The admins in the tenant are responsible for all the users, devices, applications, and whatnot. You name it, and there should be an administrator to manage and monitor it. To be simple, the administrators are the solution providers of the company.
Many different admin roles for each administration purpose will help the company to track, monitor, and support the people and resources that belong to the company.
With the dynamic changes in the administrative members, the administrator’s head will need to generate administrator reports regularly. This report will play a priority role in knowing and managing the administrators.
To get the default Office 365 admin role member, we have two methods.
- Admin center: You can use either Azure Active Directory admin center or Microsoft 365 admin center. Generally, the user’s profile will list the roles he/she plays and vice versa
- PowerShell: Get-MsolRole and Get-MsolRoleMember cmdlets will give Administrators and Azure active directory Administrator Roles details. But with Azure AD PowerShell module deprecation, admins must switch to MS Graph and use new cmdlets like Get-MgDirectoryRoleMember, Get-MgUserMemberOf, etc.
Additionally, as an administrator, you will face many challenging queries in handling the Administrative roles like,
- How to get all the office365 administrator roles with its Administrator?
- How to retrieve large-scale tenant’s Office365 Administrative Roles?
- How to get all the Office365 Admins?
- How to export the Admin Report to CSV file?
The AdminReport.ps1 script is the best answer for all these effort-consuming and never-ending repeated tasks. We are providing the customizable and admin-friendly script to upscale or downscale the admin report wisely.
Download Script: AdminReport.ps1
Script Highlights:
- The script uses MS Graph PowerShell and installs MS Graph PowerShell SDK (if not installed already) upon your confirmation.
- It supports MFA-enabled admin accounts too.
- It can be executed with certificate-based authentication (CBA) too.
- With a simple execution format, you can achieve all admins’ report and role-based admin report.
- Helps to find admin roles for a specific user(s).
- Helps to get all admins with a specific role(s).
- The script is scheduler-friendly.
- Exports the result to file in the CSV format and also opens the CSV on confirmation.
Office 365 Admin Report – Script Execution:
Since the script supports multiple use-cases, you can adopt any one of the below methods as per your business needs.
Export Office 365 Administrator Report:
By default, the script delivers all the admins and their assigned management roles. To get admin report, run the script as follows.
|
1 |
.\AdminReport.ps1 |
This format will help in encountering both MFA enabled and Non-MFA admin accounts.
Sample Output:
In the exported report, we have displayed attributes like Admin Name, Admin Email Address, Role Name, License Status, Sign-in Status. It is up to you to customize your report attributes as per your business needs.
Get Office 365 Admin Roles and the Members:
Next, as an administrator, we know you will be interested on the Azure Active Directory Administrator Roles-based report. We have geared up the script to deliver the roles report also.
Using the -RoleBasedAdminReport switch, you will achieve the Azure active directory roles report with associated administrators. If the report doesn’t show the role, it means that role doesn’t have the administrator. To get role based admin report, execute the script as follows:
|
1 |
.\AdminReport.ps1 -RoleBasedAdminReport |
Sample Output:
The admin role group members report looks similar to the above screenshot.
Get Azure AD Roles for a User:
You need to provide the UserPrincipalName to find the management roles assigned to the user. This report will replace the multiple executions of Get-MsolRole and Get-MsolRoleMember for every single admin in the tenant. To identify the roles assigned to the user(s), run the script with -AdminName param.
|
1 |
.\AdminReport.ps1 -AdminName chris@contoso.com,karol@contoso.com |
Sample Output:
List all Admins of a Specific Role:
Like the ‘AdminName,’ you can provide the role names in the –RoleName parameter. The script will give you the administrators for the given role(s). If there are no administrators for the specified role, the report will skip that.
|
1 |
.\AdminReport.ps1 -RoleName “Helpdesk Administrator,Service Support Administrator" |
Sample Output:
List all Global Administrators in Office 365 Tenant:
How to find what users have been assigned as global admins?
To deal this right, you can use the –RoleName param with ‘Company Administrator’.
|
1 |
.\AdminReport.ps1 -RoleName “Company Administrator" |
The exported report shows all the global admins in your tenant.
Execute ‘Office 365 Admin Report’ PowerShell Script with Certificate:
To run the script in an unattended manner, certificates can be used. Depending on your needs, you can use either a CA or create a self-signed certificate (which is more cost-effective). To execute the script with certificate-based authentication, you can use the following format:
|
1 |
.\AdminReport.ps1 -TenantId <TenantId> -ClientId <ClientId> -CertificateThumbprint <Certthumbprint> |
You can also use the above format to run the PowerShell script as scheduled task in Windows Task Scheduler.
Note: It is necessary to register an app in Azure AD before using CBA. For information on registering Azure app and certificates, you can refer to the connect MS Graph with certificate blog. Depending on your needs, you can manually follow the steps or automate the process using a pre-made script.
Get More Detailed Reports on Office 365 Admins and Roles:
Since admins have the high privilege and access to sensitive data, it’s recommended to track admins and their activities to keep your organization’s data more secure. To manage admins efficiently, AdminDroid Office 365 reporting tool provides the following reports.
- All admins report
- Admin roles by users
- Admins with passwords never expire
- Admins without MFA
- Recently created admins
- Audit newly added admins based on each role
- Audit admin activities report
- Track admin login failures
- Admin role changes etc.
Additionally, AdminDroid offers a ‘ReportBoard’ feature that helps to manage and track admin details and activities more efficiently. The ‘Admin ReportBoard’ includes 80+ admin reports that are easily accessible for your convenience.
AdminDroid Microsoft 365 reporter goes above and beyond by providing not only the ReportBoard but also a wide range of pre-built reports and smart dashboards. These reports and dashboards cover various Office 365 services, including Azure AD, Exchange Online, SharePoint Online, Microsoft Teams, OneDrive for Business, Skype for Business, Yammer, General Office 365 reports, and security reports. In total, there are over 1800 pre-built reports and 30+ smart dashboards available to meet your needs.
Besides, Free Office 365 reporting tool by AdminDroid Offers over 120+ reports and a handful of dashboards completely for free. It includes reports on Users, Licenses, Groups, Group Members, Devices, Login Activities, Password Changes, License Changes, and more. You can do customization, scheduling, and exporting.
Download AdminDroid Microsoft 365 management tool and see how it helps you manage your M365 environment.
We hope this article helped you in finding the solutions for the administrative roles.
