Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Export members for a list of security groups from AAD

Copper Contributor

Hi. I need to download the members of 1000 security groups in AAD. Can I export members (name, email, upn) for a specific list of security groups with name begins with 'FP3' or from a csv file? Tried using the PS command from this post but the script seems incorrect as line 3 is asking to key just one security group. Tried using wildcard, FP3* but doesn't seem to work too. Thanks in advanced. 

8 Replies

Hi @filzah 

 

I can offer you this script:

 

$Groups = Get-AzureADGroup -SearchString FP3
foreach ($group in $groups) {
Get-AzureADGroupMember -ObjectId $group.ObjectId | fl DisplayName,UserPrincipalName
}

 

You can simply change the Searchstring. I used your "FP3"

 

Don't forget to export it into your format (CSV or whatever) 

 

Please give me a little feedback, if I met your requirements :'D

 

Best regards,
Schnittlauch

"First, No system is safe. Second, Aim for the impossible. Third, no Backup, no Mercy" - Schnittlauch

My answer helped you? Don't forget to leave a like. Also mark the answer as solved when your problem is solved. :)

Wait a second, didn't get it. Do the groups have the name FP3 or the users? :D

This is the same script that you highlighted and has been adjusted a little bit. 

 

When prompted, simply provide the name with which your group starts. e.g. FP3. 

The normal limit on returned results is 100 objects, which has been increased to max or "All $True" in this case. 

 

 Connect-AzureAD  $PathCsv = "C:\GroupMembers.csv"  $GroupName = Read-Host -Prompt "Enter group name to search"  $groups = Get-AzureADGroup -SearchString $GroupName -all $true  $groupCount = $groups | measure  $count = $groupCount.Count         $groupMembers = foreach($group in $groups){​​​​​​​      $GroupId = $group.ObjectId      $GroupName = $group.DisplayName      Write-Progress -Activity "No of Groups found: $count`                                Fetching members for GroupName: $GroupName"      Start-Sleep -Milliseconds 200      Get-AzureADGroupMember -ObjectId $GroupId -All $true | Select-Object -Property @{​​​​​​​Name = 'GroupName'; Expression= {​​​​​​​$GroupName}​​​​​​​}​​​​​​​, DisplayName, UserPrincipalName  }​​​​​​​       $groupMembers | Export-Csv -Path $PathCsv -NoTypeInformation -Force

 

 

Original script:

 

https://docs.microsoft.com/en-us/answers/questions/139633/powershell-script-to-export-all-azure-ad-g...

Hi @Schnittlauch Thanks so much for replying. Almost there! I used the code below but somehow the results are incomplete. Would you know why and how I can rectify this?

Connect-AzureAD
$groups=Get-AzureADGroup -SearchString FP3_Share_IS_
$resultsarray =@()
ForEach ($group in $groups){
    $members = Get-AzureADGroupMember -ObjectId $group.ObjectId -All $true 
    ForEach ($member in $members){
       $UserObject = new-object PSObject
       $UserObject | add-member  -membertype NoteProperty -name "Group Name" -Value $group.DisplayName
       $UserObject | add-member  -membertype NoteProperty -name "Member Name" -Value $member.DisplayName
       $UserObject | add-member  -membertype NoteProperty -name "ObjType" -Value $member.ObjectType
       $UserObject | add-member  -membertype NoteProperty -name "UserType" -Value $member.UserType
       $UserObject | add-member  -membertype NoteProperty -name "UserPrinicpalName" -Value $member.UserPrincipalName
       $resultsarray += $UserObject
    }
}
$resultsarray | Export-Csv -Encoding UTF8  -Delimiter ";" -Path "C:\scripts\output.csv" -NoTypeInformation

 

Hi. I keyed FP3 but results were inaccurate as it is showing other groups that doesn't begin with FP3 too.

@filzah 

Here is an updated Powershell script, It will now only look for the Groups starting with input value.
In this case just key in FP3 and it will only bring groups that begin with FP3.
 
Connect-AzureAD
$PathCsv = "C:\temp\GroupMembers.csv"
$GroupName = Read-Host -Prompt "Enter group Displayname to search"
$groups = Get-AzureADGroup -All $true | Where-object {$_.DisplayName -like "$GroupName*"}
$groupCount = $groups | measure
$count = $groupCount.Count
$groupMembers = foreach($group in $groups){
$GroupId = $group.ObjectId
$GroupName = $group.DisplayName
Write-Progress -Activity "No of Groups found: $count`
Fetching members for GroupName: $GroupName"
Start-Sleep -Milliseconds 200
Get-AzureADGroupMember -ObjectId $GroupId -All $true | Select-Object -Property @{Name = 'GroupName'; Expression= {$GroupName}}, DisplayName, UserPrincipalName
}

$groupMembers | Export-Csv -Path $PathCsv -NoTypeInformation