Share via

PowerShell Script to Export Azure AD Groups in a Security Matrix - Help Needed

Shane Fallon 5 Reputation points
2023-06-12T15:44:32.69+00:00

Hey guys,
I'm working on a PowerShell Script to Export AzureAD Groups into a Security Matrix. I was able to get one working for Local AD just fine and hoped to tweak it to work for Azure AD.
I've gotten part way there but are having some issues where instead of having the Group Names to come after the User Display Name and Email.

"class Group {
  DeletionTimestamp: 
  ObjectId: 00c4757a-67c0-47e7-bc92-36s2f231
  ObjectType: Group
  Description: We Will chat here and keep our challenge tracker here.  This may move to share point but it will be here for now.
  DirSyncEnabled: 
  DisplayName: Sales Meetings teams
  LastDirSyncTime: 
  Mail: ******@Thisemail.com
  MailEnabled: True
  MailNickName: SalesMeetingsteams
  OnPremisesSecurityIdentifier: 
  ProvisioningErrors: System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.ProvisioningError]
  ProxyAddresses: System.Collections.Generic.List`1[System.String]
  SecurityEnabled: False
}
"

This is the script 

$M365Users = Get-AzureADUser
$M365GroupNames = Get-AzureADGroup

$Report = foreach ($M365User in $M365Users) {
    $M365Groups = Get-AzureADUserMembership -ObjectId $M365User.ObjectId
        $ReportProp = [Ordered] @{
        'Name'     = $M365User.DisplayName
        'Email' = $M365User.UserPrincipalName
    }   

    foreach ($M365Group in $M365GroupNames) {
        $Present = $M365Groups | Where-Object {$_.DisplayName -eq $M365Group}

        if ($Present) {
            $ReportProp[$M365Group] = 'X'
        } else {
            $ReportProp[$M365Group] = ''
        }
    }

    [PSCustomObject] $ReportProp
}
$Report | Export-Csv -Path 'C:\temp\M365MembershipMatrix.csv' -NoTypeInformation
Windows for business Windows Server User experience PowerShell
Microsoft Security Microsoft Entra Microsoft Entra ID

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 44,746 Reputation points
    2023-06-13T10:21:07.87+00:00 
    Hello there,

This PowerShell script should return you what you are looking for in CSV format.

Connect-AzureAD
$groups=Get-AzureADGroup -All $true
$resultsarray =@()
ForEach ($group in $groups){
    $members = Get-AzureADGroupMember -ObjectId $group.ObjectId -All $true 
    ForEach ($member in $members){
       $UserObject = new-object PSObject
       $UserObject | add-member  -membertype NoteProperty -name "Group Name" -Value $group.DisplayName
       $UserObject | add-member  -membertype NoteProperty -name "Member Name" -Value $member.DisplayName
       $UserObject | add-member  -membertype NoteProperty -name "ObjType" -Value $member.ObjectType
       $UserObject | add-member  -membertype NoteProperty -name "UserType" -Value $member.UserType
       $UserObject | add-member  -membertype NoteProperty -name "UserPrinicpalName" -Value $member.UserPrincipalName
       $resultsarray += $UserObject
    }
}
$resultsarray | Export-Csv -Encoding UTF8  -Delimiter ";" -Path "C:\scripts\output.csv"

Hope this resolves your Query !!

--If the reply is helpful, please Upvote and Accept it as an answer--
    0 comments
  2. Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
    2023-06-13T15:02:27.39+00:00

    Hi @Shane Fallon ,

    Thanks for reaching out.

    I understand you are looking for security Group matrix to get each group details of all users.

    You can refer https://pshirwin.wordpress.com/2016/10/12/ad-security-group-matrix/ which uses hash table to store all the data.

    Hope this will help.

    Thanks,

    Shweta

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.