This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 12%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Hi Team,
I need to export the list of user in Azure with their respective network group + email + UPN and need to export to Storage Account in format csv file via PowerShell command, because we pretend use Automation Acounts for that.
I have tried with this commands:
Get-AzureAdGroup -Filter "startswith(DisplayName,'XXX_')" -->this output give us the Network group that we want
Get-AzADUser -->this output give us all the Users in Azure Active directory
But we don't want all users, we want just the users in the Network Group filtered
below I attached the example of the report.
Note: In my prod Env we have more than 50,000 users and more than 500 network groups aprox.
Regards
Use the Get-AzureADGroupMember cmdlet?
Get-AzureAdGroup -Filter "startswith(DisplayName,'XXX_')" | Get-AzureADGroupMember
Optionally, add a filter for just users:
Get-AzureAdGroup -ObjectId ecdbc965-b30b-47d7-8dbe-904fd286aa46 | Get-AzureADGroupMember | ? {$_.ObjectType -eq "User"}
I got this message, I am using the second script that you put in your comment. I paste the script in the runbook with power shell.
Get-AzureAdGroup -Filter "startswith(DisplayName,'XXXX_')" | Get-AzureADGroupMember | ? {$_.ObjectType -eq "User"}
Error occurred while executing GetGroups
Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
RequestId: b8184xxx-35xx-xxxx-xxxx-7b72a93fxxxx
DateTimeStamp: Wed, 07 Sep 2022 18:36:45 GMT
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
The error message is about permissions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
As you mentioned that you are getting an error while executing below script,
Get-AzureAdGroup -ObjectId ecdbc965-b30b-47d7-8dbe-904fd286aa46 | Get-AzureADGroupMember | ? {$_.ObjectType -eq "User"}
As per the error you are getting permission issues. You can connect to AzureAD using Global admin credentials.
Global admin account is the account with highest privileges in Azure AD.
Let me know if you are still getting some error.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
@Sandeep G-MSFT hi.
i found the solution by this link https://learn.microsoft.com/en-us/answers/questions/276524/connect-azuread-using-pscredential.html.
Make sure the Azure Automation Run As Account (App) has sufficient permissions i.e., in this case
add User.Read.All API permission (Azure portal -> Azure AD -> API permissions -> Microsoft Graph -> Application permissions -> User.Read.All ) and
assign the directory readers role (Azure portal -> Azure AD -> roles and Administrator -> Directory Readers role -> assign this role) to it.
thank you for the answer.