Script for adding back members to Azure AD group from audit log

Had an emergency at a customer today, where the IAM solution removed a few thousand users from licensing groups. In order to quickly add these back until the IAM system was operational again, the following method was used.

First we found each group in the Azure AD portal and downloaded the audit log in csv format, for the last 24 hours:

Then we used the following script (run in the folder where the csv files are stored).

ls  | ? extension -eq ".csv"| foreach {
    gc $_.FullName  | ConvertFrom-Csv | ? Activity -eq "Remove member from group"  | ? Target2ObjectId | ? Target1ObjectId | foreach {
        Write-verbose "Adding $($_.Target1ObjectId) to $($_.Target2ObjectId)" -Verbose
        Add-AzureADGroupMember -ObjectId $_.Target2ObjectId -RefObjectId $_.Target1ObjectId

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s