How to create and add members to Azure Active Directory Group

This Azure Active Directory tutorial will discuss How to create a group and add members using Azure Active Directory. Also, we will discuss how to create a group in Azure Active Directory using PowerShell, Create a Security Group in Azure AD (Azure Active Directory), Add members to Azure AD Groups, Azure Add Member To Group, How to create a group in Azure Active Directory using PowerShell, etc.

How to create and add members to Azure Active Directory Group

Now, we will see how to create a group in Azure AD (Azure Active Directory) from the Azure portal.

1. Login to Azure Portal. Then click on Groups from the home page.

create group in azure ad

Or you can click on Azure Active Directory from the left navigation or click on Azure Active Directory from the Azure services section in the Azure portal.

Create a group in Azure Active Directory

Or you can log in to Azure AD. Then click on Azure Active Directory like below:

how to Create a group in Azure Active Directory

Or you can directly click on Add a Group from the Quick tasks.

Azure Active Directory create group

2. On the Active Directory page, select Groups and then select New Group

how to Create a group and add members in Azure Active Directory

3. You must complete the required information on the New Group page.

You can select the Group type as Office 365.

Create a Office 365 group in Azure active directory

Create a Security Group in Azure AD (Azure Active Directory)

To create the Security Group in Azure AD (Azure Active Directory), You need to follow the above steps, and then You can select the Group type as Security from the New Group window.

Create a security group in Azure active directory

You can fill out the other required details.

Group type (required field). You can select a group type as Security or Office 365.  We can use the Security group to manage members and computer access to shared resources for a group of users at once.

you can also give a set of permissions to all the members at once instead of giving the permission individually.

We can use the Office 365 group to collaborate opportunities by giving members access to a shared mailbox, SharePoint site, calendar, files, etc.

  • Group name (required field). You can give the group a meaningful name. It will verify in the back end if that name is available or if you must modify the group name.
  • Group email address (required field). You can mention a group email ID or choose the default one. This option will be visible in the case of Group type as Office 365.
  • Group description(Optional). You can describe your Group.
  • Membership type (required field). You can select a Membership type, or it will auto-populate your option. This helps you to add specific users to be members of this group and to have unique permissions.

Now click on the Create button.

If you check now, your Group is created successfully.

create security group in azure ad

Add members to Azure AD Groups

Next, we will see how to add members to Azure Active Directory (AD) groups.

In my case, we can add the members to the group TsinfoGroup.

1. Click on the group name -> Select the Members link from the left and click the Add Members button.

create security group in azure active directory

2. Now, on the Add Members window, Search for the users who need to be added. Then click on the Select button.

Azure Add Member To Group

Now you can see Member added successfully.

Add members to the existing group in Azure Active Directory

This is how we can create a Group in Azure and add the members to the group using Azure Active Directory in Azure Portal.

Create Azure AD group PowerShell

Let’s see how can we create a group in Azure Active Directory using PowerShell.

Connect to the Azure Account PowerShell

You must connect your PowerShell session first. Run the below command and enter your username and password.

PS C:\windows\system32> Connect-AzureAD
get azure group members

You can see above the session connected Successfully

Retrieve the existing groups PowerShell

You can use Get-AzureADGroups to get the list of groups in your AD using the below command.

The syntax is

Get-AzureADGroup [-All <Boolean>] [-Top <Int32>] [-Filter <String>] [<CommonParameters>]

or

Get-AzureADGroup [-SearchString <String>] [-All <Boolean>] [<CommonParameters>]

or

Get-AzureADGroup -ObjectId <String> [-All <Boolean>] [<CommonParameters>]
PS C:\windows\system32> get-azureadgroup
powershell get azure group members

For specific groups,You can use the -objectID parameter to retrieve

PS C:\Windows\system32> get-azureadgroup -ObjectId 219b773f-bc3b-4aef-b320-024a2eec0b5b

Output will be

ObjectId                             DisplayName  Description                   
--------                             -----------  -----------                   
219b773f-bc3b-4aef-b320-024a2eec0b5b TSInfo Users This group is for TSInfo Users
how to get azure ad group members powershell

ObjectId 219b773f-bc3b-4aef-b320-024a2eec0b5b is the objectID for a specific group. In my case, it is TSInfo Users group.

Create Azure AD Groups PowerShell

You can create a group in your AD using the New-AzureADGroup command.

The syntax is

New-AzureADGroup [-InformationAction <ActionPreference>] [-InformationVariable <String>] [-Description <String>] -DisplayName <String> -MailEnabled <Boolean> -MailNickName <String> -SecurityEnabled <Boolean> [<CommonParameters>]

Parameters:

  • -Description: We can use this parameter to set the description of the AD group.
  • -DisplayName: We can set the display name for the group.
  • -InformationVariable: It sets the information variable
  • -MailEnabled: It shows whether mail is enabled or not
  • -MailNickName: It sets the mail nickname
  • -SecurityEnabled: It shows if the group is security-enabled or not.

For example:

PS C:\Windows\system32> New-AzureADGroup -Description "TsInfoGroupNew group is for TsInfo" -DisplayName "TsInfoGroupNew" -MailEnabled $false -SecurityEnabled $true -MailNickName "TsInfoGroupNew"

The output will be

ObjectId                             DisplayName    Description                       
--------                             -----------    -----------                       
23359f6d-850e-47e3-96b3-6ccae2ecb7bd TsInfoGroupNew TsInfoGroupNew group is for TsInfo

You can see below the group was created successfully.

get-azureadgroup members

Add users to Azure AD Groups PowerShell

Now our group TsInfoGroupNew has been created, we can add members to the group

We can use Add-AzureADGroupMember command to add the member to the group.

The syntax is

Add-AzureADGroupMember -ObjectId <String> -RefObjectId <String>[-InformationAction <ActionPreference>]
   [-InformationVariable <String>] [<CommonParameters>]

Parameter:

  • -ObjectId: Sets the ID of a group in Azure Active Directory.
  • -RefObjectId: Sets the ID of the Active Directory group member
PS C:\Windows\system32> Add-AzureADGroupMember -ObjectId 23359f6d-850e-47e3-96b3-6ccae2ecb7bd -RefObjectId e09bfcd-36e9-47c2-a98c-cf19412540e6
get azuread group members

Here, ObjectId parameter is the ObjectID of the group, and the RefObjectId is the ObjectID of the user we want to add as a member.

FAQs

How Many Groups Can We Create In Azure AD?

An Azure AD organization can have 5000 dynamic groups at max.

What are Azure Active Directory Groups

Azure Active Directory Groups help you manage access to applications, including cloud-based and on-premises apps. It helps you manage the permissions, different roles, etc. It also helps you provide permissions to manage external apps such as SharePoint sites, Azure services, SaaS apps, etc.

You can create groups like Security, Microsoft 365, etc. You can also create different membership types like Assigned, Dynamic user, Dynamic device, etc.

How to update Azure AD Groups PowerShell

You can update the info for the group created, Using Set-AzureADGroup command.

The syntax is

Set-AzureADGroup -ObjectId <String> [-InformationAction <ActionPreference>] [-InformationVariable <String>] [-Description <String>] [-DisplayName <String>][-MailEnabled <Boolean>][-MailNickName <String>] [-SecurityEnabled <Boolean>] [<CommonParameters>]

For example, If we want to change the description for the above group created.

PS C:\Windows\system32> Set-AzureADGroup -ObjectId 219b773f-bc3b-4aef-b320-024a2eec0b5b -Description "This group is TsInfoGroupNew"

This will change the description from TsInfoGroupNew to This group is TsInfoGroupNew.

How to delete Azure AD Groups PowerShell

To delete the specific group you can use the below command.

PS C:\Windows\system32> Remove-AzureADGroup -ObjectId 219b773f-bc3b-4aef-b320-024a2eec0b5b

ObjectId 219b773f-bc3b-4aef-b320-024a2eec0b5b is the objectID for a specific group.

You may like the following Azure tutorials:

Conclusion

In this Azure tutorial, We discussed

  • How to create and add members to Azure Active Directory Group

I hope you have enjoyed this article !!!