While many organizations allow users to manage their own group memberships, that’s not always a viable option. That’s particularly true for security groups or Microsoft 365 groups that control access to sensitive resources. In these cases, the end-users can’t manage the groups for operational or regulatory requirements. That means the IT department would be in charge of group management.
Usually, the small changes in group memberships aren’t a big deal. That said, manually adding a user to a group doesn’t scale well. Fortunately, Microsoft provides a way of adding users to a group in bulk.
In this article, I’ll show you how to perform a bulk group membership update in Azure Active Directory, through a comma-separated value (CSV) file. Although it’s beyond this article’s scope, you can also use a very similar technique to remove members from a group in bulk.
First, let’s get to know Microsoft 365 Bulk Group Management.
When to Use Bulk Group Management with Microsoft 365?
Bulk group management isn’t appropriate for every situation. Still, you can find its place. You’d primarily use bulk group management when you need to add many users to one or more groups. In that case, Bulk group management would be faster than clicking users one by one in the GUI. Bulk group management is also useful when someone gives you a file with a list of users who should be added to a group. Now, let’s look at how bulk group management works.
How to Add Users to a Group in Bulk
Let’s take a look at how to add users to a group in the Azure Active Directory Admin Center. First, you’ll have to reach the Groups tab, in 3 simple steps:
- Open the Azure Active Directory Admin Center
- Click on the Azure Active Directory tab
- Click on the Groups tab
Now, you can see all the current groups in your Azure AD environment. That’s also where you can create a new group, with the New Group Icon.
For our purposes now, though, I’ll assume you’ve already created a group and you want to add many users to it.
First, I’ll show you how to add users to a group normally.
The Normal Way to Add Users to a Group
The normal way involves just a few simple steps:
- Click on the group
- Select the Members tab
- Click on the Add Members button
- Select the users that you want to add
As easy as this may be, it doesn’t work all that well if you need to add a large number of users to a group.
Now, let’s look at how to add users in bulk.
Adding Users in Bulk
Azure Active Directory gives you many options for group management. Once again, though, I’ll only focus on adding users in bulk. This process splits into 2 parts: getting the CSV file, and editing it.
Part 1: Receiving the CSV file
- Click on the Bulk Operations option, located to the right of the Add Members button.
- Click on the Import Members option from the drop-down menu. Azure AD will display a window outlining a three-step process: Downloading, editing, and uploading a CSV file.
- Click on the Download button, shown in the figure above. Then, follow your browser’s prompts to download a file named GroupImportMembersTemplate.csv.
Part 2: Editing and Importing the CSV File
- Open the CSV file in Microsoft Excel or any other text editor.
- Click the user’s account in the console’s User tab
- Select the user’s object ID (a hexadecimal number) or principal name
- Copy all the necessary info into the row as shown in the example row
- Save your changes to the document when you’ve added all users
- Import the file into Azure Active Directory through the previously opened window
That’s it! Now, your users should successfully be in the group. Still, you need to look out for a few things to make sure that works properly, and check your logs! Let’s take a detailed look at your CSV file.
As you can see in the image above, the first row of data within the file contains a version number. You must keep the version number in place. It should stay as it is, so don’t make any modifications to this row of data.
The second row in the file contains a list of column headings. It tells you if those particular columns are required or not. You can’t add any additional column headers, and you shouldn’t modify the existing header name. Otherwise, the import process will fail.
The third row currently provides an example of how to add data to the file. The example pertains to a member object ID, but you can also use a user principal name.
In our example, the CSV file specifically asked for member object IDs or user principal names. That said, some other cases may require different information. Please always be sure to enter the correct information without modifying the existing headings.
At that, you’ve finally completed the process of bulk-adding users to the group. Aren’t you glad you didn’t have to add all those users manually?
While it’s okay to manually add users to a group, it can be really time-consuming. That’s especially true when dealing with many users. That’s why importing a CSV file can be more efficient. Simply download the CSV template, and include the users you want to add to the group. Once edited, you can import the CSV file and the users in the file will automatically be added to the group.
How is populating a CSV file with user principal names or user IDs any faster than manually adding users to a group?
Manually constructing a CSV file can be a tedious process. It may not even save any time. That said, if the IT department is responsible for group management, then you can ask for a user ID or principal name list from those requesting group membership changes. If the list is ready, you’ll save yourself a lot of work.
Why do you have to use the template file instead of just creating your own CSV file using Notepad or something similar?
The CSV file has to follow a particular format and must have specific header names supplied by the template file. Essentially AD works like a relational database and if you misformat an entry it will add a new column. Very quickly you will end up with a mess that will lead to further issues during migration events.
What is an example of a situation where you may want to bulk add users?
If someone in another department gives you a long list of users to add to a group, it may be faster to perform a bulk import. It’s likely they would have exported this type of list as a CSV so your work may already be half done. Make sure you take a backup before you start anything though!
What types of groups can I manage?
This technique is primarily for Microsoft 365 groups and security groups. Administrative groups will likely have their own unique fields that will need to be managed manually. To do this you will need to login via the portal and update these users.
Can I bulk-add users to a group from PowerShell?
Yes, but the technique is completely different. You’ll have to create a loop to process the CSV file. Then, you’ll use the Add-AzureADGroupMember cmdlet to add the users to the specified group.
Read Microsoft’s documentation on bulk-adding group members in Azure Active Directory here.
Microsoft 365 Organization
Find out how to prevent Microsoft 365 group sprawl here.
Azure AD roles and RBAC permissions
Learn how to secure and lock down Azure management groups here.
Active Directory’s Security Enhancement
Learn how to keep Active Directory security groups secure here.
Azure AD Group Member Management
Discover PowerShell group management here.
Azure AD Group Creation
Learn how to create groups in Azure AD here.
1 thought on “Bulk Group Management in Azure AD and Microsoft 365”
Thanks for sharing. I absolutely loved your Article.