Get all admin account in tenant

One questions I frequently get asked: ”How do I list all the users that have admin access to my tenant?” You can easily list the members of an admin role if you are looking at a specific role i.e Global Admin using

$role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Company Administrator'}
Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId | Get-AzureADUser

However if you are going into a tenant and need to evaluate those with security access. Running the Powershell below will help to reduce the number of command you have to run against individual admin role.


#Connect to O365
Import-Module MSOnline
$User = ""
$password = Get-Content "C:\SecureStrings\PasswordAkin.txt" | ConvertTo-SecureString
$credential = new-object -typename -argumentlist $User, $password
Write-Host "Running the script to Connect to Office365"
Connect-MsolService -Credential $credential

$role = Get-AzureADDirectoryRole | Select-Object DisplayName
$output = 'C:\Users\akin\Desktop\ScriptInput\usersMFA.csv'

foreach ($admin in $role){
$admin = $admin.DisplayName
$role2 = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq $admin}
echo $role2
Get-AzureADDirectoryRoleMember -ObjectId $role2.ObjectID | Get-AzureADUser | Select-Object userprincipalname | Export-Csv $output -NoTypeInformation -Append
Posted in Scripts

Write a comment