Export Security Groups members from Microsoft 365 using Power Automate

Question

Is there any way to export SG members from Microsoft Admin Portal using Power Automate?

What I managed to do by now is to export users from Azure, but without group alias, or license info.

Any ideas in which direction should I go? Or is it only option powershell?

I would like to know how to export Group Members (Mail-enabled) from Admin Portal? Not a manual way but using PowerAutomate if that is possible..?

Thats my output after running the flow, I am getting only one user (Me)...

Be specific about what you need and maybe we can help. As of right now, you’ve specified what you *can’t* get. — Skin, Mar 12 '23 at 20:03

Expiscornovus · Answer 1 · 2023-03-16T15:16:31.690

0

You can probably use a couple of Graph API calls for this.

This first request retrieves all mail enabled security groups.
Don't forget the ConsistencyLevel: eventual header

https://graph.microsoft.com/v1.0/groups?$filter=securityEnabled eq true and mailEnabled eq true and NOT(groupTypes/any(a:a%20eq%20'Unified'))&$count=true&$select=id

These type of groups should have an empty groupTypes field and both mailEnabled and securityEnabled are true. According to this Microsoft doc: https://learn.microsoft.com/en-us/graph/api/resources/groups-overview?view=graph-rest-1.0&tabs=http#group-types-in-azure-ad-and-microsoft-graph

The second request uses the ids of the previous request and retrieves the members of type user.

https://graph.microsoft.com/v1.0/groups/@{items('Apply_to_each')['id']}/members/microsoft.graph.user?$count=true&$select=displayName,id,userprincipalName

edited Mar 16 '23 at 15:16

answered Mar 15 '23 at 16:43

Expiscornovus

1,222
1
3
7

Filter operator 'Not' is not supported. I am getting this error for first graph...not sure If I am doing all right.... – MmVv Mar 15 '23 at 17:38
Sorry, forgot to mention. That first request requires the ConsistencyLevel key in the Headers with the eventual value, https://learn.microsoft.com/en-us/graph/api/group-list?view=graph-rest-1.0&tabs=http#request-headers – Expiscornovus Mar 16 '23 at 10:02
Hmm I am just getting group IDs as enctypted text, but not the users......but flow is like taking over 4min, where I just stopped it. but still found some matches... { "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups(id)", "@odata.count": 43, "value": [ { "id": "14ae4d9f-d79d-4c6c-984c-3d1ca46a5e02" }, – MmVv Mar 16 '23 at 10:25
That first request is only to list all the group ids. That second action is to retrieve the users. You can use the list of ids in an apply to each loop. Within the Uri of that second action you will need replace the `{id}` part of the Uri by the `@{item()['id']}` of the current item in the loop. So, in case of your example the members of the match you shared in the reply above, you could retrieve members by using: `https://graph.microsoft.com/v1.0/groups/14ae4d9f-d79d-4c6c-984c-3d1ca46a5e02/members/microsoft.graph.user?$count=true&$select=displayName,id,userprincipalName` – Expiscornovus Mar 16 '23 at 10:42
Okay, but wait a second, you think both actions one after another? Send an HTTP Req and then Send an HTTP Req2 below? because I am not getting fields to match... – MmVv Mar 16 '23 at 10:55
I have added a screenshot to my original reply. Hopefully that shows how the loop and order of actions could look like. – Expiscornovus Mar 16 '23 at 11:09
Yes, it helped but I am getting only 1 User - Me... see my screenshot above... – MmVv Mar 16 '23 at 11:36
Sorry, I can extract also other users but I have to change (manually) ID of the group, same as it was in first example.... so that means I have to create like 20x actions with different groups to have all users.... :/ – MmVv Mar 16 '23 at 12:03
No, you don't have to manually update it. It should get the id from every group from the response of the first http request. For clarity I have updated the second request Uri in my original reply. As you can see I have replaced `{id}` by `@{items('Apply_to_each')['id']}`. That should be sufficient. – Expiscornovus Mar 16 '23 at 15:18
Strange, I am still getting just one user from first ID that it founds. And my "Apply to each" step changes from function to normal body.value everytime I run it. – MmVv Mar 16 '23 at 16:15

Export Security Groups members from Microsoft 365 using Power Automate

1 Answers1