Tip of the Day: Get list of company admins in Office 365 or Azure AD

  • Article

Today’s Tip… Get list of company admins in Office 365 or Azure AD

There are times you are working with an end user, and they need assistance from their company admin. Within Microsoft Support, if your following our strict security practices and data protection, you should not be giving out any information about their administrators.

I have written this script that comes in handy in these rare cases. This script does everything it needs to do even if the end user is not familiar PowerShell.

  • It will self-install Azure AD PowerShell if not already installed
  • Connect to Azure AD PowerShell
  • Output a list of their Azure AD Company Administrators

Save the following script content to a .ps1 file like so…

Get-AadCompanyAdmins.ps1

And all the user has to do is double click on the file.

Script Content…

# ##########################################################

# HELPER FUNCTION

# ##########################################################

Function PressAnyKey ($message)

{

# Check if running Powershell ISE

if ($psISE)

{

Add-Type -AssemblyName System.Windows.Forms

[System.Windows.Forms.MessageBox]::Show("$message")

}

else

{

Write-Host "$message" -ForegroundColor Yellow

$key = [System.Console]::ReadKey().Key.ToString()

}

}

# ##########################################################

# MAIN

# ##########################################################

# Check if Azure AD PowerShell is installed

$module = Get-Module -ListAvailable -Name AzureAd

$modulep = Get-Module -ListAvailable -Name AzureAdPreview

# Install Azure AD PowerShell if not installed

if (-not $module -and -not $modulep) {

Write-Host "Azure AD PowerShell module not installed!" -ForegroundColor Yellow

Write-Host "Attempting to install Azure AD PowerShell module..." -ForegroundColor Yellow

Install-Module AzureAd

}

# Connect to Azure AD PowerShell

if (-not $AadSession) {

$AadSession = Connect-Azuread -verbose

}

# Get List of Company Administrators

$filename = "admins.of.$($AadSession.TenantDomain)"

$role = $null

$role = Get-AzureADDirectoryRole -Filter "DisplayName eq 'Company Administrator'"

$admins = Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId | Select-Object DisplayName, UserPrincipalName

# Export list of admins to a CSV

$admins | Export-Csv "$filename"

# Output list of admins

$admins | format-table

PressAnyKey -message "Press any key to continue..."

 

EXTRA NOTE:

I have had a couple reports that this script did not work for them.

To make this work, change the following line from…

$role = Get-AzureADDirectoryRole -Filter "DisplayName eq 'Company Administrator'"

To…

$role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Company Administrator'}

Turns out -Filter parameter is only available in the AzureAdPreview module.