In this article, we'll walk you through a PowerShell script that counts the number of Global Administrators in a Microsoft 365 tenant and lists their personal details. This script utilizes the Microsoft Graph PowerShell module, which provides a powerful way to interact with the Microsoft Graph API.
Here is the complete script that performs the task:
# Ensure the Microsoft.Graph module is installed and imported
if (-not (Get-Module -ListAvailable -Name Microsoft.Graph)) {
Install-Module -Name Microsoft.Graph -Scope CurrentUser -Force -AllowClobber
}
Import-Module Microsoft.Graph
# Connect to Microsoft Graph with necessary Graph API Permissions
Connect-MgGraph -Scopes "User.Read.All", "RoleManagement.Read.Directory"
# Get all directory roles
$roles = Get-MgDirectoryRole
# Find the role ID for global administrators
$globalAdminRole = $roles | Where-Object { $_.DisplayName -eq "Global Administrator" }
# Initialize counts and arrays for storing details
$totalGlobalAdmins = 0
$globalAdminDetails = @()
# Get the members of the global administrator role
if ($globalAdminRole -ne $null) {
$globalAdmins = Get-MgDirectoryRoleMember -DirectoryRoleId $globalAdminRole.Id -All
$totalGlobalAdmins = $globalAdmins.Count
$globalAdmins | ForEach-Object {
$user = Get-MgUser -UserId $_.Id
$globalAdminDetails += [PSCustomObject]@{
DisplayName = $user.DisplayName
Email = $user.UserPrincipalName
}
}
}
Write-Output "Total Global Administrators: $totalGlobalAdmins"
Write-Output "Global Administrators Details:"
$globalAdminDetails | Format-Table -AutoSize
Note: Replace "Global Administrator" with the display name of the administrator whose details you want to fetch (example: "Exchange Administrator") in the script to suit your requirements.
Script Output
Connect-MgGraph
cmdlet is used to connect to Microsoft Graph with the required permissions (User.Read.All
and RoleManagement.Read.Directory
).Get-MgDirectoryRole
.UserPrincipalName
) are retrieved (using Get-MgUser) and stored.Cause: Issues with installing the Microsoft.Graph module.
Solution: Ensure PowerShell is running with administrative privileges to install the module. Use -Scope CurrentUser
to avoid permission issues.
Cause: Problems connecting to Microsoft Graph.
Solution: Check that the user has the necessary permissions to read directory roles and users. Verify the correct scopes are specified in Connect-MgGraph
.
Cause: Connectivity problems affecting interaction with Microsoft Graph API.
Solution: Ensure there is a stable internet connection as the script interacts with the Microsoft Graph API.
Cause: The specified roles or members do not exist in the tenant.
Solution: Ensure that the roles and members exist and are correctly assigned in the tenant.
This script provides a straightforward way to count and list Global Administrators in a Microsoft 365 tenant using the Microsoft Graph PowerShell module. By enhancing the script with error handling, logging, and optimization, you can ensure it runs smoothly and efficiently in various environments. This approach not only improves administrative oversight but also aids in maintaining security by keeping track of privileged accounts.
By leveraging Microsoft Graph PowerShell, administrators can automate and streamline their management tasks, making their operations more efficient and reliable.
© m365corner.com. All Rights Reserved. Design by HTML Codex