Export Azure AD group members to CSV with PowerShell

In the Microsoft 365 admin center, you can get a list of all the groups in your organization. The disadvantage is that you can only display and export the members of a single group. With PowerShell, you can bulk export all groups and their members’ details in one CSV file. In this article, you will learn how to export all Azure AD group members to CSV file with PowerShell.

Table of contents

Connect to Microsoft Graph PowerShell

Before you start, you must install the Microsoft Graph PowerShell module, including the Microsoft Graph Beta module.

Run the below command to install the Microsoft Graph module.

Install-Module Microsoft.Graph -Force
Install-Module Microsoft.Graph.Beta -AllowClobber -Force

You need to connect to MS Graph with the below scopes.

Connect-MgGraph -Scopes "User.Read.All", "Group.Read.All"

View Azure AD groups information

We will show how to display information about all the Azure AD groups in PowerShell output. Remember that all the information you can display on the PowerShell console you can also export to a CSV file.

Get list of all Azure AD groups

You can display a list of all the Azure AD groups in your organization. To view all groups, use the Get-MgGroup cmdlet.

Get-MgGroup -All

The PowerShell output shows the below result.

DisplayName     Id                                   MailNickname    Description             GroupTypes
-----------     --                                   ------------    -----------             ----------
Mail security   00d760d0-d5a7-49d8-88d5-21a093b34bd7 Mail.Security   Mail security           {}        
Sales Spain     06a56975-ba05-43cc-8a2a-e8879f42e622 SalesSpain                              {}        
Sales UK        0a33cb80-41ff-4e92-8c85-269a81dec110 SalesUK                                 {}        
Sales Sweden    0c3107c9-b1e7-4a0b-ac50-38ef25e6aeb2 SalesSweden                             {}        
Management Team 18233557-5240-4a0f-80b5-ccacf8c97102 ManagementTeam  For the Management Team {Unified} 
Sales Team      2de06857-1e0c-4ffe-b85c-7b0c18bb71d3 SalesTeam       For the Sales Team      {Unified} 
Finance USA     38fc2d7f-b496-47fc-9fa8-96178d17e52e FinanceUSA                              {}        
Sales Employees 525672db-4320-40e5-8a42-69457dae2347 Sales.Employees Sales Employees         {}

Get Azure AD group details using display name

In our example, we want to find the details of the group Sales UK. You can find the group ID number if you know the display name of the group.

Run the below PowerShell command example.

Get-MgGroup -Filter "DisplayName eq 'Sales UK'" | fl Id, DisplayName, Description, GroupTypes

The PowerShell output shows the below result.

Id          : 0a33cb80-41ff-4e92-8c85-269a81dec110
DisplayName : Sales UK
Description : 
GroupTypes  : {}

Display Azure AD group members details

To get extended information about the members of a specific group, we need to use the PowerShell cmdlet Get-MgGroupMember.

Count Azure AD group members total

If you know the group ID number, you can find out how many members a specific group has. See the previous step to get the group ID number of a specific group.

In our example, we will use the parameter -GroupId to count the number of members of the group Sales UK.

Run the below PowerShell command example.

(Get-MgGroupMember -GroupId '0a33cb80-41ff-4e92-8c85-269a81dec110' -All).Count

The PowerShell output displays the number of group members.

Get Azure AD members of specific group with GroupId

You can also get the members of a single group with the -GroupId parameter. In our example, we want to see which members belong to the group Sales UK.

See the below PowerShell syntax.

Get-MgGroupMember -GroupId 'Group Id number' -All

Run the below PowerShell command example.

Get-MgGroupMember -GroupId '0a33cb80-41ff-4e92-8c85-269a81dec110' -All

The PowerShell output result only shows the ID number of all the group members of Sales UK.

Id                                   DeletedDateTime
--                                   ---------------
eec2668a-0773-4947-93ba-2223f6acfe55                
fd199cb4-2ebf-4171-96e2-12fd75453e39                
fa956d8c-87df-4cd4-ac2a-ac1f3d7cac8b                
d89be5ce-6495-4009-b61b-81126c239c34                
a9532b30-4edb-4b66-a3b0-6ac972a6065b                
b602b148-2fcf-435a-9d34-ce72c3a8c748                
3bb176aa-d0ba-47f7-aecc-f4837593006e                
1d9fc432-6a9f-44c5-8cda-0291662bc825                
12eefbb2-e5f4-4eec-bd18-df7ca2f1ee6b                
274d72d7-cc30-4a64-bc33-c99ff96c3abf                
41377e9c-dc47-46c0-b4a5-1d5bbdcb5cc5

If you want more detailed information, like the UserPrincipalName or DisplayName of each member, read the next step.

Export Azure AD members of specific group to CSV

To get more details about the members of a specific group, you can use the below PowerShell script.

Export all members of a specific group to a single CSV file. Let’s say you don’t know the ID number of a specific group, or you don’t want to retrieve it. In our example, we want to get all the members’ details of the group Sales Sweden.

  1. Create a folder named temp and save it in the (C:) drive if you don’t have it
  2. Specify the CSV export path in line 5
  3. Type the GroupName or GroupId in line 8
  4. Run the below PowerShell script
# Connect to Microsoft Graph with specified scopes
Connect-MgGraph -Scopes "User.Read.All", "Group.Read.All"

# Specify the group display name you want to retrieve
$groupName = "Sales Sweden"

# CSV file path to export
$CsvPath = "C:\temp\GroupMembers.csv"

# Retrieve the specified group
$group = Get-MgGroup -All | Where-Object { $_.Id -eq $groupName -or $_.DisplayName -eq $groupName }

# Check if the group is found
if ($group) {
    # Get properties
    $Properties = @(
        'Id', 'DisplayName', 'UserPrincipalName', 'UserType', 'AccountEnabled'
    )

    # Initialize an array to store user information
    $allUsers = @()

    # Retrieve group members using the valid Group ID
    $members = Get-MgGroupMember -GroupId $group.id -All

    # Determine the group type
    $groupType = if ($group.groupTypes -eq "Unified" -and $group.securityEnabled) { "Microsoft 365 (security-enabled)" }
    elseif ($group.groupTypes -eq "Unified" -and !$group.securityEnabled) { "Microsoft 365" }
    elseif (!($group.groupTypes -eq "Unified") -and $group.securityEnabled -and $group.mailEnabled) { "Mail-enabled security" }
    elseif (!($group.groupTypes -eq "Unified") -and $group.securityEnabled) { "Security" }
    elseif (!($group.groupTypes -eq "Unified") -and $group.mailEnabled) { "Distribution" }
    else { "N/A" }

    # If there are no members, create an object with empty values
    if ($members.Count -eq 0) {
        $Objects = [PSCustomObject][ordered]@{
            GroupId            = $group.Id
            GroupDisplayName   = $group.DisplayName
            GroupType          = $groupType
            UserDisplayName    = "N/A"
            UserPrincipalName  = "N/A"
            UserAlias          = "N/A"
            UserType           = "N/A"
            UserAccountEnabled = "N/A"
        }
        $allUsers += $Objects
    }
    else {
        # Iterate through each group member and retrieve user details
        foreach ($member in $members) {
            $user = Get-MgUser -UserId $member.Id -Property $Properties -ErrorAction SilentlyContinue | Select-Object $Properties

            # Check if $user is not null before accessing properties
            if ($user.Count -ne 0) {
                # Extract the alias from the UserPrincipalName
                $alias = $user.UserPrincipalName.Split("@")[0]

                # Create an ordered custom object with properties in a specific order
                $Objects = [PSCustomObject][ordered]@{
                    GroupId            = $group.Id
                    GroupDisplayName   = $group.DisplayName
                    GroupType          = $groupType
                    UserDisplayName    = $user.DisplayName
                    UserPrincipalName  = $user.UserPrincipalName
                    UserAlias          = $alias
                    UserType           = $user.UserType
                    UserAccountEnabled = $user.AccountEnabled
                }

                # Add the ordered custom object to the array
                $allUsers += $Objects
            }
        }
    }

    # Export all user information to a CSV file
    $allUsers | Sort-Object GroupDisplayName | Export-Csv $CsvPath -NoTypeInformation -Encoding utf8
    $allUsers | Out-GridView
}
else {
    Write-Host "Group '$groupName' not found." -ForegroundColor Red
}
  1. The Out-GridView opens in a separate window
Export Azure AD group members to Out-GridView with PowerShell.
  1. Go to the CSV file in the C:\temp folder
  2. Open the CSV file with an application like Microsoft Excel to see the results
Export Azure AD group members to CSV file with PowerShell.
  1. The CSV file shows each member’s Name, UserPrincipalName, Alias, UserType, and AccountEnabled of the group (Sales Sweden).
Export specific Azure AD group members to CSV file.

Bulk export Azure AD group members to CSV

Export all the Azure AD groups that are available in your organization, including their group members.

This PowerShell script creates a single CSV file and adds all the groups from your organization, containing each member’s Name, UserPrincipalName, Alias, UserType, and AccountEnabled.

  1. Create a folder named temp and save it in the (C:) drive if you don’t have it
  2. Specify the CSV export path in line 5
  3. Run the below PowerShell script
# Connect to Microsoft Graph with specified scopes
Connect-MgGraph -Scopes "User.Read.All", "Group.Read.All"

# CSV file path to export
$CsvPath = "C:\temp\AllGroupMembers.csv"

# Retrieve all groups
$groups = Get-MgGroup -All

# Get properties
$Properties = @(
    'Id', 'DisplayName', 'UserPrincipalName', 'UserType', 'AccountEnabled'
)

# Initialize an array to store user information
$allUsers = @()

# Set up the progress bar parameters
$totalGroups = $groups.Count
$currentGroup = 0

# Iterate through each group and retrieve group members
foreach ($group in $groups) {
    # Retrieve group members using the valid Group ID
    $members = Get-MgGroupMember -GroupId $group.id -All

    # Determine the group type
    $groupType = if ($group.groupTypes -eq "Unified" -and $group.securityEnabled) { "Microsoft 365 (security-enabled)" }
    elseif ($group.groupTypes -eq "Unified" -and !$group.securityEnabled) { "Microsoft 365" }
    elseif (!($group.groupTypes -eq "Unified") -and $group.securityEnabled -and $group.mailEnabled) { "Mail-enabled security" }
    elseif (!($group.groupTypes -eq "Unified") -and $group.securityEnabled) { "Security" }
    elseif (!($group.groupTypes -eq "Unified") -and $group.mailEnabled) { "Distribution" }
    else { "N/A" }

    # If there are no members, create an object with empty values
    if ($members.Count -eq 0) {
        $Objects = [PSCustomObject][ordered]@{
            GroupId            = $group.Id
            GroupDisplayName   = $group.DisplayName
            GroupType          = $groupType
            UserDisplayName    = "N/A"
            UserPrincipalName  = "N/A"
            UserAlias          = "N/A"
            UserType           = "N/A"
            UserAccountEnabled = "N/A"
        }
        $allUsers += $Objects
    }
    else {
        # Iterate through each group member and retrieve user details
        foreach ($member in $members) {
            $user = Get-MgUser -UserId $member.Id -Property $Properties -ErrorAction SilentlyContinue | Select-Object $Properties

            # Check if $user is not null before accessing properties
            if ($user.Count -ne 0) {
                # Extract the alias from the UserPrincipalName
                $alias = $user.UserPrincipalName.Split("@")[0]

                # Create an ordered custom object with properties in a specific order
                $Objects = [PSCustomObject][ordered]@{
                    GroupId            = $group.Id
                    GroupDisplayName   = $group.DisplayName
                    GroupType          = $groupType
                    UserDisplayName    = $user.DisplayName
                    UserPrincipalName  = $user.UserPrincipalName
                    UserAlias          = $alias
                    UserType           = $user.UserType
                    UserAccountEnabled = $user.AccountEnabled
                }

                # Add the ordered custom object to the array
                $allUsers += $Objects
            }
        }
    }

    # Update the progress bar
    $currentGroup++
    $status = "{0:N0}" -f ($currentGroup / $totalGroups * 100)

    $progressParams = @{
        Activity        = "Retrieving Group Members"
        Status          = "Processing group: $($group.DisplayName) - $currentGroup of $totalGroups : $status% completed"
        PercentComplete = ($currentGroup / $totalGroups) * 100
    }

    Write-Progress @progressParams
}

# Complete the progress bar
Write-Progress -Activity "Retrieving Group Members" -Completed

# Export all user information to a CSV file
$allUsers | Sort-Object GroupDisplayName | Export-Csv $CsvPath -NoTypeInformation -Encoding utf8

Go to the CSV file in the C:\temp folder. Open the CSV file with an application like Microsoft Excel to see the results.

Export bulk Azure AD group members to CSV file with PowerShell.

The below picture shows a single CSV file with all the Azure AD groups and specifies the GroupType, including the members’ identities (Name, UserPrincipalName, Alias, UserType, AccountEnabled).

Export bulk Azure AD group members to CSV file.

That’s it!

Read more: How to set Employee ID for Microsoft 365 users »

Conclusion

You learned how to export Azure AD group members to a CSV file with PowerShell. There are many options with Microsoft Graph PowerShell compared to the Microsoft Entra admin center for viewing and exporting Azure group members. An excellent way is that you can bulk export all Azure AD groups in your organization and the members’ identities to a single CSV file.

Did you enjoy this article? You may also like Send email with Microsoft Graph PowerShell. Don’t forget to follow us and share this article.

o365info Team

o365info Team

This article was written by our team of experienced IT architects, consultants, and engineers.

X Twitter

What Others Are Reading

This Post Has 13 Comments

  1. The Scripts keeps asking me for credentials for each group, could this have to do with the MFA?

    Reply

    1. It has nothing to do with MFA. I have MFA enabled on the admin account, and it only asks for a credential prompt the first time I connect to Microsoft Graph PowerShell to accept the permissions.

      Try to disconnect Microsoft Graph, restart PowerShell, and try again. Also, update Microsoft Graph to the latest version.

      Reply

  2. Can I have the PowerShell code which has details of owners and members and each name separated by, instead of each row of every user?

    I want to show group XYZ has 12 members and 4 owners to be shown in one row

    Reply

  4. Thank you! The final script (bulk export of all groups and all members) was exactly what I needed. Looked a bit overwhelming at first but it spit out a beautifully formatted CSV. Saving this one for future use.

    Reply

  5. Hello,

    Thx for this here. But if i try to export users from any group i get the message “Group with name ‘Finance’ was not found” What im doing wrong? If i search for the group -> Get-MgGroup -Filter “DisplayName eq ‘Finance'” | fl Id, DisplayName, Description, GroupTypes -> This works and i get information about this group:

    Id : “ID Number”
    DisplayName : Finance
    Description : Finance
    GroupTypes : {Unified}

    I try another group. Same. I dont know what is the problem

    Reply

  7. The above script exports only 100 members from the group. It should export all the members of the group

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *