I want to sync two AzureAD Groups, so I read out both groups with Get-AzureADGroupMember.
The Problem is, I only get 103 People out of the group instead of 615...
What Can I do, to get the whole list out of the groups?
Thanks in advance,
Robin
Yes, you need the -All parameter. Otherwise there is a limitation on the number of members the Get-AzureADGroupMember will return.
For anyone else running into this issue, the command is like this:
(Get-AzureADGroup -Filter "DisplayName eq 'GroupName'" -All $true | Get-AzureADGroupMember -All $true).Count
Alternatively, to store the output in variables for later use:
$AzureADGroup = Get-AzureADGroup -Filter "DisplayName eq 'GroupName'" -All $true
$AzureADUsers = $AzureADGroup | Get-AzureADGroupMember -All $true
$AzureADGroupCount = $AzureADUsers | Measure-Object
See for reference: https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Azure-AD-Dynamic-Groups-Display-Membership-and-count-members/td-p/69657
Related
i have a lots of azure ad group with this format "AA - BB - xxx" where xxx can be anything.
i am trying to do a report on how many members in this azure ad group by display the azure ad group name and the number of its members.
i know to do 1 group is using this:
(Get-AzureADGroupMember -all 1 -ObjectId "xxxxx").count
how do i do lots of group with same group naming format to display its name and number of members?
thanks.
You need to first get all groups with such a name and then loop over the resulting list like:
$result = Get-AzureADGroup -Filter "startswith(DisplayName, 'AA - BB -')" -All $true | ForEach-Object {
[PsCustomObject]#{
Group = $_.DisplayName
MemberCount = #(Get-AzureADGroupMember -ObjectId $_.ObjectId -All $true).Count
}
}
# output on screen
$result | Format-Table -AutoSize
# save as Csv file
$result | Export-Csv -Path 'X:\PathTo\GroupMemberCount.csv' -NoTypeInformation
Apparently, the startswith() Filter on Get-AzureADGroup does not always return the wanted results (depending on the version of the OData language??).
In that case do
$result = Get-AzureADGroup | Where-Object {$_.DisplayName -like 'AA - BB -*'} | ForEach-Object {...}
I'm currently working on a script to manage Azure AD (as opposed to the console GUI) and am having issues at one particular part. I'm trying to do an 'add user to group' module, but with Add-AzureADGroupMember requiring the group ObjectId and not display name, it's not initially user-friendly.
Here's what I tried initially:
>> $UPN = "someuser#domain.com"
>> $Selected = "Group Display Name"
>> $Group = Get-AzureADGroup -Filter "DisplayName eq '$Selected'" -All $true | Select-Object -Property ObjectID
>> Add-AzureADGroupMember -ObjectID $Group -RefObjectID $UPN
The problem I have with this, is that $Group is returning '#{ObjectId=fba435cc-913c-46a0-9932-17c01733e143}' as opposed to '{fba435cc-913c-46a0-9932-17c01733e143}'
Is there a better way I can pass the group's ObjectID to a variable? I'd like for users to be able to select the display name and have the variable return the objectID.
To get just the value of a property, use ForEach-Object -MemberName instead of Select-Object -Property:
$Group = Get-AzureADGroup -Filter "DisplayName eq '$Selected'" -All $true | ForEach-Object -MemberName ObjectID
Trying to run a script that will connect to each subscription, and pull the
$azureSubs = Get-AzureRMSubscription
$azureSubs | ForEach-Object {Select-AzureRMSubscription $_ | Out-Null; Get-AzureRMVM | select resourcegroupname, name, licensetype -WarningAction SilentlyContinue}
This works, BUT I'd like to add two more pieces of information: the "OSType" and "VMSize"
If I do a GET-AZURERMVM, in the table for that subscription that the command is run in, the two pieces of information I need are there: VmSize and OsType
However, when I try to add them to the query, the columns are blank.
I believe the VmSize is in the HardwareProfile, and OsType is in the OsProfile, as if I run a "Get-AzureRMVM -name (name) -resourcegroupname (RGname)", then it shows "Hardware Profile: VMSize" and "OSProfile: ComputerName, AdminUsername windowsConfiguration, Secrets"
Ultimate goal is to get the script that will, for each subscription, print results like:
ResourceGroupName | Name | License Type | VMSize | OS Type
TEST_RG | Test_VM | Windows_Server | DS3_v2 | Windows
Test_RG | Test_VM2 | | DS3_v2 | Linux
etc.
Thankful for any help; sorry for such a noob question. Have spent so much time trying to figure this out...
Something like the following would work.
What you were missing mainly was calculated properties.
This is what allow you to perform a select of custom property.
Some notes:
In your code, you used -WarningAction SilentlyContinue on the Select statement. You need to put it on the Get-AzureRMVM CmdLet instead.
This is my opinion but unless you are writing one-liners on purposes, try aerating your code more. It will make it way easier to read, debug and maintain.
This is the code you wrote, modified to include the calculated properties and with the WarningAction parameter set to Get-AzureRMVM instead of the Select statement.
$azureSubs = Get-AzureRMSubscription
$Vms = $azureSubs | ForEach-Object {Select-AzureRMSubscription $_ | Out-Null; Get-AzureRMVM -WarningAction SilentlyContinue | select resourcegroupname, name, licensetype, #{Name="VMSize";Expression={$_.HardwareProfile.VmSize}},#{Name="OsType";Expression={$_.StorageProfile.OsDisk.OsType}}}
$Vms | ft
The same thing, with some progress indication without forcing everything on one line.
$azureSubs = Get-AzureRMSubscription
$Vms = New-Object 'System.Collections.Generic.List[PSObject]'
ForEach ($sub in $azureSubs) {
Select-AzureRMSubscription $sub | Out-Null
Write-Host "Processing Subscription $($sub.Name)".PadRight(50,' ') -ForegroundColor Cyan -NoNewline
[PsObject[]]$items = Get-AzureRMVM -WarningAction SilentlyContinue |
select resourcegroupname,
name,
licensetype,
#{Name="VMSize";Expression={$_.HardwareProfile.VmSize}},
#{Name="OsType";Expression={$_.StorageProfile.OsDisk.OsType}}
Write-Host "($($items.count) retrieved)"
if ($items -ne $null) {
$vms.AddRange($items)
}
}
$vms | Format-Table
You are looking for something like this on the select side
select resourcegroupname, name, licensetype, #{Name="VMSize";Expression={$_.HardwareProfile.VmSize}}, #{Name="OsType";Expression={$_.StorageProfile.OsDisk.OsType}}
Command: Get-AzureADUser [-Filter ] command
msdn says Parameters
-Filter
Specifies an oData v3.0 filter statement. This parameter controls which objects are returned.
how to set filter to get the same result as Azure module v1 commands
Get-MsolUser -All| Where-Object {$_.isLicensed -eq "True"}| Select-Object UserPrincipalName -ExpandProperty Licenses|Select-Object UserPrincipalName -ExpandProperty ServiceStatus|Where-Object {$_.ProvisioningStatus -eq "Success" -and $_.ServicePlan.ServiceName -like "MCO*"}|select UserPrincipalName -Unique
I have searched all over the place to find a proper example of setting filter but could not and i ended up here.
I am basically trying to convert my Azure module v1 commands to Azure module v2 commands.
A few examples of Get-AzureADUser [Filter] command are as below:
Get-AzureADUser -Filter "DisplayName eq 'Juv Chan'"
Get-AzureADUser -Filter "DisplayName eq 'Juv Chan' and UserType eq 'Member'"
This is following the oData 3.0 Filter semantics as specified here.
Note that the Get-AzureADUser cmdlet is only returning 4 fields:
Object Id, Display Name, UserPrincipalName, UserType
Hence, it is not possible to create an equivalent v2 command using the cmdlet above for your v1 command above.
The version of AzureAD PowerShell v2 module tested for the above is 2.0.0.33.
https://www.powershellgallery.com/packages/AzureAD/2.0.0.33
get-azureaduser -all $true -Filter "startswith(UserPrincipalName,'JohnAdam')"
or use variable
get-azureaduser -all $true -Filter "UserPrincipalName eq '$userPrincipalName'"
This seems to do it
Get-AzureADUser -All $true|select UserPrincipalName -ExpandProperty AssignedPlans|Where-Object {$_.CapabilityStatus -eq "Enabled" -and $_.Service -eq "MicrosoftCommunicationsOnline"} |select UserPrincipalName -Unique
I am making a script to query active directory via powershell and pull all computers that contain a username in the description field, then filter that list with only computers last logged in the past 14 days.
This is what I have so far:
$queryAD = Get-ADComputer -SearchBase 'OU=West Division,DC=cable,DC=comcast,DC=com' -Properties Name, Description -Filter {(Name -like "WA*") -and (Description -like $wildCard)} | Select-Object Name, Description
$lastLogon = $queryAD | Select-Object -ExpandProperty Description | %{$_.replace(("$NTname" + ";"),"").split(";")[0]} | %{get-date $_ -format d}
I'd like to add the list generated from $lastLogon to $queryAD, right now $queryAD is returning two columns with headers Name and Description. I need a third header added called Last Logon Date and contain the list in $lastLogon. Please advise.
You could assign the values to an array of objects to make your output cleaner (if this method is providing you the data you want) like so:
$queryAD = Get-ADComputer -SearchBase 'OU=West Division,DC=cable,DC=comcast,DC=com' -Properties Name, Description -Filter {(Name -like "WA*") -and (Description -like $wildCard)} | Select-Object Name, Description
$computer_list = #()
foreach($computer in $queryAD) {
$computer_info = New-Object PSObject -Property #{
Name = $computer.Name
Description = $computer.Description
LastLogonDate = $computer | Select-Object -ExpandProperty Description | %{$_.replace(("$NTname" + ";"),"").split(";")[0]} | %{get-date $_ -format d}
}
$computer_list += $computer_info
}
in which case $computer_list will contain all of the info you're gathering in tidy objects.
...but this method seems overcomplicated. Look into this blog entry by Matt Vogt for a better way to query for old machines in AD.