Is there a way to extend the Get-AdmGroupMember for easier cloud user management and better expressing the actual "user" object your working with?


Is there any extention available like -properties to extend the members with extra attributes to distinguish like "On-Premises Sync Enabled". Currently Azure groups can contain 4 types of "user" that can be member of a group:

  • a Service Principal this type isn't even returned as a member of the group by Get-AdmGroupMember.
    • Type: Service Principal
  • Office356 Guest account, invited external
    • Type: User
    • CreationType: Invitation
  • Hybrid account, hybrid sync
    • Type: User
    • onPremisesSyncEnabled: True
  • Cloud user, user created in Office365
    • Type: User

Get-AdmGroupMember everything looks the same.

DistinguishedName : CN=Guest\0AUID:141dd7c33dc0000000000000,OU=Users,DC=dummy,DC=onmicrosoft,DC=com

ObjectClass : user

Name : Guest

ObjectGUID : 4564644-3dc2-45f6-86f1-000000000000000

SID : S-1-15-00000000-337500099-1173765570-58978694-00000000

DistinguishedName : CN=Cloud User\0AUID:141dd7c33dc0000000000000,OU=Users,DC=dummy,DC=onmicrosoft,DC=com

ObjectClass : user

Name : cloud user

ObjectGUID : 141dd7c3-3dc2-45f6-86f1-000000000000000

SID : S-1-15-00000000-337500099-1173765570-58978694-00000000

DistinguishedName : CN=Hybrid User\0AUID:d7dc94fa60d849a000000000000,OU=Users,DC=dummy,DC=onmicrosoft,DC=com

ObjectClass : user

Name : Hybrid User

ObjectGUID : d7dc94fa-60d8-49a9-aebb-0000000000

SID : S-1-15-000000000000-3621557498-1235837144-3060644782-00000000000

1 Answer

Hello Peter,

Unfortunately, there is no such possibility. However, thank you for the suggestion. We forwarded it to the corresponding department for consideration.

