IT Insights IT Insights

Graph API - Remove Azure AD Group Member

AzureAD, Microsoft Graph API04/02/2022

Many tasks and processes can be automated quickly and easily using the Microsoft Graph API. This can be implemented with low-code applications such as Logic App or, for example, via Azure Function and PowerShell. Depending on the requirements, complexity, a variety of options are available.

But also in the Azure Cloud in Logic Apps and Azure Functions you should look at the cost situation in advance, so that this should also be part of the decision.

Therefore, here is an example of how the Graph API can be used in Azure Functions to get all group members of a group and then remove deactivated users from the group.

  1. In the first step we get the corresponding group members from the Graph API (/groups). The Graph API returns only 100 entries by default, so simple API request is not enough and we have to work with NextLink.
$responseMember = Invoke-RestMethod -Method Get -Uri https://graph.microsoft.com/v1.0/groups/{GroupId}/members/ -Headers $graphHeader -Body $body

$aadGroupMember = $ResponseMember.value

$aadGroupMemberNextLink = $ResponseMember."@odata.nextLink"
  1. In the next step we create a while loop and let it run until all data is contained in our specified variable.
while ($aadGroupMemberNextLink -ne $null) {

  $responseMember = (Invoke-RestMethod -Method Get -Uri $aadGroupMemberNextLink -Headers $graphHeader -body $body)
  $aadGroupMemberNextLink = $ResponseGroupmember."@odata.nextLink"
  $aadGroupMember += $ResponseMember.value

}
  1. If we now set a count on our variable, the value should contain the number of current members of the group. This can be verified e.g. by calling the group in the Azure Portal (Overview).
($aadGroupMember).count
  1. In the next step we use a foreach loop and within the loop we check the status of each user and if it is disabled this user will be removed from the group.
foreach ($aadmember in $aadGroupMember) {
  $MemberId = $aadmember.id
  $member = Invoke-RestMethod -Method Get -Uri "https://graph.microsoft.com/beta/users/$MemberId" -Headers $graphHeader

  if (!$member.accountEnabled) {
    $DisabledUser = $member.id
    Invoke-RestMethod -Method Delete -Uri "https://graph.microsoft.com/v1.0/groups/{GroupId}/members/$DisabledUser/`$ref" -Headers $graphHeader
  }
}

Global Azure Bootcamp 2019

Once every year, all the worldwide Azure communities come together to the Global Azure Bootcamp. This year on April 27th it's the sixth time and we are proud to be part of it the fourth time in a row!

Group PowerBI Measures

In Microsoft PowerBI, measures are created by default within the existing table. If you have a large data model with a lot of measures it can get very confusing. Here is a little trick how to improve your measures structures.