How To Add Users To An Azure AD Group Using Powershell

Active Directory groups in general, are one of best ways to maintain access for a certain resource. This has been one of the most fundamental concepts since the beginning of time and now that people are getting more and more involved in a cloud environment, it would be good to familiarize yourself with the action of how to add users to an Azure AD group.

Today we’re going to discuss several methods of getting our users added to groups. Generally they’ll look like this.

  • Adding Members in the Azure Portal
    • Adding Users to a Group
    • Using the group to add additional members
  • Adding Members using Powershell

It might seem a little nonsensical, but in the Azure Portal (GUI) you can accomplish this goal from the user object as well as the group object. Also, with anything Azure Active Directory related, let’s go over the requirements and permissions needed.

Requirements and Permissions

As mentioned, there are permissions required to successfully accomplish this task.

  • User Administrator -or Global Administrator Azure AD Role
    • If you’re using an administrative unit, group administrator is required for managing groups
  • The AzureAD -or AzureADPreview Powershell Module (for Powershell Portion)

Add Users To An Azure AD Group in Azure Portal

This method is pretty straight forward and assuming you have the proper permissions required above, you can simply follow these steps.

  • Navigate to https://portal.azure.com -> Azure Active Directory -> Users
  • Search for the user you want to add
  • Select Groups -> Add Memberships

Add users to groups Azure AD

Using A Group to Add Additional Members in Azure Portal

Similar to above where you want to add a user to a group through the user object, you can add the member to the group object. Here’s how:

  • Navigate to https://portal.azure.com -> Azure Active Directory -> Groups
  • Search for the group you want to update
  • Select Members -> Add Memberships

Add group members Azure AD - Direct Members

Add group members Azure AD - All Members


Note: Nested groups are valid in Azure AD. To view all members recursively, select the “All Members” tab to show everyone

Add Users To An Azure AD Group Using Powershell

When you want to scale your operations or just make adding group members faster through the CLI, you can easily accomplish this via Powershell. Let’s take a look at a code snippet to add our user, Buzz Lightyear, to the SG – FakeGroup AAD group.

#Get ObjectId for Buzz using the Get-AzureADUser cmdlet.
PS C:\> Get-AzureADUser -ObjectId [email protected]

ObjectId                             DisplayName    UserPrincipalName                 UserType
--------                             -----------    -----------------                 --------
647e9c5e-4498-47b7-a85b-75a5e53cbf89 Buzz Lightyear [email protected] Member

#Get ObjectId for the SG - FakeGroup using the Get-AzureADGroup cmdlet and specifying a searchstring.  Personally, I would get the group ObjectId from the portal instead since multiple groups can have the same DisplayName.
PS C:\> Get-AzureADGroup -SearchString 'SG - FakeGroup'

ObjectId                             DisplayName    Description
--------                             -----------    -----------
51fb0824-5318-448c-8de6-ffc06c192b0d SG - FakeGroup A group thats not real

#Use Add-AzureADGroupMember with the ObjectId as the groups ObjectId and the RegObjectId as the user's ObjectId
PS C:\> Add-AzureADGroupMember -ObjectId 51fb0824-5318-448c-8de6-ffc06c192b0d -RefObjectId 647e9c5e-4498-47b7-a85b-75a5e53cbf89

Add users to groups Azure AD Using Powershell


Hopefully, this article was elaborate enough to show you how to add users to an Azure AD group using Powershell or using the Azure Portal (GUI). For me personally, since I’m a CLI type of guy, I always prefer to use to Powershell over the GUI because its so much more convenient.

If you would like to see more content like this, be sure to check out our Azure Gallery or better yet, all of our Powershell Posts

5/5 - (6 votes)

Paul Contreras

Hi, my name is Paul and I am a Sysadmin who enjoys working on various technologies from Microsoft, VMWare, Cisco and many others. Join me as I document my trials and tribulations of the daily grind of System Administration.


  1. I got error: Add-AzureADGroupMember : Error occurred while executing AddGroupMember
    Code: Authorization_RequestDenied
    Message: Insufficient privileges to complete the operation.

  2. Buy how would you do this for multiple users?
    I did the following, check this snippet: https://pastebin.com/aHw85b3R

    First I set the variable for $users to get the username from this text file.
    Then I want to add those users to the group with Add-AzureADGroupMember.

    But it doesn’t work and I get the following error:
    Add-AzureADGroupMember : Error occurred while executing AddGroupMember
    Code: Request_BadRequest

  3. That is a nice article. Would like to see more of this. A small inquiry, did you copy and paste the 2 object id values in the last cmdlet or is there any other way to get those values there? Using variables could be an option but wondering what you prefer to use in these cases. Thanks in advance.

Leave a Reply

Your email address will not be published.