Share via

Add List of users as Member to Azure AD group via Powershell

SathishKumar Venugopal 21 Reputation points
2021-12-13T09:57:19.103+00:00

Hi All, I have a source.csv file with userID, UPN(UserPrinciplename), ObjectID, Email.

I'm fine with any of these attributes

I would like to add the list of users in my source.csv to a specific Azure AD group. The below example script is for Onprem that i get from a public forum which is really good. can someone help to find the same for Azure? 

# Start transcript
Start-Transcript -Path C:\Temp\Add-ADUsers.log -Append

# Import the data from CSV file and assign it to variable
$Users = Import-Csv "C:\Script\Users.csv"

# Specify target group where the users will be added to
# You can add the distinguishedName of the group. For example: CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local
$Group = "DLP20212022" 

foreach ($User in $Users) {
    # Retrieve UPN
    $UPN = $User.UserPrincipalName

    # Retrieve UPN related SamAccountName
    $ADUser = Get-ADUser -Filter "UserPrincipalName -eq '$UPN'" | Select-Object SamAccountName

    # User from CSV not in AD
    if ($ADUser -eq $null) {
        Write-Host "$UPN does not exist in AD" -ForegroundColor Red
    }
    else {
        # Retrieve AD user group membership
        $ExistingGroups = Get-ADPrincipalGroupMembership $ADUser.SamAccountName | Select-Object Name

        # User already member of group
        if ($ExistingGroups.Name -eq $Group) {
            Write-Host "$UPN already exists in $Group" -ForeGroundColor Yellow
        }
        else {
            # Add user to group
            Add-ADGroupMember -Identity $Group -Members $ADUser.SamAccountName -WhatIf
            Write-Host "Added $UPN to $Group" -ForeGroundColor Green
        }
    }
}
Stop-Transcript
Windows for business | Windows Server | User experience | PowerShell
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Accepted answer
  1. Clément BETACORNE 2,496 Reputation points
    2021-12-14T09:23:27.347+00:00

    Hello,

    Below an example of the script with the AzureAD cmdlet : 

    Connect-AzureAD

$Users = Import-Csv Users.csv -Delimiter ","

$Group = "DLP20212022"

foreach($user in $Users) {
    $AzureADUser = Get-AzureADUser -Filter "UserPrincipalName eq '$($user.UPN)'"
    if($AzureADUser -ne $null) {
        try {
            $AzureADGroup = Get-AzureADGroup -Filter "DisplayName eq '$Group'" -ErrorAction Stop
            $isUserMemberOfGroup = Get-AzureADGroupMember -ObjectId $AzureADGroup.ObjectId -All $true | Where-Object {$_.UserPrincipalName -like "*$($AzureADUser.UserPrincipalName)*"}
            if($isUserMemberOfGroup -eq $null) {
                Add-AzureADGroupMember -ObjectId $AzureADGroup.ObjectId -RefObjectId $AzureADUser.ObjectId -ErrorAction Stop
            }
        }
        catch {
            Write-Output "Azure AD Group does not exist or insufficient right"
        }
    }
    else {
        Write-Output "User does not exist"
    }
}

    Note : My CSV file only have UPN column

    Regards,

    2 people found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Safwan Alsalameh 26 Reputation points
    2022-03-29T14:09:50.66+00:00

    Hi
    What if I need to ad the user to many groups

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.