PowerShell: AzureAD Dynamic Groups
A few code snippets for Azure AD dynamic groups. One for creating standard groups for your environment. Another for finding duplicates.
I’ve implemented InTune for our corporate environment and handed it off to someone else to manage. This person did a great job of managing things despite the fact that InTune underwent several backend migrations and updates that either broke or left unpredictable software distribution groups in the environment. I’ve finally found a few cycles to round back on this one and found some funny things.
Essentially, there were around 90 dynamic groups auto-created called “Subsidiary*” that were almost all duplicates of the same dynamic filter including all computers in the environment. It was bizarre and confusing but also understandable (as we didn’t heed the InTune upgrade warnings and take necessary actions at the time). Anyway, this led me to want to create some standard dynamic groups as well as find and remove the duplicates.
For adding the new groups you can use this gist. This is easily modified to add or remove groups of your choosing. This didn’t really warrant a new module or anything so there are some built in variables that control whether existing dynamic groups are updated or left alone when this script runs. This would be a decent candidate for scheduling to be run via Azure Automation on a regular basis.
For finding your duplicate dynamic groups use this gist. This will not find all duplicate filters but it will find the most common ones and is a good starting point.
Reminder that the dynamic group cmdlets are only functional in the AzureADPreview module. You may have to explicitly load this module so AzureAD doesn’t interfere with things and cause a bunch of errors to get thrown (this is seen in the code at the beginning where I force remove AzureAD and load AzureADPreview).