Azure

How to Bulk Add Devices to Azure AD Group Using PowerShell

In this post, I’ll break down a PowerShell script that simplifies adding devices to a specific Azure AD security group by reading from a CSV file. This is particularly useful when onboarding new devices in bulk or organizing devices into groups based on department, location, or security requirements.


Complete Script

## How to Bulk Add Devices to Azure AD Group Using PowerShell ##
#░█████╗░██╗░░░██╗██████╗░███████╗██████╗░██╗██╗░░░░░██╗░░░░░░█████╗░
#██╔══██╗╚██╗░██╔╝██╔══██╗██╔════╝██╔══██╗██║██║░░░░░██║░░░░░██╔══██╗
#██║░░╚═╝░╚████╔╝░██████╦╝█████╗░░██████╔╝██║██║░░░░░██║░░░░░██║░░██║
#██║░░██╗░░╚██╔╝░░██╔══██╗██╔══╝░░██╔══██╗██║██║░░░░░██║░░░░░██║░░██║
#╚█████╔╝░░░██║░░░██████╦╝███████╗██║░░██║██║███████╗███████╗╚█████╔╝
#░╚════╝░░░░╚═╝░░░╚═════╝░╚══════╝╚═╝░░╚═╝╚═╝╚══════╝╚══════╝░╚════╝░

# Import the AzureAD module
Import-Module AzureAD

# Login to Azure AD
Connect-AzureAD

# Path to your CSV file
$csvFilePath = "C:\path\to\your\devices.csv"

# Security Group Name
$securityGroupName = "Your-Security-Group-Name"

# Get the Security Group Object ID from the group name
$securityGroup = Get-AzureADGroup -SearchString $securityGroupName
if ($securityGroup -eq $null) {
    Write-Host "Security group not found: $securityGroupName"
    exit
}

$securityGroupId = $securityGroup.ObjectId

# Import the CSV file
$devices = Import-Csv -Path $csvFilePath

# Loop through each device in the CSV
foreach ($device in $devices) {
    $deviceName = $device.DeviceName

    # Get the Device Object ID from the device name
    $deviceObject = Get-AzureADDevice -SearchString $deviceName
    if ($deviceObject -eq $null) {
        Write-Host "Device not found: $deviceName"
        continue
    }

    $deviceId = $deviceObject.ObjectId

    try {
        # Add the device to the security group
        Add-AzureADGroupMember -ObjectId $securityGroupId -RefObjectId $deviceId
        Write-Host "Successfully added Device: $deviceName to the group."
    } catch {
        Write-Host "Failed to add Device: $deviceName. Error: $_"
    }
}

# Disconnect from Azure AD
Disconnect-AzureAD

Overview of the Script

So, what does the script do?

  1. Import devices from a CSV file.
  2. Search for these devices in Azure AD.
  3. Add the devices to a specified security group.
  4. Report success or errors for each device.

Prerequisites

Before running the script, ensure the following:

  • You have the AzureAD PowerShell module installed.
  • The script is executed by a user with permissions to manage devices and groups in Azure AD.
  • A CSV file containing device names is available.
  • The correct security group already exists in Azure AD.

Step-by-Step Breakdown

1. Import the Azure AD Module

The script starts by loading the AzureAD module, which contains cmdlets to manage Azure AD resources from PowerShell.

Import-Module AzureAD

This step is necessary for interacting with Azure AD using PowerShell. If you don’t have the module installed, run:

Install-Module AzureAD

2. Authenticate with Azure AD

Before performing any Azure AD operations, the script requires the user to authenticate:

Connect-AzureAD

This prompts the user to enter credentials or use existing session credentials to connect to Azure AD.

3. Specify the CSV File Path and Security Group

You’ll need a CSV file that lists the devices to be added. The CSV should contain a column titled DeviceName, which holds the names of the devices you want to add.

$csvFilePath = "C:\path\to\your\devices.csv"
$securityGroupName = "Your-Security-Group-Name"

Here, $csvFilePath points to the CSV file and $securityGroupName is the name of the Azure AD security group you want to add the devices to.

4. Retrieve the Security Group Object ID

Azure AD uses unique object IDs for each resource, including security groups. To add devices to a group, the script must first retrieve the Object ID of the target security group:

$securityGroup = Get-AzureADGroup -SearchString $securityGroupName
if ($securityGroup -eq $null) {
    Write-Host "Security group not found: $securityGroupName"
    exit
}

If the group isn’t found, the script exits with an appropriate message. Otherwise, the script proceeds to store the Object ID of the group in $securityGroupId:

$securityGroupId = $securityGroup.ObjectId

5. Import the CSV File

The devices from the CSV file are imported into a variable $devices:

$devices = Import-Csv -Path $csvFilePath

Each device is stored as a record, and the script processes each device by looping through the records.

6. Loop through Devices and Add to Group

For each device, the script:

  • Retrieves the device’s Object ID from Azure AD using the DeviceName from the CSV.
  • Adds the device to the specified security group.
  • Logs the outcome for each device.
foreach ($device in $devices) {
    $deviceName = $device.DeviceName
    $deviceObject = Get-AzureADDevice -SearchString $deviceName
    if ($deviceObject -eq $null) {
        Write-Host "Device not found: $deviceName"
        continue
    }

    $deviceId = $deviceObject.ObjectId

    try {
        Add-AzureADGroupMember -ObjectId $securityGroupId -RefObjectId $deviceId
        Write-Host "Successfully added Device: $deviceName to the group."
    } catch {
        Write-Host "Failed to add Device: $deviceName. Error: $_"
    }
}

If the device isn’t found in Azure AD, a message is displayed, and the script moves on to the next device. If an error occurs during the addition process, it’s caught and logged.

7. Disconnect from Azure AD

After processing all the devices, the script disconnects from Azure AD:

Disconnect-AzureAD

This closes the session and ensures no lingering connections remain.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button