Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Finding empty azure AD groups of all types.

Copper Contributor

Trying to find any Azure AD Groups we have with 0 total members. 

Get-MsolGroup | ? {(Get-MsolGroupMember -GroupObjectId $_.ObjectId).count -eq 0 }

This is what i have as reference to go off but i belive im looking at the wrong field as its showing groups with devices / inherited members so its looking at an objectid field which again seems as if its bringing back the wrong data.

Trying to find the groups with 0 in either of the red highlighted sections.

vvtaz_0-1675432117471.png


i also had a play around with get-azureadgroup function but it was only finding about half of the groups we currently have.

Any help would be appreciated.

 

Thanks

 

Kyle

2 Replies
best response confirmed by vvtaz (Copper Contributor)
Solution
The good old MSOnline cmdlets do not return device objects as members of groups. I wouldn't recommend using the Azure AD module either, as it's going to be deprecated soon. Use the Graph SDK for PowerShell instead, the cmdlet is Get-MgGroupMember.
If you want some ready-to-use script samples, I published these the other day: https://www.michev.info/Blog/Post/4357/report-on-azure-ad-group-members-via-the-graph-api

@Vasil Michev 

Much appreciated for the response, i will have a look at it tomorrow.

 

Thanks

1 best response

Accepted Solutions
best response confirmed by vvtaz (Copper Contributor)
Solution
The good old MSOnline cmdlets do not return device objects as members of groups. I wouldn't recommend using the Azure AD module either, as it's going to be deprecated soon. Use the Graph SDK for PowerShell instead, the cmdlet is Get-MgGroupMember.
If you want some ready-to-use script samples, I published these the other day: https://www.michev.info/Blog/Post/4357/report-on-azure-ad-group-members-via-the-graph-api

View solution in original post