I want to add to the user all possible group memberships in the Azure Active Directory, but there are so many groups so I dont want to do it manually, is there any script or button to do this quickly?
3 Answers
• Yes, you can surely do that through a powershell script wherein you would need to export the details of all the groups present in Azure AD to a CSV file or to the console. And then call every group to add the said user whose object ID is specified in the powershell command to every group. Please find the below prepared and tested powershell script for the specified user in all the groups present in Azure AD.
Powershell script: -
Connect-AzureAD
$groups=Get-AzureADGroup | Select-Object ObjectID
foreach($group in $groups) {Add-AzureADGroupMember -ObjectId $group.ObjectId -RefObjectId "f08cdf62-6d20-4b65-bdd8-33f84c61802f"} ’
• Results: -
Please find below Microsoft documentation for your reference: -
-
I tried to do next - created script.ps1 file, inserted there your script with my Object Id, saved this file, clicked on it and clicked 'Run with PowerShell'. The PowerShell was opened and closed immiadiately, user was not assigned to all the groups, what have I done wrong? Commented Mar 21, 2022 at 16:55
-
1You should have also checked the reference object id of the user to be added in all the groups and replace it accordingly with the one in your Azure AD tenant. Also, ensure that Azure AD module is installed correctly in your powershell module. And finally try executing the script by entering the commands in powershell. Commented Mar 22, 2022 at 7:17
try this in powershell install azure AD module
PS C:\Windows\system32> install-module azuread
PS C:\Windows\system32> import-module azuread
you can verify it by :
PS C:\Windows\system32> get-module azuread
Now connect your powershell to the directory
PS C:\Windows\system32> Connect-AzureAD
it will prompts you for the credentials you want to use to access your directory and returns a confirmation to show the session was connected successfully to your directory:
Account Environment Tenant ID
------- ----------- ---------
[email protected] AzureCloud 23b5ff1e-3402-800c-823c-3f…
To retrieve existing groups from your directory, use the Get-AzureADGroups cmdlet
$groups= get-azureadgroup
foreach ($group in $groups)
{
Add-AzureADGroupMember -ObjectId $group.ObjectId -RefObjectId <user reference id>
}
replace the user reference id, you can use Get-AzureADUser to get that
Kartik and Vineesh answers are pretty good, but If you want to get all available groups and you are already a member of some groups you should use this script
try
{
Connect-AzureAD
$groups=Get-AzureADGroup -All $true ` | Select-Object ObjectID
foreach($group in $groups) {
$Members = $group | Get-AzureADGroupMember -All $true
$IsUserInGroup = $Members.ObjectID -contains "your objectId"
if ($IsUserInGroup -eq $false)
{
Add-AzureADGroupMember -ObjectId $group.ObjectId -RefObjectId "your
objectId"
}
}
}
catch
{
Write-Error $_.Exception.ToString()
Read-Host -Prompt "The above error occurred. Press Enter to exit."
}