[英]Export all Azure AD groups, including nested groups, their members and owners (PowerShell)
What would be a PowerShell script to export all Azure AD groups, their members and owners into one CSV file?将所有 Azure AD 组及其成员和所有者导出到一个 CSV 文件中的 PowerShell 脚本是什么?
I also need an expanded nested groups.我还需要一个扩展的嵌套组。
Here is something I came up with, should work as long as you have the azuread powershell module.这是我想出的东西,只要你有 azuread powershell 模块就可以工作。
function get-recursivegroupmembers {
param($grouplistname, $currgroup, $groupmemtype)
$members = if ($groupmemtype -eq "owner") {get-azureadgroupowner -ObjectId $currgroup.ObjectId -All $true} else {get-azureadgroupmember -ObjectId $currgroup.ObjectId -All $true}
$grouptype = "Distribution Group"
if ($currgroup.SecurityEnabled -eq $true)
{
$grouptype = "Security Group"
}
foreach ($member in $members)
{
if($member.ObjectType -eq "Group" )
{ get-recursivegroupmembers "$grouplistname->$($member.DisplayName)" $member $groupmemtype}
else
{
add-content -Path $filename -Value "$grouplistname,$grouptype,$groupmemtype,$($member.ObjectId),$($member.ObjectType) $($member.UserType),$($member.UserPrincipalName)" }
}
}
connect-AzureAD
$filename = ".\groupusers-$(get-date -f 'ddMMyyyy-HHmmss').csv"
$groups=Get-AzureADGroup -All $true
add-content -Path $filename -Value "Group(s),Group Type,Member Type,User ObjectId,AAD Object Type,UPN"
ForEach ($group in $groups)
{
get-recursivegroupmembers $group.DisplayName $group "owner"
get-recursivegroupmembers $group.DisplayName $group "member"
}
This will give you a file in the current folder where the script is.这将在脚本所在的当前文件夹中为您提供一个文件。 called groupusers, first field will contain group and if its a nested group member would show like group->nestedgroup, owner or member, etc.
称为 groupusers,第一个字段将包含组,如果它的嵌套组成员将显示为 group->nestedgroup、所有者或成员等。
Sorry couldn't comment as I don't have enough rep, I created an account to thank you Peter.抱歉无法发表评论,因为我没有足够的代表,我创建了一个帐户来感谢 Peter。
This worked a treat.这是一种享受。 I had tried multiple other articles but this one works.
我曾尝试过其他多篇文章,但这篇文章有效。 All I did was to target groups with a specific naming scheme was change this line and remove $true as that said 'a positional parameter cannot be found that accepts the argument True'
我所做的只是针对具有特定命名方案的组更改此行并删除 $true ,因为它说“找不到接受参数 True 的位置参数”
$groups = Get-AzureADGroup -SearchString "File Share"
That then searches for any group starting with 'File Share'然后搜索以“文件共享”开头的任何组
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.