjectId} | ft
Thanks,
Brahma
Aug 25 2020 05:12 AM
Hi @Brahmaiah
To find which groups a user is a owner for, the below works for me:
Get-AzureADUser -SearchString user@domain.com | Get-AzureADUserOwnedObject | ft DisplayName,Description
Hope this helps,
Aug 26 2020 05:41 AM
thanks you so much @HidMov , it is working as expected.
I have one more issue :)
I am fetching list of AAD groups for a Service Principal, Executing below script but it is taking too much of time due to for loop. Do we have any optimized :)
$ADGroups = Get-AzADGroup
foreach ($ADGroup in $ADGroups)
{
$GroupMembers = Get-AzADGroupMember -ObjectId $ADGroup.Id | where-Object {$_.Type -eq "ServicePrincipal"}
$GroupMember = $GroupMembers | where-Object {$_.DisplayName -eq "xxxxxxxxx"}
if($GroupMember)
{
$string = [pscustomobject]@{
"ServicePrincipalName" = $GroupMember.DisplayName
"ADGroupName" = $ADGroup.DisplayName
}
$string
}
Aug 27 2020 01:33 AM
Hi @Brahmaiah
I'm afraid this is beyond my skill - I'm ok at one-liners, but need to improve when it comes to really leveraging Powershell.
I'm sure someone in the Powershell community will be able to help with your query.
Aug 27 2020 02:03 AM
thanks @HidMov your help so far. I got solution :)
$ServicePrincipalId = Get-AzureADServicePrincipal -All $true | Where {$_.DisplayName -eq 'xxxxxxx'}
Get-AzureADServicePrincipalMembership -ObjectId $ServicePrincipalId.ObjectId
Aug 21 2020 05:57 AM
SolutionHi @Brahmaiah
I use the below:
Get-AzureADUser -SearchString user@domain.com | Get-AzureADUserMembership | % {Get-AzureADObjectByObjectId -ObjectId $_.ObjectId | select DisplayName,ObjectType,MailEnabled,SecurityEnabled,ObjectId} | ft
Where the user@domain.com is the UPN of who you want to search. This will return all groups aside from Dynamic groups.