Last active
November 13, 2025 15:57
-
-
Save griffeth-barker/8db06cef8fbc4882a798c8f9accaad66 to your computer and use it in GitHub Desktop.
Copy Entra group members from one group to another
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Copy-EntraGroupMember { | |
| <# | |
| .SYNOPSIS | |
| Copies members from the source Entra groups to the destination Entra group. | |
| .DESCRIPTION | |
| Copies all members from the specified source Entra groups to the specified destination Entra group. | |
| .PARAMETER SourceGroupId | |
| A GUID reflecting the Id or objectId of the source group from which members should be copied. | |
| .PARAMETER DestinationGroupId | |
| A GUID reflecting the Id or objectId of the destination group to which members should be copied. | |
| .INPUTS | |
| System.Guid[] | |
| System.Guid | |
| .OUTPUTS | |
| System.Management.Automation.PSCustomObject | |
| .EXAMPLE | |
| $copyParams = @{ | |
| SourceGroupId = '00000000-0000-0000-0000-000000000000' | |
| DestinationGroupId = '00000000-0000-0000-0000-000000000001' | |
| } | |
| Copy-EntraGroupMember @copyParams | |
| Adds the members of the Entra group with Id '00000000-0000-0000-0000-000000000000' as direct members of the group | |
| with Id '00000000-0000-0000-0000-000000000001'. | |
| .NOTES | |
| This function requires the Microsoft.Entra module and a connection to EntraID with the Group.ReadWrite.All scope. | |
| .LINK | |
| https://gist.github.com/griffeth-barker/8db06cef8fbc4882a798c8f9accaad66 | |
| #> | |
| #requires -Module Microsoft.Entra | |
| [CmdletBinding(SupportsShouldProcess = $true)] | |
| param ( | |
| [Parameter(Mandatory = $true, ValueFromPipeline = $true, Position = 0)] | |
| [System.Guid[]] | |
| $SourceGroupId, | |
| [Parameter(Mandatory = $true)] | |
| [System.Guid] | |
| $DestinationGroupId | |
| ) | |
| begin { | |
| $apiConnection = Get-EntraContext | |
| $apiScopes = $apiConnection.Scopes | |
| if (-not $apiConnection) { | |
| throw "No connection to EntraID found. Please run Connect-Entra -Scopes Group.ReadWrite.All" | |
| } | |
| if ($apiScopes -notcontains "Group.ReadWrite.All") { | |
| throw "Connection to EntraID does not have the Group.ReadWrite.All scope. Please reconnect with the Group.ReadWrite.All scope." | |
| } | |
| } | |
| process { | |
| foreach ($s in $SourceGroupId) { | |
| try { | |
| $sourceMembers = Get-EntraGroupMember -GroupId $s -ErrorAction Stop | |
| } | |
| catch { | |
| Write-Error $_ | |
| continue | |
| } | |
| foreach ($sourceMember in $sourceMembers) { | |
| if ($PSCmdlet.ShouldProcess("Group $DestinationGroupId", "Add member $($sourceMember.Id)")) { | |
| try { | |
| Add-EntraGroupMember -GroupId $DestinationGroupId -MemberId $sourceMember.Id -ErrorAction Stop | |
| } | |
| catch { | |
| Write-Error $_ | |
| [PSCustomObject]@{ | |
| GroupId = $DestinationGroupId | |
| MemberId = $sourceMember.Id | |
| Status = "Failed" | |
| Action = "None" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| end {} | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment