Share via

Export members

Glenn Maxwell 12,831 Reputation points
2023-06-28T03:59:37.17+00:00

Hi All

In Azure AD we have Roles and Administrators, Lets say i select User Administrator Role. i want to export the users who are in User Administrator Role to csv from powershell. If any role has a Azure AD group or Active Directory group added in it, In the output i want to get user type mailbox or group so that i can export group users seperately. I want to fetch the below information. Please guide me

DisplayName

First Name

Last Name

user principal name

employee id

Email:

On-premises user principal name

On-premises SAM account name

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,941 questions
Accepted answer
  1. Dillon Silzer 57,826 Reputation points Volunteer Moderator
    2023-06-28T04:46:06.15+00:00

    Have a look at the following script in the link:

    Export All Admin Role Memberships in Azure AD With Powershell

    https://ourcloudnetwork.com/export-all-admin-role-memberships-in-azure-ad-with-powershell/

    <#
AUTHOR: Daniel Bradley
LINKEDIN: https://www.linkedin.com/in/danielbradley2/
TWITTER: https://twitter.com/DanielatOCN
WEBSITE: https://ourcloudnetwork.com/
Info: This script was written by Daniel Bradley for the ourcloudnetwork.com blog
#>

#Connect to Microsoft Graph
Connect-MgGraph -Scopes RoleManagement.Read.Directory, User.Read.All, AuditLog.Read.All
Select-MgProfile -Name Beta

#Get all directory roles
$allroles = Get-MgDirectoryRole

#Provision in new array object
$Report = [System.Collections.Generic.List[Object]]::new()

#Start a loop to build the report
Foreach ($role in $allroles){
    $rolemembers = $null
    #Get members of each role
    $Rolemembers = Get-MgDirectoryRoleMember -DirectoryRoleId $Role.id
    #Skip role if role assignments are empty
    If ($Rolemembers -eq $null) {Write-host "No users assigned to $($Role.DisplayName)"} Else {
        Foreach ($Member in $rolemembers){
        #Filter out non-user assignments
            If ($member.AdditionalProperties.'@odata.type' -notmatch "servicePrincipal") {
                $SignInActivity = $null
                #Get signin logs for user
                $SignInActivity = Get-MgUser -UserId $member.id -Property signinactivity | Select-Object -ExpandProperty signinactivity
                #Build current array object
                $obj = [pscustomobject][ordered]@{
                    Role                     = $Role.DisplayName
                    User                     = $member.AdditionalProperties.displayName
                    Username                 = $member.AdditionalProperties.userPrincipalName
                    LastInteractiveSignIn    = $SignInActivity.LastSignInDateTime
                }
                #Add current array object to the report
                $report.Add($obj)
            }
        }
    }
}

#Export report to csv
$report | Export-CSV -path C:\temp\AdminRoleReport.csv -NoTypeInformation

    It doesn't give you all of the attributes listed, but you easily alter it and check the $member.AdditionalProperties variable for what else it contains.

    If this is helpful please accept answer.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.