In this post I will be showing you how to add devices to Azure AD group using bulk operations feature. If the task is to add lots of devices to Azure AD group, this process will help you achieve the results.
Bulk operation support
This setting is only supported for Azure AD group with Membership type “Assigned”. This make sense as other 2 options are “Dynamic Device” and “Dynamic User”
The feature available under Azure AD group is Bulk operations > Import members.
Add Devices to Azure AD Group
Navigate to Azure Portal and navigate to Azure Active Directory > Groups. Select one of the group. On menu click on Bulk operations and select Import members. Bulk Operations supports:
- Import members
- Remove members
- Download members
Bulk import group members blade will show you to use csv template provided by Microsoft which can easily be downloaded and you need to provide the objected and ready to upload the csv file.
But hang on, only Object Id or user principal name is supported.
- Object ID is associated with Device
- User principal name is associated with username
How to get Object ID of devices from Azure AD ?
You can get this information from Azure Active Directory > Devices > All Devices
You can either get this information manually for each device or download the csv containing information of all devices.
Once you select a device Object ID can be seen.
To get Object ID for all devices, under All devices click on Download devices, auto populate name will appear and click on Start.
Within few minutes, we will be able to see “File is ready, click here to download”
Once we open the file, we can see list of all devices along with objected column mentioned. This is what we are looking for.
Lets go back to the Azure AD group, select a group and go to Bulk operations > Import Members.
First we need to download csv template (if not downloaded previously).
Once downloaded, open the file, we will see following content:
version:v1.0
Member object ID or user principal name [memberObjectIdOrUpn] Required
Example: 9832aad8-e4fe-496b-a604-95c6eF01ae75
We see 3 rows here, 1st and 2nd row is mandate, hence don’t delete it. Delete the 3rd row as it is showing example only.
Provide the object id’s from 3rd column onwards. Let’s say, I want to add 3 devices. I will copy object id from exportDevice csv (or manually get it from each device) and paste it GroupImportMembersTemplate.csv
File will look something like this:
Navigate back to Bulk import group members blade, upload the csv file which we just worked on. If format is correct, you will see File uploaded successfully.
Click on Submit to initiate the process of adding devices to Azure AD Group.
Once the process is completed, we can see 3 devices added.
Add users as import members using Bulk operations
Adding users is a straight forward process as it doesn’t require Object id(which is associated with device only), here we can simply go and provide list of users in user principal name format such as:
[email protected]
[email protected]
Get Object ID of specific devices only
Downloading list of all devices with object devices in big environment might not be a feasible solution. Think about, if 100’s of devices are provided you to be added to a group, how to get object id for devices only which can be imported using csv template.
The solution is, to use powershell script with AzureAD Module.
I have created a small script which can be downloaded from Github Repository.
Following is the snippet of the script:
Install-Module AzureAD
Connect-AzureAD
$Devices=Get-Content .\Computers.txt
$OutputList = @()
$Obj = @()
$Objtemplate="version:v1.0","Member object ID or user principal name [memberObjectIdOrUpn] Required"
foreach ($Device in $Devices) {
Write-Host "Searching for: $Device" -ForegroundColor Cyan
$Obj = Get-AzureADDevice -SearchString $Device | Where-Object {$_.DeviceTrustType -eq 'ServerAd'} | Select -ExpandProperty Objectid
$Outputlist += Get-AzureADDevice -ObjectId $Obj | Select DisplayName, ObjectId,DeviceTrustType
$Objtemplate += Get-AzureADDevice -SearchString $Device | Where-Object {$_.DeviceTrustType -eq 'ServerAd'} | Select -ExpandProperty Objectid
}
$OutputList | Out-File .\DevicewithObjectid.csv
$OutputList | Select -ExpandProperty ObjectId | Out-File .\DevicewithObjectidonly.csv
$OutputListAll = Get-AzureADDevice -All $true | Select DisplayName, ObjectId, DeviceTrustType
$OutputListAll | Out-File .\AllDeviceswithObjectid.csv
$Objtemplate | Out-File .\CsvTemplateToUpload.csvThe usage of script is simple. Use Computers.txt to provide the list of devices. I have filtered out Azure AD Join devices only by using DeviceTrustType as ServerAd.
You may remove where-object clause if you are interested in getting details for all devices.
This will output you 3 files:
CsvTemplateToUpload.csv: This is the readymade csv template file as per Microsoft standards which includes CSV template strucutre ready to be uploaded along with object id of device.
Devicewithobjectid.csv : For the sake of verifying all your devices along with Object id. Could be used for verification purpose only.
AllDeviceswithObjectid.csv: This generates csv with all devices along with Object ID column, getting this console is also the same thing.
DevicewithObjectidonly.csv: This is the file which we actually need, this only contains object id of device.
If you are using DevicewithObjectidonly.csv, you have to copy the the object id from it to GroupImportMembersTemplate.csv to start importing the members.
Conclusion
Hope you would have enough understanding upon how to add devices using import members feature using Bulk operations which requires object id. And there are several ways to get the object id, getting it from device properties, downloading the csv file for all device or using PowerShell script. For importing members as users, it just requires upn which is easy to manage as compared to adding device which relies on Object ID at the moment.
Important Links
