cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Powershell to compare groups and add users based on comparison

kleblanc4951
Copper Contributor

‎Sep 14 2022 05:57 AM

‎Sep 14 2022 05:57 AM

Powershell to compare groups and add users based on comparison

I am not a script writer and I'm looking for a way to take a security group that was created in Azure AD and update a distribution group with any additions/deletions made to that group.  The situation is this, the user that created the group wants that group to also be able to get email, but does not want to update two lists.  The way the security group has been created there is no way we can convert it to a mail-enabled security group and we cannot make a dynamic distribution group for this purpose since the attributes that can be used for that are not available in the security group.  I've spoken to Microsoft concerning this and they also say that there's no way to achieve my goal based on the current group we have.  My thought is that if I can create a script that will compare the two groups and update the distribution group based on the security group users, this could be a script that we run regularly to update that list without manually adding them to both lists.  

 

To get the members for the security group I used this command:

 Get-AzureADGroupMember -ObjectId "73a2e3e3-21f2-4856-8651-4a03a980014f" -All $true | select DisplayName, UserPrincipalName

 

To get the members of the distribution group I used this command:

Get-DistributionGroupMember -Identity "iPhone Notifications" | select Identity, PrimarySMTPAddress

 

What I need now is for the UserPrincipalName from the first command and the PrimarySMTPAddress from the second command to be compared.  Then any address that is listed in the AzureAD group and not in the distribution group needs to be added to the distribution group and any address that is in the distribution group and not in the AzureAD group to be removed from the distribution group.

 

I would appreciate any assistance anyone can provide.  Thank you.

3,659 Views
0 Likes
2 Replies
Reply
2 Replies
AndySvints

‎Nov 17 2022 12:08 PM

‎Nov 17 2022 12:08 PM

Re: Powershell to compare groups and add users based on comparison

Hello @kleblanc4951,

You can use Compare-Object and then based on the SideIndicator remove or add members to Distribution list. 

Quick and dirty way would be something like this:

$AzADGroup=Get-AzureADGroupMember -ObjectId "73a2e3e3-21f2-4856-8651-4a03a980014f" -All $true | select DisplayName, UserPrincipalName
$DL=Get-DistributionGroupMember -Identity "iPhone Notifications" | select Identity, PrimarySMTPAddress

$Comparison=Compare-Object -ReferenceObject $AzADGroup.UserPrincipalName -DifferenceObject $DL.PrimarySMTPAddress

foreach ($i in $Comparison){
	if($i.SideIndicator -eq "=>"){
		#Listed in DL but not in AzureADGroup
		#Remove from DL membership
		Write-output "Remove $($i.InputObject) from DL"
	}elseif($i.SideIndicator -eq "<="){
		#Listed in AzureAd but not in DL
		#Add to DL Membersip
		Write-output "Add $($i.InputObject) to DL"
	}
}

 

Hope that helps.

0 Likes
Reply
kleblanc4951

‎Nov 22 2022 11:13 AM - edited ‎Nov 22 2022 11:14 AM

‎Nov 22 2022 11:13 AM - edited ‎Nov 22 2022 11:14 AM

Re: Powershell to compare groups and add users based on comparison

@AndySvints 

Thanks so much for the information!  I will play around with that for a bit and see what I can do.  For the moment I'm exporting the list of members from the security group then using Update-DistributionGroupMember to update the distribution group by importing the list.  

1 Like
Reply