AzureAD PowerShell Check if user is member of group

by A.K.in azure ad powershell, commonon Posted on

The estimated reading time 2 minutes

Today I want to show a small function which just checks whether an user is member of a group or not. This may be helpful if you want to check user inside a azure ad powershell script.
Normally the script (if all parameters are set correctly) the script return TRUE or FALSE.

Whats the ability of the function:
1. Returns True or False if an user is member of a group or not
2.Checks if the user entered exists in AzureAD (if not error)
3.Checks AzureAD Groups exists and can be identified by entered string (if not error)

Before using this function you need to connect to Azure AD via Powershell, see this link:
https://docs.microsoft.com/en-us/microsoft-365/enterprise/connect-to-microsoft-365-powershell?view=o365-worldwide

Install-Module -Name AzureAD
Import-Module  AzureAD
Connect-AzureAD

After connecting successfully you are able to use this function like this:

If the function is able to find a group and an user, it will return “true” or “false”

The code:

function Check-UserInAzureGroup {
    [CmdletBinding()]
    param (
      [Parameter(
          Mandatory=$true,
      Position=0)]
      [ValidateNotNull()]
      [string] $upn,
      [Parameter(Mandatory=$true)]
      [ValidateNotNull()]
      [string] $groupname
    )
    $user = "$upn"
    $group = "$groupname"
    #check if the user exists in azure ad
    $azureaduser = (Get-AzureADUser -ObjectId "$user" -ErrorAction SilentlyContinue).count 
    #if variable azureaduser is 1 user exists
    if($azureaduser -eq 1){
                #creating array
                $memberof = @()
                #Check if groupname is unique
                $uniquegroup = (Get-AzureADGroup -SearchString "$group").count
                if(($uniquegroup -eq 0) -or ($uniquegroup -gt 1)){
                #there was no group or more than one group    
                return Write-host "Error: please specify an groupname that is unique identical or groupname was not found!" -ForegroundColor Red   
                }
                else{
                    #one unique group found, get objectid of group
                    [string]$azureadgroupobjid = Get-AzureADGroup -SearchString "$group" | select ObjectId -ExpandProperty ObjectId
                    #get groupmembership of user (objectids) 
                    [string]$memberof = Get-AzureADUserMembership -ObjectId "$user" | select ObjectId -ExpandProperty ObjectId
                    #match objectid of group in memberof
                    If ($memberof -match $azureadgroupobjid) {
                        return $true
                    } Else {
                        return $false
                    }
                }
            }
            else{
                #upn does not exist
                return Write-Host "Please check UserPrincipalName, Azure AD User not found!" -ForegroundColor Red
            }
 }

How to use this function? Just start a PowerShell and paste the whole function.

Have fun with my little function and I’m looking forward for some comments or maybe feature requests. If you found this helpful please click the button helpful. Thanks for your feedback

Print Friendly, PDF & Email
Was this article helpful?
YesNo

Post author

Avatar photoWritten by
0 0 votes
Article Rating
Subscribe
Notify of
guest
1 Kommentar
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
alex
alex
1 year ago

Useful script, I was getting unreliable results back from the

[string]$memberof = Get-AzureADUserMembership -ObjectId “$user”

changing this line to:

[string]$memberof = Get-AzureADUserMembership -ObjectId “$user” -All $true

improved the results returned

0
Reply