List all Azure AD groups

Posted on

Update : updated script to support Azure Az powershell module.

In previous post, I provided a script to generate a CSV report of Azure AD users. Here is a Powershell script to generate a report on Azure Active Directory (AD) Groups in Azure tenant. This csv file report with information of all Azure AD groups. It includes a list of all standard properties you need to know for a group. For more details refer Microsoft documentation.

Again, I run this script just to have a quick and easy report of Azure AD to present to my management or auditors. To run this script, you need login to Azure Account and make sure you have Azure Resource Manager Powershell module installed and imported. Please refer Microsoft documentation on how to install Powershell AzureRM module on your system. Let me know if this is helpful! 

$currentDir = $(Get-Location).Path
$oFile = "$($currentDir)\AzureADGroups_Details.csv"

if(Test-Path $oFile){Remove-Item $oFile -Force}
"DisplayName,ObjectId,MailEnabled,Mail,MailNickName,OnPremisesSecurityIdentifier,SecurityEnabled,DirSyncEnabled,LastDirSyncTime,LastDirSyncTime" | Out-File $oFile -Append -Encoding ASCII
Get-AzureADGroup -All $true | ForEach-Object{
    $DisplayName = $ObjectId = $MailEnabled = $Mail = $MailNickName = $OnPremisesSecurityIdentifier = ""
    $SecurityEnabled = $DirSyncEnabled = $LastDirSyncTime = ""
	$DisplayName = $_.DisplayName.split(",")[0]
    $ObjectId = $_.ObjectId
    $MailEnabled = $_.MailEnabled
    $Mail = $_.Mail
    $MailNickName = $_.MailNickName
    $OnPremisesSecurityIdentifier = $_.OnPremisesSecurityIdentifier
    $SecurityEnabled = $_.SecurityEnabled
    $DirSyncEnabled = $_.DirSyncEnabled
    $LastDirSyncTime = $_.LastDirSyncTime
	"$DisplayName,$ObjectId,$MailEnabled,$Mail,$MailNickName,$OnPremisesSecurityIdentifier,$SecurityEnabled,$DirSyncEnabled,$LastDirSyncTime,$LastDirSyncTime" | Out-File $oFile -Append -Encoding ASCII
}

Download above script and save it with a .ps1 file extension. Open powershell console and, connect to your Azure AD account using – Connect-AzureAD. It will prompt you to enter your Azure credentials.

Connect to Azure AD Account

After you login to Azure, run the powershell script saved in previous step.

Run Powershell script