A bit of a mouthful that heading! Basically, we use Azure AD groups to manage certain aspects of our MEM deployment.
The script requires the AzureAD module (It will check for and prompt you to install it if you run the script as Admin) and a csv file with the users UPNs in a column with the heading ‘user’ edit the variable $groups to contain the groups you require.
The output is a CSV, with column headings for the user and a column for each group. Yes or No in the data to say if the user is in or out of a particular group:
Add-Type -AssemblyName System.Windows.Forms #required for file dialog
if (Get-Module -ListAvailable -Name Azuread) {
Write-Host "AzureAD Module exists, loading"
Import-Module Azuread
}
else {
#no module, does user hae admin rights?
Write-Host "AzureAD Module does not exist please install`r`n with install-module azuread" -ForegroundColor Red
if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
[Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Host "Insufficient permissions to install module. Please run as an administrator and try again." -ForegroundColor DarkYellow
return(0)
}
else {
Write-Host "Attempting to install Azure AD module" -ForegroundColor Cyan
Install-Module AzureAD -Confirm:$False -Force
}
}
Connect-AzureAD
$start = Get-Date
# lets create an array of our groups
$Groups = @("Group1", "Group2", "Group3", "Group4", "Group5", "Group6")
# next an array to hold the results..
$Results = @()
# Now Lets get the input and output files....
$FileBrowser = New-Object System.Windows.Forms.OpenFileDialog -Property @{InitialDirectory = [Environment]::GetFolderPath('Desktop')
Filter = 'Spreadsheets (*.csv)|*.csv'
Title = 'Select input file'
}
$null = $FileBrowser.ShowDialog()
$infile = $FileBrowser.FileName
$users = Import-Csv -path $infile
# OK, now we have the users, lets cycle through and check if they are in the groups..
$progress = 0
$secondsElapsed = 0
ForEach($user in $users) {
$progress++
$percentComplete = ($progress / $users.Count) * 100
$progressParameters = @{
Activity = "Woring on Users [$($progress)/$($users.Count)] $($secondsElapsed.ToString('hh\:mm\:ss'))"
Status = 'Processing'
CurrentOperation = "Checking $user"
PercentComplete = $percentComplete
}
# if we have an estimate for the time remaining, add it to the Write-Progress parameters
if ($secondsRemaining) {
$progressParameters.SecondsRemaining = $secondsRemaining
}
# Write the progress bar
Write-Progress @progressParameters
$userobjid = (Get-AzureADUser -objectid $user.user).objectid
$userobject = new-object psobject
$userobject | add-member -membertype NoteProperty -Name "username" -Value $user.user
foreach($group in $groups){
write-host working on $group
$objid=(Get-AzureADGroup -SearchString $Group).objectid
#Write-host checking is user is in group
$isingroup = Get-AzureADUserMembership -ObjectId $userobjid | Where-Object {$_.DisplayName -like $group}
$test = $group
If($isingroup -ne $null){
$userobject | add-member -membertype NoteProperty -Name $group -Value "yes"
}
else{
$userobject | add-member -membertype NoteProperty -Name $group -Value "no"
}
}
$results += $userobject
$userobject = $null
$secondsElapsed = (Get-Date) – $start
$secondsRemaining = ($secondsElapsed.TotalSeconds / $progress) * ($users.Count – $progress)
}
$Results | Export-CSV -Path "C:\support\CheckOuput.csv" -NoTypeInformation