Export Users

Question

Hi All

We create users in on-premises Active Directory, which are synced to Entra ID. In Entra ID, we also create guest accounts. I want to export all users from Entra ID, along with any roles assigned to them. If users have roles, I want to include that information in the export. I would like all this information to be exported to an Excel file. Please guide me on how to achieve this.

Answer 1

Hello @Glenn Maxwell,

Thank you for posting your query on Microsoft Q&A Forum. As per your query, I understand that you wanted to export the list of all users in your tenant including their assigned roles.

I tried to reproduce the same in my tenant and I had successfully exported the list of all users, UPN and Assigned roles into an excel sheet.

Please find the steps below-

Open powershell as an admin and run the below command-

Install-Module Microsoft.Graph -scope CurrentUser

Once you execute the above command Accept all the prompts you get to install the module. It would take upto 5 minutes to install this module and once the module is executed run the below command-

Connect-MGGraph -Scopes "User.Read.All", "Directory.Read.All", "RoleManagement.Read.Directory"

During this process, you would get a Microsoft Login prompt where you need to enter your Global Admin credentials and complete the Authentication. Once this is done, please run the below command at once-

================================================================

# Get all users

$users = Get-MgUser -All

# Get all directory role assignments

$roleAssignments = Get-MgDirectoryRole -All | ForEach-Object {

$role = $_

Get-MgDirectoryRoleMember -DirectoryRoleId $role.Id | ForEach-Object {

[PSCustomObject]@{

UserId = $_.Id

UserName = $_.UserPrincipalName

RoleName = $role.DisplayName

}

}

}

# Join user info with role info

$usersWithRoles = foreach ($user in $users) {

$userRoles = $roleAssignments | Where-Object { $_.UserId -eq $user.Id }

if ($userRoles) {

foreach ($role in $userRoles) {

[PSCustomObject]@{

DisplayName = $user.DisplayName

UserPrincipalName = $user.UserPrincipalName

Role = $role.RoleName

}

}

} else {

[PSCustomObject]@{

DisplayName = $user.DisplayName

UserPrincipalName = $user.UserPrincipalName

Role = "None"

}

}

}

# Export to CSV

$usersWithRoles | Export-Csv -Path "C:\DesiredName.csv" -NoTypeInformation

================================================================

So, in the given Export Path in the above command, the CSV file with list of all users, UPN and Roles would be populated and if any user does not have any role it would populate as None.

I hope this information is helpful. Please feel free to reach out if you have any further questions.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Answer 2

Hello Glenn Maxwell,

For now there are no built-in APIs to directly list users together with the roles assigned to them.

But you can list all users (including external guest users) first with Graph API:

https://graph.microsoft.com/v1.0/users

Or PowerShell commands:

Import-Module Microsoft.Graph.Users

Get-MgUser

Then as for each single user object from the exported users, seperately retrieve the roles assigned to them with:

https://graph.microsoft.com/v1.0/users/{user-id}/memberOf/microsoft.graph.directoryRole

Or PowerShell commands:

Import-Module Microsoft.Graph.Users

Get-MgUserMemberOfAsDirectoryRole -UserId $userId | fl

Please note for all PS commands you will need to install the below module first:

Install-Module Microsoft.Graph.Users

If I have answered your question, please accept this answer as a token of appreciation and don't forget to give a thumbs up for "Was it helpful" and "Accept the answer"!

Best regards,