Azure AD Group Reference - PowerShell

Overview

Azure AD groups are fundamental for organizing users and managing access to Azure resources. PowerShell provides a powerful set of cmdlets to create, manage, and query these groups efficiently.

This documentation covers cmdlets within the Az.Resources module for interacting with Azure AD groups. For a comprehensive list of all Azure AD related cmdlets, refer to the Azure AD Application documentation.

Key Cmdlets for Azure AD Groups

Cmdlet	Description	Example Usage
`New-AzADGroup`	Creates a new Azure AD group.	New-AzADGroup -DisplayName "MyNewGroup" -Description "This is a test group"`
`Get-AzADGroup`	Retrieves one or more Azure AD groups.	Get-AzADGroup -Filter "DisplayName eq 'MyNewGroup'"` Get-AzADGroup -ObjectId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
`Update-AzADGroup`	Updates properties of an existing Azure AD group.	`Update-AzADGroup -ObjectId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -AddMemberUserPrincipalName "user@example.com"`
`Remove-AzADGroup`	Deletes an Azure AD group.	`Remove-AzADGroup -ObjectId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"`
`Get-AzADGroupMember`	Retrieves members of an Azure AD group.	`Get-AzADGroupMember -TargetObjectId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"`
`Add-AzADGroupMember`	Adds a user or service principal to an Azure AD group.	`Add-AzADGroupMember -TargetObjectId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -MemberObjectId "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy"`
`Remove-AzADGroupMember`	Removes a member from an Azure AD group.	`Remove-AzADGroupMember -TargetObjectId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -MemberObjectId "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy"`

Common Parameters

Most Azure AD cmdlets support the following common parameters:

-ObjectId: The unique identifier (GUID) for the group.
-DisplayName: The human-readable name of the group.
-Filter: A string that specifies a filter to apply to the query. For example, "DisplayName eq 'MyGroupName'".
-SearchString: A string to search for in group properties.
-ErrorAction: Specifies how to handle errors.

Example Scenarios

Creating a new Security Group

This example shows how to create a new security group with a display name and a description.


$groupParams = @{
    DisplayName = "Project Alpha Team"
    Description = "Members of the Project Alpha development team."
    MailEnabled = $false
    SecurityEnabled = $true
}
New-AzADGroup @groupParams

Adding Members to a Group

You can add users or service principals to a group by their Object ID.


$groupId = (Get-AzADGroup -Filter "DisplayName eq 'Project Alpha Team'").Id
$userId = (Get-AzADUser -Filter "UserPrincipalName eq 'alice@contoso.com'").Id

Add-AzADGroupMember -TargetObjectId $groupId -MemberObjectId $userId

Listing All Members of a Group

Retrieve all members associated with a specific group.


$groupObjectId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
Get-AzADGroupMember -TargetObjectId $groupObjectId

Finding Groups by Name

Use the -Filter parameter to find groups that match specific criteria.


Get-AzADGroup -Filter "DisplayName co 'Team'"

The co operator signifies "contains".

Important Notes

Permissions

You need appropriate Azure AD roles (e.g., Global Administrator, User Administrator, or a custom role with group management permissions) to perform these operations.

Efficiency

When retrieving multiple objects, consider using the -Filter parameter with server-side filtering for better performance compared to client-side filtering after fetching all objects.

Azure PowerShell Reference

Azure AD Group Cmdlets