In this post we will discuss on how to import members to an Azure Active Directory group easily using PowerShell.
Table of Contents
Sometimes importing multiple members to Azure AD requires significant amount of work like exporting CSVs, using templates etc.. An easy and convenient way to import members to an Azure AD group is via PowerShell and Azure AD module.
For the PowerShell script we are going to use the Add-AzureADGroupMember cmdlet. This command needs two parameters to function, one depicting the group into which the member is going to be added, and another depicting the member that is going to be added.
What we also need for the above cmdlet to work are the object IDs of the elements. For the devices we are going to use the Get-IntuneManagedDevice (to get the device id) and the Get-AzureADDevice (to get the device objectID). Finally the Get-AzureADGroup cmdlet will give us the group ObjectID.
Below two scripts can be found, one using device name to identify the device and one using serial numbers.
Azure Active Directory Group Creation
Lets create a test group to import our devices.
In the Overview pane of the group we can find the Object ID of the group.
Import members using Device Name
The script to import devices to a group using device name is shown below:
Connect-AzureAD
Connect-MSGraph
$devices = Get-Content -Path "C:\Users\Public\devicesNames.txt"
$group = Read-Host -Prompt "Give the group name: "
try{
$groupObjectID = (Get-AzureADGroup -SearchString $group | select objectID).objectID
Write-Host "Group Object ID: $groupObjectID"
}
catch{
Write-Output "Azure AD Group does not exist or insufficient right"
Start-Sleep -Seconds 3
exit
}
foreach ($device in $devices){
Write-Host "-------------------------"
Write-Host "Going to import device: $device"
$AzureDevice = Get-IntuneManagedDevice -Filter "deviceName eq '$device'"
if ($AzureDevice -ne $null){
$AzureADID = $AzureDevice.azureADDeviceId
Write-Host "Device AzureAD ID: $AzureADID"
$DeviceObjectID = (Get-AzureADDevice -Filter "deviceId eq guid'$AzureADID'" | select objectID).objectID
Write-Host "Device Object ID: $DeviceObjectID"
}
else{
Write-Output "Device does not exist"
continue
}
$isDeviceMemberOfGroup = Get-AzureADGroupMember -ObjectId $groupObjectID -All $true | Where-Object {$_.DisplayName -like "*$($device)*"}
if($isUserMemberOfGroup -eq $null) {
Write-Host "Adding the device $device to group $group"
Add-AzureADGroupMember -ObjectId $groupObjectID -RefObjectId $DeviceObjectID
}
else{
Write-Host "Device already member"
}
}Import members using Serial Numbers
The script to import devices to a group using device serial is shown below:
Connect-AzureAD
Connect-MSGraph
$serials = Get-Content -Path "C:\Users\Public\devicesSerials.txt"
$group = Read-Host -Prompt "Give the group name: "
try{
$groupObjectID = (Get-AzureADGroup -SearchString $group | select objectID).objectID
Write-Host "Group Object ID: $groupObjectID"
}
catch{
Write-Output "Azure AD Group does not exist or insufficient right"
Start-Sleep -Seconds 3
exit
}
foreach ($serial in $serials){
Write-Host "-------------------------"
$AzureDevice = Get-IntuneManagedDevice -Filter "serialNumber eq '$serial'"
$AzureDeviceName = $AzureDevice.deviceName
Write-Host "Going to import device: $AzureDeviceName"
if ($AzureDevice -ne $null){
$AzureADID = $AzureDevice.azureADDeviceId
Write-Host "Device AzureAD ID: $AzureADID"
$DeviceObjectID = (Get-AzureADDevice -Filter "deviceId eq guid'$AzureADID'" | select objectID).objectID
Write-Host "Device Object ID: $DeviceObjectID"
}
else{
Write-Output "Device does not exist"
continue
}
$isDeviceMemberOfGroup = Get-AzureADGroupMember -ObjectId $groupObjectID -All $true | Where-Object {$_.DisplayName -like "*$($AzureDeviceName)*"}
if($isUserMemberOfGroup -eq $null) {
Write-Host "Adding the device $AzureDeviceName to group $group"
Add-AzureADGroupMember -ObjectId $groupObjectID -RefObjectId $DeviceObjectID
}
else{
Write-Host "Device already member"
}
}References and documentation:
Check the below posts to find out more interesting relevant topics: