Finding empty azure AD groups of all types.

Copper Contributor

Trying to find any Azure AD Groups we have with 0 total members. 

Get-MsolGroup | ? {(Get-MsolGroupMember -GroupObjectId $_.ObjectId).count -eq 0 }

This is what i have as reference to go off but i belive im looking at the wrong field as its showing groups with devices / inherited members so its looking at an objectid field which again seems as if its bringing back the wrong data.

Trying to find the groups with 0 in either of the red highlighted sections.


i also had a play around with get-azureadgroup function but it was only finding about half of the groups we currently have.

Any help would be appreciated.





2 Replies
best response confirmed by vvtaz (Copper Contributor)
The good old MSOnline cmdlets do not return device objects as members of groups. I wouldn't recommend using the Azure AD module either, as it's going to be deprecated soon. Use the Graph SDK for PowerShell instead, the cmdlet is Get-MgGroupMember.
If you want some ready-to-use script samples, I published these the other day:

@Vasil Michev 

Much appreciated for the response, i will have a look at it tomorrow.