Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Azure AD Dynamic Groups - Display Membership and count members

Brass Contributor

Created Azure AD Dynamic Groups. These Groups have thousands of members. The Azure Portal GUI will show the group as having "1000+ Members". Drilling into this Dynamic group will display the following message: "Group members cannot be shown for this group. This group has more than 1000 members". 

 

So if I attempt to get the membership from this group using the following Powershell:

get-azureadgroup -SearchString "GroupName" | Get-AzureADGroupMember

 

The results show 100 members.

 

Getting a count also shows 100 members. 

(get-azureadgroup -SearchString "GroupName" | Get-AzureADGroupMember).COUNT

 

Appears to be a limit on the results returned. How can I display all the members in a Dynamic Group and get a proper count? 

 

7 Replies
best response confirmed by William Tait (Brass Contributor)
Solution

Try the -All parameter?

Yes, that works. Documentation doesn't explain why without -ALL the limit is 100.

Awkward syntax but it works:
(Get-AzureADGroup -ALL 1 -Filter "DisplayName eq 'GroupName'" | Get-AzureADGroupMember -ALL 1).COUNT

Thanks.

It's a boolean parameter, 1 equals $true :) And don't get me started on the stupid syntax used by the AzureAD module, gotta love programmers...

@William Tait 

I would just browse to the AAD group in Azure portal and get the Object ID from the Overview blade.

Then run the below:

(Get-AzureADGroupMember -All $true -ObjectId "GUID OF AAD GROUP" | select mail).Count

You could also leverage the following with the new Az module to simply get the count similar to some of the other versions recommended here in this post.

(Get-AzADGroup -DisplayName "<DisplayNameofGroup>" | Get-AzADGroupMember).count

@Vasil Michev 

What about the -All parameter in case of Office 365 groups

LDAP display nameAvailable on cmdletsValueComments
n/aGet-UnifiedGroupIntegerFor example, Get-UnifiedGroup -Filter "GroupExternalMemberCount -gt 0".

 

Filterable properties for the Filter parameter
https://docs.microsoft.com/en-us/powershell/exchange/exchange-server/recipient-filters/filter-proper...

 

-All parameter - when used the command does not generate any output,

but it works without but then not sure if it was able to check/traverse/enumerate all groups or not ,

As in just the first 100 or something when -All or unlimited is not specified

 

BR,

/HS

 

 

@Himanshu Singh hi!!!

 

less complex (Get-AzureADGroupMember -all 1 -ObjectId "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx").count

 

 

1 best response

Accepted Solutions
best response confirmed by William Tait (Brass Contributor)