May 18, 2024
PowerShell Stuff

How To Bulk Add Users to Azure AD Groups from CSV using PowerShell

Smittyby Smitty
Save Time with PowerShell

Here is the scenario. You were just given a list of 300 users that need to get added to an Azure AD Group and only 10 minutes to do it. You need to bulk add users to an Azure AD Group, and FAST. Who knows the specific reason, use your imagination.

You have two options:

  1. Spend FOREVER doing a manual search and add each user to the group using the GUI or…
  2. Script it in PowerShell!

Lets be real, this is a loaded question. When you have to bulk add users to Azure AD Groups, OBVIOUSLY you should be scripting this in PowerShell. Not only is it faster because it can happen at the speed of electricity, but everything in Azure runs faster when you make the change via PowerShell. You may be wondering where to start. If so, then you’ve come to the right place. This post will demonstrate how to bulk add users to Azure AD Groups from CSV via PowerShell.

Full Disclosure

I am FAR from being a pro with PowerShell. For me, most of the time I have to look up commands, syntax and properties. BUT, the more I use it, the more familiar it becomes. Its great to find myself seeking out reasons to do things in PowerShell instead of the GUI because I know that is the way to learn. So please, take this and any other PowerShell articles with an understanding that I probably am not doing things the best way it can be done. I’m still learning and am open to suggestions always.

DISCLAIMER 

Please understand that the content herein is for informational purposes only. This existence and contents shall not create an obligation, liability or suggest a consultancy relationship. In further, such shall be considered as is without any express or implied warranties including, but not limited to express and implied warranties of merchantability, fitness for a particular purpose and non-infringement. There is no commitment about the content within the services that the specific functions of the services or its reliability, applicability or ability to meet your needs, whether unique or standard. Please be sure to test this process fully before deploying in ANY production capacity, and ensure you understand that you are doing so at your own risk.

Table of Contents

Set Up for Azure AD PowerShell
How the Script Works
Can YOU make this More Robust
Conclusion

Set Up for Azure AD PowerShell

My first recommendation is that if you aren’t already using it, download Visual Studio Code. It is a fantastic editor, with code suggestion, syntax recommendations, and a very nice to look at interface. Obviously, feel free to use whatever, even the built in PowerShell ISE is a decent tool for writing scripts. For me though, VS Code is where it is at.

In order to use the Azure Active Directory PowerShell Module you need to have it installed. This here is Microsoft’s Official Documentation on how to get started with Azure Active Directory PowerShell, and I recommend checking it out since learning PowerShell means you’re going to be reading a ton of Microsoft documentation anyways. Here is another excellent post with step by step instructions if you aren’t familiar with how to install a PowerShell module. However, if you know how to do it, but don’t know the specific command, here it is. (Must be run from an elevated PowerShell window)

#Install Azure AD PowerShell module
Install-Module AzureAD

If that didn’t work for you, check out the links in the previous paragraph. No sense in me repeating someone else’s work when they’ve already done a nice job. You are now ready to begin to bulk add users to Azure AD groups!

How the Script Works to Bulk Add Users to Azure AD Groups

The first part of the script has us connecting to Azure AD PowerShell Module

#Connect to Azure AD 
Connect-AzureAD

For this script we are working with a list of User Principal Names in a CSV file. So next you want to specify the group name and location of the CSV with users. For the CSV file, you will want the header to show userPrincipalName, as pictured below. This is the easiest way to ensure the script works with minimal modification. 

#Import the list and save it to a variable
$list = Import-Csv "C:\Users\SeeSmitty\Downloads\UserList.csv"

#Insert the display name of the group here
$group = "Your Group Name"
csv list to bulk add users to azure ad groups

From here, the script will then look up the ObjectID for the group name you saved up above. This is because the Add-AzureADGroupMember cmdlet will only accept ObjectID as the parameter for the group you are adding the users to. 

#Retrieve the group name for use later in the script
$GroupObjectID = Get-AzureADGroup -SearchString $group | Select -Property ObjectID

Next there is a Foreach loop that will get each UPN from the CSV file, and look up the ObjectID, then pass that on to the command to actually add the user to the group. Now what I noticed when trying to run this was that the Add-AzureADGroupMember cmdlet didn’t like it when users were already in the group, so I added a Try-Catch to help it handle those false errors that get generated when a user is already in the group. This can be helpful if you are trying to update a group with a list that contains everyone who should be in a group, rather than who needed added to the group.

Finally, once it is done, it will disconnect your AzureAD PowerShell session.

A link to the full script on GitHub can be found here: Add-UsersToAzureADGroup.ps1

Can YOU make this more Robust?

Now this script is pretty basic, and that is by design. I found that when I was trying to find a script like this, nothing turned up. Often times, ones that were more complex came up, but nothing as simple as this. So if you have ideas on how you could make this script do WAY more, then great! I hope this is a good starting point for you.

However, if you don’t know how it could do more, or you don’t know what else you may want to do with this, then here are a few ideas to get you started. Adding users to an Azure AD group in bulk is just the beginning!

Ideas for Robustness

Remove Users in Bulk

You don’t always need to add users to a group. Sometimes you need to remove some, or sometimes you need to remove all but retain a few. The concepts are the same. I found that for me it is always easier for me to start from someone else’s script than starting from scratch.

Use it as a Function

This is pretty straightforward. Maybe you are going to include this as part of another script, then you can modify this script so it is a function instead. Maybe you have several CSV files with usernames that need to get added to several Azure AD group. You could create the Foreach section as a function, and call that function over and over again in a separate loop.

Add Parameters

The fact that I don’t have Params in my script shows that I’m not a pro. I understand the point, but often times I’m the only one using it, and I know I am passing a simple string into the script. But establishing a Params section could enable you to allow piping of variables into this as a function (if you made it into one) from another script or line of code. This can add robust-ness when you are adding this to a different script.

Conclusion

So that’s it! I hope this help you and saves you some time. I’ll continue to update the script if I find that there are reasons to do so, and will update the links if they change.

Hit me up on Twitter @SeeSmittyIT to let me know what you thought of this post. Thanks for reading!

Smitty

Curtis Smith works in IT with a primary focus on Mobile Device Management, M365 Apps, and Azure AD. He has certifications from CompTIA and Microsoft, and writes as a hobby.

View all posts by Smitty →

You might also like

exchange powershell access

How to Use App-Only Authentication with Exchange PowerShell

move distribution groups to exchange online part 2

How To Move Distribution Lists to Exchange Online – Part 2

exchange powershell practical application

MS Graph and Exchange PowerShell Practical Application