Export Office 365 Admin Role Report using PowerShell

The admins in the tenant are responsible for all the users, devices, applications, and whatnot. You name it, and there should be an administrator to manage and monitor it. To be simple, the administrators are the solution providers of the company.  

Many different admin roles for each administration purpose will help the company to track, monitor, and support the people and resources that belong to the company.   

With the dynamic changes in the administrative members, the administrator’s head will need to generate administrator reports regularly. This report will play a priority role in knowing and managing the administrators. 

To get the default Office 365 admin role member, we have two methods.  

  1. Admin center: You can use either Azure Active Directory admin center or Microsoft 365 admin center. Generally, the user’s profile will list the roles he/she plays and vice versa 
  2. PowerShellGet-MsolRole and Get-MsolRoleMember cmdlets will give Administrators and Azure active directory Administrator Roles details 

But as an Administrator, you will face many challenging queries in handling the Administrative roles like, 

  1. How to get all the office365 administrator roles with its Administrator?  
  2. How to retrieve large-scale tenant’s Office365 Administrative Roles 
  3. How to get all the Office365 Admins? 
  4. How to export the Admin Report to CSV file 

The AdminReport.ps1 script is the best answer for all these effort-consuming and never-ending repeated tasks. We are providing the customizable and admin-friendly script to upscale or downscale the admin report wisely. 

Download Script: AdminReport.ps1

 

Script Highlights: 
  • Automatically installs MSOnline module (if not installed already) upon your confirmation. 
  • It supports MFA-enabled admin accounts too.
  • With a simple execution format, you can achieve all admins’ report and role-based admin report.
  • Helps to find admin roles for a specific user(s).
  • Helps to get all admins with a specific role(s).
  • The script is scheduler-friendlyWith the UserName and Password parameters, you can schedule the report generation.
  • Exports the result to file in the CSV format and also opens the CSV on confirmation.

 

Office 365 Admin Report – Script Execution:

Since the script supports multiple use-cases, you can adopt any one of the below methods as per your business needs.

Export Office 365 Administrator Report: 

By default, the script delivers all the admins and their assigned management roles. To get admin report, run the script as follows.

This format will help in encountering both MFA enabled and Non-MFA admin accounts. 

Sample Output:

get All admin in Office 365 PowerShell

In the exported report, we have displayed attributes like Admin NameAdmin Email AddressRole NameLicense StatusSignIn Status. It is up to you to customize your report attributes as per your business needs.  

 

Get Office 365 Admin Roles and the Members: 

Next, as an administrator, we know you will be interested on the Azure Active Directory Administrator Roles-based report. We have geared up the script to deliver the roles report also. 

Using the -RoleBasedAdminReport switch, you will achieve the Azure active directory roles report with  associated administratorsIf the report doesn’t show the role, it means that role doesn’t have the administrator. To get role based admin report, execute the script as follows:

Sample Output:

The admin role group members report looks similar to the below screenshot.

Office 365 admin role group member report

 

Get Azure AD Roles for a User: 

You need to provide the UserPrincipalName to find the management roles assigned to the user. This report will replace the multiple executions of Get-MsolRole and Get-MsolRoleMember for every single admin in the tenant. To identify the roles assigned to the user(s), run the script with -AdminName param.

Sample Output:

Get Microsoft 365 admin and roles

 

List all Admins of a Specific Role: 

Like the ‘AdminName,’ you can provide the role names in the –RoleName parameter. The script will give you the administrators for the given role(s). If there are no administrators for the specified role, the report will skip that. 

Sample Output:

Office 365 admin role report PowerShell

 

List all Global Administrators in Office 365 Tenant:

How to find what users have been assigned as global admins? 

To deal this right, you can use the RoleName param with ‘Company Administrator’.

The exported report shows all the global admins in your tenant.

 

Get Scheduled Office 365 Admin Report:

To schedule this script, you can use task scheduler by explicitly mentioning the credential. Take a look at the below format to get the scheduled Admin Report.

To know more about scheduling PowerShell script, refer our blog: Schedule PowerShell script using Task Scheduler. 

 

What do you think of having the script with minimal chances of erroneous test data? And what do you feel about having the in-built error handler in the script itself? We have addressed the surprise and well-known errors for you. They are “AdminName or RoleName not found” errors. Don’t worry! The script won’t panic you with dumps of error messages. When you feed the incorrect email address or role name, the script will direct you to correct them with an appropriate error message.

 

We hope this article helped you in finding the solutions for the administrative roles. Download the script to unlock the Administrative Roles-related queries in your mind.