Need Help with Entra Nested Group Function in Azure

By
William Rossbach
-
0
2
Asked By QuirkyPenguin93 On

I'm working on a script to collect Azure Group IDs assigned to Azure SAAS Applications or Conditional Access Policies. Currently, I'm exporting a list of user details (just email addresses for testing). The script successfully retrieves Group ID details from the application or CA policy. However, when I try to gather members assigned to these groups, including users from nested groups, the count of users returned is only about a quarter of what Entra indicates should be in the groups. I'm not sure if there's a logic error in my function or if some part of the data is being overwritten, preventing the return of all users.

1 Answer

Answered By TechieTom123 On

It looks like you might need to consider using a `switch` statement for better handling of your group members. Instead of using `+= $SubUsers`, which can slow things down, try something like this:

```powershell
Function GetAzureADMembers {
Param([Parameter(Mandatory = $True)]$AzureGroupID)
$GroupInfo = Get-MgGroup -GroupId $AzureGroupID
$SubGroupMembers = Get-MgGroupMember -GroupId $AzureGroupID
foreach ($SingleMember in $SubGroupMembers) {
switch ($SingleMember) {
{ $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.user' } { [PSCustomObject]@{ Name = $_.AdditionalProperties.displayName; Mail = $_.AdditionalProperties.mail } }
{ $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.group' } { GetAzureADMembers -AzureGroupID $SingleMember.id }
Default { [PSCustomObject]@{ Name = $_.Id; Mail = 'UNKNOWN' } }
}
}
}
```

This approach is more efficient and might help with your returning users. I tested it and it should work similarly with your Entra functions—just remember the correct object paths!

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.