image
Dave Herrell
Dave Herrell - Blog - IT Toolbox - PowerShell Banner
Entra ID (Azure AD), Groups, MS365, Users

Entra ID: List all User Security Groups and Members

This PowerShell Script comes in handy for companies that need to audit access or security membership quarterly.  This script pulls it’s data from all the Azure AD, aka Entra ID security and M365 Teams enabled groups.

To begin, make sure you have the Azure Module installed.  If you dont, run the code below.

				
					Install-Module -Name AzureAD

Next, make sure you’re running PowerShell with administrator rights.   Connect to Azure-AD.   This will open a prompt for login for MS365.  The login account has to have Global Admin rights, else this script will fail!

Connect to Azure via PowerShell:

				
					Connect-AzureAD

Next you need to run the code below.  A few things to note before running this:

  • Change the csvFilePath to the appropriate area. 
  • Depending on your Entra ID groups and user counts, this can take up to 10-15 minutes to run. Be patient. 

Run the follow PowerShell Script:

				
					# Specify the path where you want to save the CSV file
$csvFilePath = "C:\Export\memereport.csv"
# Initialize an empty array to store user information
$userInfo = @()
# Retrieve all Azure AD users
$users = Get-AzureADUser -All $true
# Loop through each user
foreach ($user in $users) {
    # Get user's manager
    $manager = Get-AzureADUserManager -ObjectId $user.ObjectId
    # Get user's email address
    $email = $user.UserPrincipalName
    # Get user's group memberships
    $groupMemberships = Get-AzureADUserMembership -ObjectId $user.ObjectId | Select-Object -ExpandProperty DisplayName
    # Initialize an array to store group descriptions for each user
    $groupDescriptions = @()
    # Get group descriptions for each group membership
    foreach ($groupMembership in $groupMemberships) {
        $group = Get-AzureADGroup -Filter "DisplayName eq '$groupMembership'"
        $groupDescriptions += $group.Description
    }
    # Add user information to the array
    foreach ($groupMembership in $groupMemberships) {
        $description = $groupDescriptions[$groupMemberships.IndexOf($groupMembership)]
        $userInfo += [PSCustomObject]@{
            UserName = $user.DisplayName
            UserObjectId = $user.ObjectId
            Manager = if ($manager) { $manager.DisplayName } else { "N/A" }
            EmailAddress = $email
            GroupMembership = $groupMembership
            GroupDescription = $description
        }
    }
}
# Export the user information to a CSV file
$userInfo | Export-Csv -Path $csvFilePath -NoTypeInformation

After patiently waiting, this will export a CSV file that you can use for auditing purposes.  

The CSV export will contain the following fields:

  • Username
  • User Manager
  • User Email
  • Group Membership
  • Group Description

As long as you utilize each of the attributes above, this will export into a nice CSV for you to sort as needed. 

Hope you find this helpful!

Pull this from my GitHub Entra ID Repo
Pull this from my Bitbucket Entra ID Repo