I recently had to replicate an Azure AD group structure from one tenant to another and wrote a super simple script to speed things up.
Set up PowerShell
Firstly you will need to install the Azure AD PowerShell module which allows you to intreact with AAD.
Install-Module AzureADPreview
Authenticate to your Azure Active Directory tenant by running
Connect-AzureAD -TenantId "<insert tenant id here>"
Retrieve AD Groups
I used a simple command to export the AD groups from the tenant I want to copy from to a csv file
Get-AzureADMSGroup | select DisplayName | Export-Csv c:\development\azureadusers.csv -NoTypeInformation
You can modify the export path as needed.
Create the AD Groups
Now that you have the AD groups exported you can run the script. Make sure you re-authenticate to the new Tenant where you want o set up the groups. Here is an example of what my CV looks like:
Note that I am only filtering the Display Names of the AD groups without the descriptions and owners. I haven't had a chance to script this up but it's fairly straight forward to do.
Run the script to set up the groups:
$Groups = Import-Csv -Path "C:\development\azureadusers.csv"
foreach($Group in $Groups)
{
New-AzureAdGroup -DisplayName $Group.DisplayName -MailEnabled $False -SecurityEnabled $True -MailNickName "NotSet"
}
The AD groups are now created!
There are some limitations with the Azure AD module. It doesn't support all parameters so for example you can't enable groups to be assignable to roles. You can achieve the same by using the Az.Resources module
You can also expand the script to add descriptions to the AD groups and replicate/assign owners.
Hope this helps.
Top comments (0)