I found this code, but it doesn’t return enough information.
The module seems to install okay but neither list returns anything near the correct quantity of groups…why??
# First steps
Install-Module AzureAD
Import-Module AzureAD
Connect-AzureAD
# Synchronized groups
# Get all groups synchronized from on-premises AD
$adGroups = Get-AzureADGroup | Where-Object { $_.DirSyncEnabled -eq $true }
# Export the list to a CSV file, please change the Path to the location you want to save the file
$adGroups | Select-Object DisplayName, Description | Export-Csv -Path "C:\ADGroups.csv" -NoTypeInformation
# Entra-only groups
# Get all Entra-only groups
$cloudGroups = Get-AzureADGroup -All $true | Where-Object { $_.DirSyncEnabled -eq $null }
# Export the list to a CSV file, please change the Path to the location you want to save the file
$cloudGroups | Select-Object DisplayName, Description, Mail, GroupTypes | Export-Csv -Path "C:\path\to\your\file.csv" -NoTypeInformation
Hi Tom. Please remember to format your code using the “Preformatted Text” button, often hiding behind the gear icon. This will make it easier to read.
You said this doesn’t return the correct quantity, but how do you know it’s not the right quantity? How can you tell what’s missing? If you know there are missing groups maybe you can find a common attribute that might help you understand the difference.
The first instance of Get-AzureADGroup pipes to Where-Object where it’s then returning only groups where DirSyncEnabled is equal to true. Then it’s exporting it to “C:\ADGroups.csv”. The second instance of Get-AzureADGroup pipes to Where-Object and only returns groups where DirSyncEnabled is equal to null. This one seems potentially problematic. It then exports those to “C:\Path\To\Your\File.csv” which I hope you’ve updated on your end to an actual path.
It looks like the intent is to get all of the AD Groups from Azure that were synced from on-prem AD, and then all of the groups from Azure that were not synced. Exporting them separately.
This will not return any on-prem only groups. Is that what’s missing?
Your title says “User lists” but this is dealing specifically in groups, rather than users. Is that the issue?
I fixed the topic and the formatting.
Correct quantity of synced hybrid AD groups should be 1500 or more…I know from looking at Entra.
The null in the 2nd instance should return all the Entra-only groups because they don’t sync with Active Directory.
Goal is to get all groups synced to Entra from on-prem AD and then all groups that are in Entra only and not in on-prem AD.
Thank you, Tom