Export Office 365 Groups a User is Member Of Using PowerShell

The Office 365 users are included in the necessary organization groups to get the messages, access, and accomplish their tasks on timeThe Administrators are the in-charge of including the Office 365 users in the organization groups. Sometimes, the users will be volunteering to join specific groups to upgrade themself.  With the changing work culture, the administrators will have to know the users’ membership details daily. It will help the administrators in many ways, like assigning, granting permissions, and approving and rejecting access to the application and device.  

As an admin, you might have used a group membership report or distribution group members report to identify groups and their members. But there are few situations in which you want to list users and their groups. If you are one of them, then this blog is for you! 

 

Why Administrator Need to Know Groups a User is Member Of? 

  1. It is essential to know whether the employees are only in the right groups and getting all group information they are associated with.  
  2. Adding, removing, and managing the users to the groups are the critical tasks of the administrators. Having the “user member of” report readily, the admin can provide approval, reject, or limited access to the requestor.  
  3. Based on the user membership report, admins maintain the security of the groups among different departments.  
  4. With this report, the admin can retain all groups a disabled user is a member of. This will help the admin in granting or removing the group access efficiently. 

 

How to View the List of Groups a User is Member Of? 

Viewing in User Profile: By clicking the user’s profile in the Microsoft 365 admin center, under the ‘Groups‘, you can see the list of group names the user is associated with. Same way, in the AzureAD portal, on clicking the ‘Groups’ under ‘Users’, you can see the user membership details. Using the user profile will not be suitable while we need to process huge users. 

Using PowerShell: Get-AzureADUserMembership will return the list of groups the user is a member of. But to get a nicely formatted report, administrators need to use multiple cmdlets. It will be time and effort-consuming to get a detailed report with numerous filtering options 

So, we designed the PowerShell script to support the administrators in saving time, effort and deliver a reliable user membership report.  

 

Script Highlights:
  1. Generates 12 different user membership reports.
  2. Automatically Installs AzureAD Module upon your confirmation when it is not available in the system.  
  3. Supports both MFA and Non-MFA accounts.  
  4. Allow to use filter to get guest users and their membership alone. 
  5. Allow to use filter to get disabled users’ membership. 
  6. Helps to identify users who are not member of any groups. 
  7. Exports report result to CSV.
  8. Scheduler-friendly. You can automate the report generation upon passing credential as parameters.

 

Download Script: UserMembershipReport.ps1

 

Sample Output: 

The exported user membership report looks similar to the below screenshot.

List groups a user is member of

 

The exported report has the attributes like, Display Name, Email Address, Group Name(s), License Status, Account Status, Department, and Roles. 

Note: The report doesn’t include dynamic distribution group members details, as it requires different modules and cmdlets. 

 

Export AzureAD Users’ Membership Report – Script Execution

The script gives the aggregated report of the users membership details to the adminsAt the end of the execution, you will be notified with the retrieved user count for the specified condition. You can choose any one of the below methods based on your requirement.

 

Find All the Office 365 Groups a User is a Member Of 

This script’s standard format will get the list of groups an Office 365 user is a member of and export them to the CSV file.  

The above format is used for the both non-MFA and MFA-enabled accounts 

 

Get Group Membership for a List of Users (Input through CSV) 

Based on the organizations’ nature, the employees are shifted to various departments. Technically, these employees’ department-specific groups access should be activated or terminated as soon as they join or leave the department. So, the privacy of the group data is guaranteed. With the list of employees falling under this category, the admin will identify whether the assigned groups to the user is valid or not and proceed with adding or removing them from the group.  

The administrator can provide the UserPrincipalName or User ObjectId as the input (reference below). 

Sample Input: 

UserMembershipReport

 

Find Guest User Account and their Membership Details 

The admins invite guest users to start thcollaboration with the organization. Using the report, the admin works on identifying the guest users’ group details and includes them to specific groups that promote organization growth. Also, with reference to this report, administrators can remove guest account from specific group(s).  

The GuestUsersOnly param helps to get guest user and their group membership details. 

Additionally, you can visit the Guest User Report blog to get more detailed guest user report.

 

Get the Disabled Users’ Membership Report 

Most organizations maintain the former employee’s data in the name of disabled users. Their data are retained for future references. Having this report readily, the administrators can remove group membership of disabled accounts.  

By adding the ‘DisabledUserOnly’ param, the admin can get the group membership of disabled user accounts.

 

Retrieve Office 365 Users Who are not a Member of Any Group 

In the organization, there will be newly joined employees. So, they will not be added to any groups. Using our report, the administrators will identify them and add them to the necessary groupsAlso, there will be restricted users like internship students, contract employees, blocked or unauthorized users, and non-staffs. They will not be included in any groups related to the organizations as their access scope is minimal. Using our report, administrators make sure they are not into any organizational groups.  

Running script with ‘UsersNotinAnyGroup switch, you will get users with no group membership. 

 

Get Scheduled Office 365 User Membership Report 

To schedule the PowerShell script, you can use the task scheduler by explicitly mentioning the credential. 

To use the non-MFA admin accounts, try the format below. 

If the admin account has MFA, then they can’t use it directly for scheduling. Instead, you have to disable MFA based on Conditional Access Policy to make it work. 

 

Get Office 365 Groups a User is Member of Report – More Use Cases 

We provide you with the options to try the different criteria combinations when looking for satisfactory and direct reports.  

  

To get the list of group membership details for the disabled guest users:  

 

To get the disabled guest users who are not a member of any group:  

  

To retrieve the group membership for the guest users available in the input file  

 

To retrieve the group membership for the disabled users available in the input file 

  

To list the group details for the disabled guest users from the specified users:  

  

To filter out disabled guest users who are not member of any group from the list of users (or) try as you wish 

 

Get More Detailed User Membership Report:

If you are tired of manually executing the PowerShell script and looking for the easiest way to generate Microsoft 365 reports, then take a look at Microsoft 365 reporting tool by AdminDroid.

AdminDroid provides the following users’ group membership report,

  • User membership report – Shows all the Office 365 groups a user is member of.
  • Contact membership report – Lists all the groups the contact is member of.
  • External users’ group membership report – Shows external users and their groups.
  • Admin role group report – Lists all the administrators along with their role group.

Additionally, AdminDroid provides 950+ pre-built reports and 20 visually appealing smart dashboards on various Office 365 services like Azure AD, Exchange Online, SharePoint Online, Microsoft Teams, OneDrive for Business, Skype for Business, Yammer, General Office 365 reports, and security reports.

AdminDroid Office 365 Reporting Tool

 

Besides, AdminDroid Offers over 100+ reports and a handful of dashboards completely for free. It includes reports on Users, Licenses, Groups, Group Members, Devices, Login Activities, Password Changes, License Changes, and more. You can do customization, scheduling, and exporting. You can download Free Office 365 reporting tool by AdminDroid and see how it helps you.

The administrators are often requested to perform user membership changes by adding or removing users from the groups. Proper maintenances of the user membership will give the benefits of the following key purpose.

  • Sharing group information with the right users,
  • secure data from the random audience,
  • Keep restricted users away from the group

We hope our user membership report will help the admins to meet their needs effectively and smartly.