Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
Spudgun79
New Member

Reporting on Azure & AD on-prem groups

‎11-11-2021 04:19 AM

Hi all,

 

Can someone please tell me the most straightforward way to report on groups/group membership of AD groups. We have a hybrid Azure / AD on-prem environment. So I would assume varying ways in which to accomplish this. 

 

Another more important question is the level of permissions / M365 role that we'd need to give someone to run these reports (power user non member of IT)

 

thanks!

Labels:
Message 1 of 3
1,925 Views
0
1 ACCEPTED SOLUTION
v-xiaoyan-msft
Community Support
Community Support

‎11-14-2021 11:31 PM

Hi @Spudgun79 ,

 

You can use the Exchange Online PowerShell module to easily collect Office 365 Group information, and then after getting the list of groups in your tenant, interrogate each group to retrieve membership and owner lists. 

For details,you can refer to:

Exporting Office 365 Group membership to a CSV file 

Active Directory – How to Generate a Group Membership Report 

 

The access you need  is Read-Access to Active Directory.

 

Also,Microsoft 365 or Office 365 subscription comes with a set of admin roles that you can assign to users in your organization using the Microsoft 365 admin center. Each admin role maps to common business functions and gives people in your organization permissions to do specific tasks in the admin centers.

 

You can assign the groups admin role to users who need to manage all groups settings across admin centers, including the Microsoft 365 admin center and Azure Active Directory portal.

Groups admins can:
- Create, edit, delete, and restore Microsoft 365 groups
- Create and update group creation, expiration, and naming policies
- Create, edit, delete, and restore Azure Active Directory security groups

 

For more details about admin roles in M365, you can refer to:Commonly used Microsoft 365 admin center roles 

 

Hope it helps,


Community Support Team _ Caitlyn

If this post helps then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 3 of 3
1,849 Views
0
2 REPLIES 2
v-xiaoyan-msft
Community Support
Community Support

‎11-14-2021 11:31 PM

Hi @Spudgun79 ,

 

You can use the Exchange Online PowerShell module to easily collect Office 365 Group information, and then after getting the list of groups in your tenant, interrogate each group to retrieve membership and owner lists. 

For details,you can refer to:

Exporting Office 365 Group membership to a CSV file 

Active Directory – How to Generate a Group Membership Report 

 

The access you need  is Read-Access to Active Directory.

 

Also,Microsoft 365 or Office 365 subscription comes with a set of admin roles that you can assign to users in your organization using the Microsoft 365 admin center. Each admin role maps to common business functions and gives people in your organization permissions to do specific tasks in the admin centers.

 

You can assign the groups admin role to users who need to manage all groups settings across admin centers, including the Microsoft 365 admin center and Azure Active Directory portal.

Groups admins can:
- Create, edit, delete, and restore Microsoft 365 groups
- Create and update group creation, expiration, and naming policies
- Create, edit, delete, and restore Azure Active Directory security groups

 

For more details about admin roles in M365, you can refer to:Commonly used Microsoft 365 admin center roles 

 

Hope it helps,


Community Support Team _ Caitlyn

If this post helps then please consider Accept it as the solution to help the other members find it more quickly.

Message 3 of 3
1,850 Views
0
GilbertQ
Super User
Super User

‎11-11-2021 02:00 PM

Hi @Spudgun79 

 

Ideally you should have your On-Prem AD synching with Azure AD, that will then allow all the groups to be available?

 

For users to view the reports they just need to have the permissions granted, which you can use by typing in their email address?





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Message 2 of 3
1,868 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All