2

I want to add to the user all possible group memberships in the Azure Active Directory, but there are so many groups so I dont want to do it manually, is there any script or button to do this quickly?

Improve this question

3 Answers 3

Reset to default
1

• Yes, you can surely do that through a powershell script wherein you would need to export the details of all the groups present in Azure AD to a CSV file or to the console. And then call every group to add the said user whose object ID is specified in the powershell command to every group. Please find the below prepared and tested powershell script for the specified user in all the groups present in Azure AD.

Powershell script: -

  Connect-AzureAD
   $groups=Get-AzureADGroup | Select-Object ObjectID
    foreach($group in $groups) {Add-AzureADGroupMember -ObjectId $group.ObjectId -RefObjectId "f08cdf62-6d20-4b65-bdd8-33f84c61802f"} ’

• Results: -

User's object ID Group membership Groups present

Please find below Microsoft documentation for your reference: -

https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-settings-v2-cmdlets#add-members

Improve this answer
2
  • I tried to do next - created script.ps1 file, inserted there your script with my Object Id, saved this file, clicked on it and clicked 'Run with PowerShell'. The PowerShell was opened and closed immiadiately, user was not assigned to all the groups, what have I done wrong?
    – user12398280
    Commented Mar 21, 2022 at 16:55
  • 1
    You should have also checked the reference object id of the user to be added in all the groups and replace it accordingly with the one in your Azure AD tenant. Also, ensure that Azure AD module is installed correctly in your powershell module. And finally try executing the script by entering the commands in powershell.
    – Kartik Bhiwapurkar
    Commented Mar 22, 2022 at 7:17
1

try this in powershell install azure AD module

   PS C:\Windows\system32> install-module azuread
   PS C:\Windows\system32> import-module azuread

you can verify it by :

PS C:\Windows\system32> get-module azuread

Now connect your powershell to the directory

PS C:\Windows\system32> Connect-AzureAD

it will prompts you for the credentials you want to use to access your directory and returns a confirmation to show the session was connected successfully to your directory:

     Account                       Environment Tenant ID
    -------                       ----------- ---------
    [email protected]      AzureCloud  23b5ff1e-3402-800c-823c-3f…

To retrieve existing groups from your directory, use the Get-AzureADGroups cmdlet

$groups= get-azureadgroup 
foreach ($group in $groups)
{

Add-AzureADGroupMember -ObjectId $group.ObjectId -RefObjectId <user reference id>
}

replace the user reference id, you can use Get-AzureADUser to get that

Improve this answer
1

Kartik and Vineesh answers are pretty good, but If you want to get all available groups and you are already a member of some groups you should use this script

try
{
    Connect-AzureAD
    $groups=Get-AzureADGroup -All $true ` | Select-Object ObjectID
    foreach($group in $groups) {
       $Members = $group | Get-AzureADGroupMember -All $true
       $IsUserInGroup = $Members.ObjectID -contains "your objectId"
       if ($IsUserInGroup -eq $false)
       {
          Add-AzureADGroupMember -ObjectId $group.ObjectId -RefObjectId "your 
          objectId"
       }
    }
}
catch
{
    Write-Error $_.Exception.ToString()
    Read-Host -Prompt "The above error occurred. Press Enter to exit."
}
Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.