In this tutorial, I am going to show you how to use the Microsoft Graph PowerShell SDK to create a CSV report of all Microsoft 365 groups and their group members.
The script to export the group members is fairly simple and will provide you with basic information on the members of each group. By exporting to a CSV, it will allow you to manipulate the results in a program of your choice, likely notepad or Excel.
Pre-requisites
In order to run the group membership report script you need to have the Microsoft Graph SDK module installed. Start by checking out my tutorial on how to install the Microsoft Graph PowerShell SDK.
You will also need to ensure you are, at a minimum, have been assigned the ‘groups admin’ role in Microsoft 365. Otherwise, if you are using a global administrator account, that will work too.
Using Get-MgGroupMember
In this script, as we are using the Microsoft Graph PowerShell SDK, we will be utilising the Get-MgGroupMember cmdlet, which resides inside the Microsoft.Graph.Groups module. This cmdlet will allow us to extract all of the members of each group by including it in a loop through each group.
When calling the Get-MgGroupMember cmdlet, you can only parse the -GroupId parameter into the command to define the group from which you want to extract the members from. However, you first must know the Id of the group you wish to target.
For example:
Get-MgGroupMember -GroupId 51be3588-cd09-4818-9aa3-247bf2bcb549
or if you have already stored your group inside a variable:
$group = Get-MgGroup -Filter "DisplayName eq 'U.S. Sales'"
Get-MgGroupMember -GroupID $group.id
To find the Id of your target group, you can use the Get-MgGroup cmdlet to view all groups in your organisation. If you have many groups, you can filter the results of Get-MgGroup by using various parameters such as -Filter, -Search and Where-Object, as I have done above. more details can be found in my tutorial How To Use Get-MgUser with Microsoft Graph PowerShell, although the tutorial goes into the Get-MgUser cmdlet, the same concepts apply to Get-MgGroup.
Unfortunately, the results of running Get-MgGroupMember are simply a list of user Id’s, which is not meaningful to us humans, unless we can extract the DisplayName or UserPrincipalName from each Id, which we care more about.
This is because the Get-MgGroupMember cmdlet extracts useful user information, such as the DisplayName and UPN, into an array in the AdditionalProperties property.
To view more meaningful information about our users, we can store our results in a variable and then pull the AdditionalProperties of our users into an Array.
$users = Get-MgGroupMember -GroupID $group.id
[array]$UserData = $users.AdditionalProperties
In the case of the above commands, once run, you can enter $UserData in your command line to view the results. Or to limit the results to a specific attribute like the display name, you can enter $UserData.displayName.
Create a M365 group membership report with Microsoft Graph PowerShell
Now, let’s take a look at the full script. I have commented the script out so it should be easy to follow. You can either package the script into a .ps1 file and run it, or just copy it directly from my site and paste it into the command line.
You can also view this on my GitHub.
#Check for groups module and install if required
if (Get-Module -ListAvailable -Name Microsoft.Graph.Groups) {
}
else {
Install-Module -Name Microsoft.Graph.Groups -Scope CurrentUser -Force
Write-Host "Microsoft Graph Authentication Installed"
}
#Import Module
Import-Module Microsoft.Graph.Groups
#Connect to organization
Connect-MgGraph -Scopes Group.Read.All, GroupMember.Read.All
#Create report object
$Report = [System.Collections.Generic.List[Object]]::new()
#Find all Groups
$GroupList = Get-MgGroup
#Loop through each group
ForEach ($group in $GroupList){
#Create variable for friendly group name output
If ($group.GroupTypes = "Unified") {
$grouptype = "Microsoft 365 Group"
}
#Store all members of current group
$users = Get-MgGroupMember -GroupID $group.id -All
#Store members information
[string]$MemberNames
[array]$UserData = $users.AdditionalProperties
[string]$MemberNames = $UserData.displayName -join ", "
#Add group and member information to report
$ReportLine = [PSCustomObject][Ordered]@{
"Group Name" = $group.DisplayName
"Group Type" = $grouptype
"Group Members" = $MemberNames
}
$Report.Add($ReportLine)
}
#Export report to CSV
$Report | Export-CSV -NoTypeInformation C:\temp\report.csv
Here is the expected result of the script. It will simply produce the results into a CSV file so you can manipulate the data.
Summary
This is a very basic script which will pull the member’s display names into a CSV file. The aim is to be able to neaten this information up in an Excel file before providing it to an end user for manual review. Of course, now there are more advanced ways of reviewing group memberships in Microsoft 365, but sometimes, the tried and tested work best.
This is exactly what i was looking for, Thank you!
I have a team with more than 1000 members. Max value og pagesize is 999.
How can I get all the members?
I have updated the script for you by putting -All on the Get-MgGroupMember cmdlet which will list all pages 🙂