Export the Groups from Exchange 365 UI into CSV
#Create Security Group from CSV
import-csv C:\TEMP\Export\Group.csv -Encoding UTF8 | foreach-object {New-ADGroup -Name $_.Name -Description $_.Description -DisplayName $_.Name -SamAccountName $_.Alias -GroupScope Universal -GroupCategory Security -Path "OU=Security Groups,OU=XXXXXXXX,DC=Domain,DC=local"}
#Create Distribution Lists from CSV
import-csv C:\TEMP\Export\Group.csv -Encoding UTF8 | foreach-object {New-ADGroup -Name $_.Name -Description $_.Description -DisplayName $_.Name -SamAccountName $_.Alias -GroupScope Universal -GroupCategory Distribution -Path "OU=Groups,OU=XXXXX,DC=domain,DC=local" -OtherAttributes @{mail = $_.Email}}
#Add Distribution Lists Membership
# Import modules
Import-Module AzureAD
Import-Module ActiveDirectory
# Authenticate with Azure AD
Connect-AzureAD
$csv = Import-csv C:\TEMP\Export\Group.csv -Encoding UTF8
foreach ($item in $csv)
{
$AzureADGroupId = $item.GroupID # Azure AD Group ID
$OnPremADGroup = $item.Alias # On-prem AD group name
# Retrieve members of the Azure AD Group
$azureADMembers = Get-AzureADGroupMember -ObjectId $AzureADGroupId -All $true | Where-Object { $_.UserType -eq "Member" }
# Convert Azure AD members to a list of UPNs
$azureADUserPrincipalNames = $azureADMembers | Select-Object -ExpandProperty UserPrincipalName
# Get members of the on-prem AD Group
$onPremADMembers = Get-ADGroupMember -Identity $OnPremADGroup -Recursive | Where-Object { $_.objectClass -eq 'user' } | Select-Object -ExpandProperty SamAccountName
# Compare and Add missing members to on-prem AD group
foreach ($userPrincipalName in $azureADUserPrincipalNames) {
$samAccountName = $userPrincipalName.Split('@')[0]
if ($onPremADMembers -notcontains $samAccountName) {
# Check if user exists in on-prem AD before adding
$onPremUser = Get-ADUser -Filter { UserPrincipalName -eq $userPrincipalName }
if ($onPremUser) {
Add-ADGroupMember -Identity $OnPremADGroup -Members $onPremUser.SamAccountName
Write-Output "Added $samAccountName to $OnPremADGroup"
} else {
Write-Output "User $samAccountName not found in on-prem AD"
}
}
}
}
Write-Output "Azure AD to On-Prem AD group sync complete."
# Copy Users in Security Group Membership
# Import modules
Import-Module AzureAD
Import-Module ActiveDirectory
# Authenticate with Azure AD
Connect-AzureAD
$csv = Import-csv C:\TEMP\Export\Group.csv -Encoding UTF8
foreach ($item in $csv)
{
$AzureADGroupId = $item.GroupID # Azure AD Group ID
$OnPremADGroup = $item.Alias # On-prem AD group name
# Retrieve members of the Azure AD Group
$azureADMembers = Get-AzureADGroupMember -ObjectId $AzureADGroupId -All $true | Where-Object { $_.UserType -eq "Member" }
# Convert Azure AD members to a list of UPNs
$azureADUserPrincipalNames = $azureADMembers | Select-Object -ExpandProperty UserPrincipalName
# Get members of the on-prem AD Group
$onPremADMembers = Get-ADGroupMember -Identity $OnPremADGroup -Recursive | Where-Object { $_.objectClass -eq 'user' } | Select-Object -ExpandProperty SamAccountName
# Compare and Add missing members to on-prem AD group
foreach ($userPrincipalName in $azureADUserPrincipalNames) {
$samAccountName = $userPrincipalName.Split('@')[0]
if ($onPremADMembers -notcontains $samAccountName) {
# Check if user exists in on-prem AD before adding
$onPremUser = Get-ADUser -Filter { UserPrincipalName -eq $userPrincipalName }
if ($onPremUser) {
Add-ADGroupMember -Identity $OnPremADGroup -Members $onPremUser.SamAccountName
Write-Output "Added $samAccountName to $OnPremADGroup"
} else {
Write-Output "User $samAccountName not found in on-prem AD"
}
}
}
}
Write-Output "Azure AD to On-Prem AD group sync complete."
# Copy Groups in Security Group Membership
# Load required modules
Import-Module AzureAD
Import-Module ActiveDirectory
$csv = Import-csv C:\TEMP\Export\SGGroup.csv -Encoding UTF8
Connect-AzureAD # Replace with your Tenant ID if required
foreach ($item in $csv)
{
# Get all nested groups in Azure AD
$azureADNestedGroups = Get-AzureADGroupMember -ObjectId $item.id | Where-Object { $_.ObjectType -eq "Group" }
foreach ($group in $azureADNestedGroups) {
Add-ADGroupMember -Identity $item.displayName -Members $group.Displayname
}
}