Preface: I am no powershell expert but can usually figure out enough to get things done, so please be patient with me if it appears I have misunderstood something and may need it explained to me properly.
Task: I need to get a list of all empty groups in Azure AD/Entra ID (groups with 0 members).
My first thought was to go into Entra ID > Groups > Add Column "Member count" (or something similar) > sort by ascending order > I have my list of empty groups/groups with 0 members.
Unfortunately this isn't possible - thanks Microsoft!
Next step was to attempt to use powershell, which I am forced to use the Azure Cloud Shell - Powershell CLI via a VM browser window. I have since done a bunch of internet searches in an attempt to find an appropriate script or command string that I can use to get the information I want, unfortunately this has proven to be quite difficult as I am unable to find anything remotely helpful as most threads/articles are describing how to get a member count for a specific group, not to just simply list all groups and their count of members (or search gives results for azure resource groups instead of AD groups).
I have gone through and attempted to piece a few things together and see what works and what doesn't. I can picture the process flow in my mind and multiple ways to word/format my request to get the information I want, however I am having trouble translating this to an Azure Cloud Shell command that actually works - any help would be much appreciated, thanks.
After some messing around and reading several different articles and guides and trying to piece something together, I have settled on an approach based on the following commands but I am unsure on how to translate this into a working syntax to get it to work the way I want it to.
- "get-azadgroup" - This pulls a list of az ad groups and their details: DisplayName, ID, MailNickname & Description.
- "(Get-azadGroupMember -displayname GROUPNAME).count" - This will give me the group member count for the specified group via objectID or displayname etc.
How do I write a script/command that will get the full list of AZ AD groups and then pull the member count for each and spit it all out in a csv. or table?
Can I write it in such a way that returns something along the lines of "get az ad group where member count = 0" and have the results spit out into a csv/table with GroupName/DisplayName & member count?
Do I need to write a recurring script that will pull the object ID from the list of azure AD groups from the "get-azadgroup" command, then runs "get-azadgroupmember -groupobjectID GROUPID).count" then adds the results to a table/csv/spreadsheet etc, then runs again for the next one on the list?
Any help, suggestions or alternatives to be able to easily get the information I require without having to manually go through each group, would be greatly appreciated.
Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 89%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EI3%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)