Get a list of all user from Azure Ad connected device with user type information

Hriday Saha 46 Reputation points
2023-05-14T03:39:36.43+00:00

i have a few m365 users remaining with administrator privileges rather than standard users in Azure ad joined devices. so is there any way to get the list of total users with administrator/standard privileges?

OR

Can I change all user types from administrator to standard?

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,451 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,768 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Konstantinos Passadis 17,301 Reputation points MVP
    2023-05-14T09:00:24.1866667+00:00

    Hello @Hriday Saha !

    I understand you want to export your Admins OR change them to regular users

    It is possible and i have verified it with Powershell

    Remember this script will probably not run on PS7 so use Powershell 5 in Admin Mode

    Install-Module AzureAD

    Install-Module MSOnline

    Connect-AzureAD

    # Get all directory roles
    $roles = Get-AzureADDirectoryRole
    
    # Get all users
    $users = Get-AzureADUser
    
    # Iterate over each user
    foreach ($user in $users) {
      # Get user membership
      $memberships = Get-AzureADUserMembership -ObjectId $user.ObjectId
    
      # Create a custom object to store user info and role
      $userRole = New-Object -TypeName PSObject -Property @{
          UserPrincipalName = $user.UserPrincipalName
          DisplayName = $user.DisplayName
          Role = @()
      }
    
      # Check if user has a role
      foreach ($membership in $memberships) {
          $role = $roles | Where-Object {$_.ObjectId -eq $membership.ObjectId}
          if ($role) {
              $userRole.Role += $role.DisplayName
          }
      }
    
      $userRole
    }
    
    

    You can add this at the end to display only those who have roles

    if ($userRole.Role) {
        $userRole
    }
    

    If you want to change i suggest do not do it from Powershell . Use the list and make adjustments

    Also remember Save the Script as myscript.ps1 and run it as c:\works> .\myscript.ps1 | FL

    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!

    Regards


  2. Konstantinos Passadis 17,301 Reputation points MVP
    2023-05-21T13:14:34.2633333+00:00

    Hello @Hriday Saha !

    Do you thin that this tool can help you ?

    https://activedirectorypro.com/find-local-administrators-on-all-computers/

    I just found it and immediately i though of your issue

    Please verify !

    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!

    Regards

    0 comments No comments