The script can be found in ICT Documents - Export User Groups AD and AAD - All Documents
Azure AD and Active Directory User Membership Script - Usage Instructions
Overview
This script retrieves and reports a user's group memberships from both on-premises Active Directory and Microsoft 365 (Azure AD). It uses the Microsoft Graph API instead of the deprecated AzureAD module.
Prerequisites
- PowerShell 5.1 or higher (preferrable PowerShell 7)
- Internet connection to access Microsoft Graph
- Connection to your domain (for on-premises AD queries)
- Permissions to read user and group data
Basic Usage
- Save the script to a location of your choice (e.g., C:\Scripts\Azure-AD-User-Membership-MSGraph.ps1)
- Open PowerShell as a regular user (administrative rights not needed for the script itself)
- Navigate to the script location:
- cd C:\Scripts
- Run the script:
- .\Azure-AD-User-Membership-MSGraph.ps1
- Provide the required parameter:
- UserToSearch: The username of the account you want to check (e.g., jsmith)
Parameter Options
The script accepts three parameters:
- UserToSearch(mandatory):
- The username of the account to check (e.g., sAMAccountName)
- This can be entered when prompted or specified when running the script:
- .\Azure-AD-User-Membership-MSGraph.ps1 -UserToSearch jsmith
- AdminAccount(optional):
- The email address of an admin account to use for Microsoft Graph authentication
- Example:
- .\Azure-AD-User-Membership-MSGraph.ps1 -UserToSearch jsmith -AdminAccount admin@yourdomain.com
- ExportPath(optional):
- The folder path where the output file will be saved (defaults to C:\Temp)
- Example:
- .\Azure-AD-User-Membership-MSGraph.ps1 -UserToSearch jsmith -ExportPath "C:\Reports"
Output Files
- Group Membership Report:
- Location: [ExportPath]\[UserToSearch]_GroupMembership.txt (location defaults to C:\Temp)
- Example: C:\Temp\jsmith_GroupMembership.txt
- Contents: List of all AD and Azure AD groups the user belongs to
- Location: [ExportPath]\[UserToSearch]_GroupMembership.txt (location defaults to C:\Temp)
- Log File:
- Location: [ExportPath]\UserMemberships_Log_[Date_Time].txt
- Example: C:\Temp\UserMemberships_Log_20250313_110354.txt
- Contents: Detailed log of the script's execution
Authentication Notes
- When run, the script will prompt for authentication to Microsoft Graph
- A browser window will open for you to sign in with your Microsoft 365 credentials
- The account used needs sufficient permissions to read user and group information
- To use a specific admin account, use the -AdminAccount parameter
Troubleshooting
- If the script fails to retrieve Azure AD groups, check your Microsoft 365 permissions
- If on-premises AD groups are missing, ensure you're connected to the correct domain
- Consult the log file for detailed error messages and execution flow
- The script automatically handles common errors and will continue with partial results if possible