How to assign members from one group to another in Azure Active Directory.

I found it surprising when I started with Azure Active Directory that there was no support for nested groups. No worries, PowerShell to the rescue!

First off you need to install the Azure Active Directory PowerShell module from the Powershell Gallery.

Open PowerShell as Administrator and execute the following command:

Install-Module -Name AzureAD

Accept the NuGet Provider.

Accept the Untrusted repository.

When the AzureAD package is installed we need to connect to our Azure Active Directory tenant.

Execute:

Connect-AzureAD

This will present a popup for you to connect to your Azure Active Directory. Sign in with your admin credentials.

After you have signed in, a confirmation will appear in your powershell window.

When working with groups and users in Azure Active Directory you need to retrieve the ObjectId assigned to it. The ObjectId is unique to every group and user. So first off we need to find the ObjectId for the group we want to retrieve users from.

Execute:

Get-AzureADGroup -Filter "DisplayName eq 'Your Group Name Here'"

This will return the ObjectId like this

Now we need do the same for the group that we want to assign the users to. Execute the same command from above to find the ObjectId.

ProTip: You can also find the ObjectID in Azure Active Directory -> Groups -> Your Group Name on portal.azure.com

Now that you have both ObjectId we need to make variables and one foreach loop to retrieve and assign each  user, if not only the first user will be retrieved. You can also make this in to a script.

$FromGroup = “Your ObjectId” <- Variable with the ObjectId for the group you want to retrive users from.

$ToGroup = “Your ObjectId” <- Variable with the ObjectId for the group you want to add users to.

$Members = Get-AzureADGroupMember -All 1 -ObjectId $FromGroup <- Variable to retrieve the ObjectId for every user inside the group you want to reterive users from.

Foreach ($Member in $Members) {
    Add-AzureADGroupMember -ObjectId $ToGroup -RefObjectId $Member.ObjectId
}

Forech loop to retrieve every ObjectId  from the $Members variable to the group you want to assign users to.

When executing this it will take some time to finish depending on how many members the group has.

You can download the script from my GitHub repository.

Leave a Comment

Your email address will not be published. Required fields are marked *