PowerShell Script to add users to Entra ID Security Group while not processing users already in the group - using MS Graph PowerShell

Question

Hi folks!

I have the following CSV File:

userprincipalname

user1@test.com

user2@test.com

I would like to able to use Microsoft Graph PowerShell to read the contents of this file so each member of the file is added to an Entra ID Security Group. I would like to do this using the new Graph cmdlets (e.g. New-MgGroupMember) and not the older Add-AzureADGroupMember cmdlet.

I would also like the script to bypass any users who are already in the Group. The existing script I have (see below) is using the old AzureAD PowerShell Module. I basically want to update this to use the new Graph PowerShell.

Thanks!

$GroupName = "Test User Group"
$CSVFile = "D:\Temp\Users.csv"
 
#Get users to import from a CSV File
$Users = Import-Csv -Path $CSVFile
 
#Connect to Azure AD
Connect-AzureAD
 
#Get the Group
$Group = Get-AzureADGroup -Filter "SecurityEnabled eq true and MailEnabled eq false and Displayname eq '$GroupName'"
 
#Get Exisiting Members of the Group
$GroupMembers = Get-AzureADGroupMember -ObjectId $Group.ObjectId -All $true | Select -ExpandProperty UserPrincipalName
 
#Add Each user to the Security group
ForEach ($User in $Users)
{
    #Check if the group has the member already
    If($GroupMembers -contains $User.UserPrincipalName)
    {
        Write-host "User '$($User.UserPrincipalName)' is already a Member of the Group!" -f Yellow
    }
    Else
    {
        $UserObj = Get-AzureADUser -ObjectId $User.UserPrincipalName
        Add-AzureADGroupMember -ObjectId $Group.ObjectId -RefObjectId $UserObj.ObjectId
        Write-host "User '$($User.UserPrincipalName)' has been added to the Group!"
    }
}

Accepted Answer

Hi @mark terry
Based on the error you provided; it appears that the particular website is currently unavailable. I will follow up with my internal team. As Andy mentioned, you can refer to the document below to convert your Azure AD commands to Microsoft Graph API commands, such as MgGraph API module. To update your script to utilize the Microsoft Graph PowerShell cmdlets, please follow the structure outlined below.

For further information, please refer to the link provided.
https://learn.microsoft.com/en-us/powershell/microsoftgraph/azuread-msoline-cmdlet-map?view=graph-powershell-1.0&pivots=azure-ad-powershell

$GroupName = "Test User Group"
$CSVFile = "D:\Temp\Users.csv"

#Get users to import from a CSV File
$Users = Import-Csv -Path $CSVFile
 
#Connect to Azure AD
Connect-MgGraph

#Get the Group
$Group = Get-MgGroup-Filter "SecurityEnabled eq true and MailEnabled eq false and Displayname eq '$GroupName'"

#Get Exisiting Members of the Group
$GroupMembers = Get-MgGroupMember -GroupId $Group.Id -All | Select -ExpandProperty UserPrincipalName

# Add Each user to the Security group
ForEach ($User in $Users) {

    # Check if the group has the member already
    if ($GroupMembers -contains $User.userprincipalname) {
        Write-Host "User '$($User.userprincipalname)' is already a Member of the Group!" -ForegroundColor Yellow
    } else {
        $UserObj = Get-MgUser -UserId $User.userprincipalname
        New-MgGroupMember -GroupId $Group.Id -UserId $UserObj.Id
        Write-Host "User '$($User.userprincipalname)' has been added to the Group!"
    }
}

Hope this helps. Do let us know if you any further queries.

Best Regards,
Harshitha Eligeti.

Answer

Try plugging in those commands here to convert:

https://graphpowershell.merill.net/

https://learn.microsoft.com/en-us/powershell/microsoftgraph/azuread-msoline-cmdlet-map?view=graph-powershell-1.0&pivots=azure-ad-powershell

Share via

PowerShell Script to add users to Entra ID Security Group while not processing users already in the group - using MS Graph PowerShell

1 additional answer

Your answer