Office 365: Admin accounts extraction via PowerShell

Hello all,

You use Office 365 ? You want display the list of your Office 365 administrators ? Well open your PowerShell and follow the next steps!

1- First, connect to Office 365 in PowerShell with:
– A Global Administrator account
Windows Azure Active Directory Module for Windows PowerShell

2- Run this cmdlets

###Get all roles
$AdminGroup = Get-MsolRole

Foreach ( $Group in $AdminGroup ) {
   Write-Host "$($Group.Name)" -ForegroundColor Green
   #Return all users with the loop role
   Get-MsolRoleMember -RoleObjectId $Group.ObjectId
}

 

 

Now, we can optimize the return 🙂

Example 1:

 

Example 2:
###Create the CSV file
$evidence = ".\Extraction.csv"

Add-content -path $evidence "Admin accounts extraction"
Add-content -path $evidence "Date:;$($time)"
Add-content -path $evidence " "

###Extraction step
$AdminGroups = Get-MsolRole
#First loop to parse all administration groups
Foreach ( $Group in $AdminGroup ) {
   $AllAdmin = Get-MsolRoleMember -RoleObjectId $Group.ObjectId | Select-object RoleMemberType,DisplayName,EmailAddress
   Write-Host "$($Group.Name)" -ForegroundColor Green
   #Second loop to extract all administrator accounts
   Foreach ( $Admin in $AllAdmin ) {
      Add-content -path $evidence "$($Group.Name);$($Admin.RoleMemberType);$($Admin.DisplayName);$($Admin.EmailAddress)"
   }
}

Would you like to know more?

Get-MsolRole https://msdn.microsoft.com/en-us/library/azure/dn194100.aspx

Get-MsolRoleMember https://msdn.microsoft.com/en-us/library/azure/dn194131.aspx

4 comments

  1. Jason Brownhill Reply

    Thanks for this – very handy! Just a quick question – I think the get-msol cmdlets have been replaced with get-AzureAD commands? Not sure.

    • Christophe BACH Post authorReply

      Hi Jason,

      No worries 😉
      Yes, AzureAD cmdlets are replacing the msol once.
      Just, couple of features are not available in AzureAD cmdlets, but I use almost only AzureAD too 😉

Leave a Reply to Jason Brownhill Cancel reply