Script for adding back members to Azure AD group from audit log

Had an emergency at a customer today, where the IAM solution removed a few thousand users from licensing groups. In order to quickly add these back until the IAM system was operational again, the following method was used.

First we found each group in the Azure AD portal and downloaded the audit log in csv format, for the last 24 hours:

Then we used the following script (run in the folder where the csv files are stored).

ls  | ? extension -eq ".csv"| foreach {
    gc $_.FullName  | ConvertFrom-Csv | ? Activity -eq "Remove member from group"  | ? Target2ObjectId | ? Target1ObjectId | foreach {
        Write-verbose "Adding $($_.Target1ObjectId) to $($_.Target2ObjectId)" -Verbose
        Add-AzureADGroupMember -ObjectId $_.Target2ObjectId -RefObjectId $_.Target1ObjectId
    }
}

One thought on “Script for adding back members to Azure AD group from audit log”

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Share this:

Like this:

Related

Published by Marius Solbakken

One thought on “Script for adding back members to Azure AD group from audit log”

Leave a Reply Cancel reply