How to export Groups and Membership from Azure AD and Import \ Sync Membership to OnPrem AD

Export the Groups from Exchange 365 UI into CSV

#Create Security Group from CSV
import-csv C:\TEMP\Export\Group.csv -Encoding UTF8 | foreach-object {New-ADGroup -Name $_.Name -Description $_.Description -DisplayName $_.Name -SamAccountName $_.Alias -GroupScope Universal -GroupCategory Security -Path "OU=Security Groups,OU=XXXXXXXX,DC=Domain,DC=local"}
#Create Distribution Lists from CSV
import-csv C:\TEMP\Export\Group.csv -Encoding UTF8 | foreach-object {New-ADGroup -Name $_.Name -Description $_.Description -DisplayName $_.Name -SamAccountName $_.Alias -GroupScope Universal -GroupCategory Distribution -Path "OU=Groups,OU=XXXXX,DC=domain,DC=local" -OtherAttributes @{mail = $_.Email}}
#Add Distribution Lists Membership
# Import modules
Import-Module AzureAD
Import-Module ActiveDirectory


# Authenticate with Azure AD
Connect-AzureAD

$csv = Import-csv C:\TEMP\Export\Group.csv -Encoding UTF8

foreach ($item in $csv) 
{

$AzureADGroupId = $item.GroupID  # Azure AD Group ID
$OnPremADGroup = $item.Alias  # On-prem AD group name

# Retrieve members of the Azure AD Group
$azureADMembers = Get-AzureADGroupMember -ObjectId $AzureADGroupId -All $true | Where-Object { $_.UserType -eq "Member" }

# Convert Azure AD members to a list of UPNs
$azureADUserPrincipalNames = $azureADMembers | Select-Object -ExpandProperty UserPrincipalName

# Get members of the on-prem AD Group
$onPremADMembers = Get-ADGroupMember -Identity $OnPremADGroup -Recursive | Where-Object { $_.objectClass -eq 'user' } | Select-Object -ExpandProperty SamAccountName

# Compare and Add missing members to on-prem AD group
foreach ($userPrincipalName in $azureADUserPrincipalNames) {
    $samAccountName = $userPrincipalName.Split('@')[0]
    if ($onPremADMembers -notcontains $samAccountName) {
        # Check if user exists in on-prem AD before adding
        $onPremUser = Get-ADUser -Filter { UserPrincipalName -eq $userPrincipalName }
        if ($onPremUser) {
            Add-ADGroupMember -Identity $OnPremADGroup -Members $onPremUser.SamAccountName
            Write-Output "Added $samAccountName to $OnPremADGroup"
        } else {
            Write-Output "User $samAccountName not found in on-prem AD"
        }
    }
}

}

Write-Output "Azure AD to On-Prem AD group sync complete."

# Fix Security Group Membership
# Import modules
Import-Module AzureAD
Import-Module ActiveDirectory

# Authenticate with Azure AD
Connect-AzureAD

$csv = Import-csv C:\TEMP\Export\Group.csv -Encoding UTF8

foreach ($item in $csv) 
{

$AzureADGroupId = $item.GroupID  # Azure AD Group ID
$OnPremADGroup = $item.Alias  # On-prem AD group name

# Retrieve members of the Azure AD Group
$azureADMembers = Get-AzureADGroupMember -ObjectId $AzureADGroupId -All $true | Where-Object { $_.UserType -eq "Member" }

# Convert Azure AD members to a list of UPNs
$azureADUserPrincipalNames = $azureADMembers | Select-Object -ExpandProperty UserPrincipalName

# Get members of the on-prem AD Group
$onPremADMembers = Get-ADGroupMember -Identity $OnPremADGroup -Recursive | Where-Object { $_.objectClass -eq 'user' } | Select-Object -ExpandProperty SamAccountName

# Compare and Add missing members to on-prem AD group
foreach ($userPrincipalName in $azureADUserPrincipalNames) {
    $samAccountName = $userPrincipalName.Split('@')[0]
    if ($onPremADMembers -notcontains $samAccountName) {
        # Check if user exists in on-prem AD before adding
        $onPremUser = Get-ADUser -Filter { UserPrincipalName -eq $userPrincipalName }
        if ($onPremUser) {
            Add-ADGroupMember -Identity $OnPremADGroup -Members $onPremUser.SamAccountName
            Write-Output "Added $samAccountName to $OnPremADGroup"
        } else {
            Write-Output "User $samAccountName not found in on-prem AD"
        }
    }
}

}

Write-Output "Azure AD to On-Prem AD group sync complete."
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Powered by WordPress | Made with ❤ by Themely