PowerShell Basics: List and Export Admin Roles Assigned to Office 365 Users

One questions I frequently get asked: ”How do I list all the users that have global admin access to my tenant?”

The information is viewable in the Office 365 Admin portal, by filtering the users by role. That way works for some clients, but other need the data to be exported and kept for compliance reasons. I have built a number of scripts for clients to automate the listing and exporting of this information, which the organization’s developer staff have then used to populate webpages. This is done with the Get-MsolRoleMember command in PowerShell.

Prerequisites:

1. The Microsoft Online Services Sign-In Assistant 7.0 is a prerequisite for installing the Microsoft Online Services Module for Windows PowerShell.
    
2. Once you have the Microsoft Online Services Sign-In Assistant 7.0 installed, now you can install the Microsoft Online Services Module for Windows PowerShell.
    
3. Once you have those two pieces installed, open Windows Azure AD Module for PowerShell as an administrator and enter the following commands:
    
   $cred = Get-Credential
    
   (Enter Credentials)
    
   Connect-MsolService -credential $cred

 
Listing and Exporting Admin Roles:  

1. Enter the command:
    
   $role = Get-MsolRole -RoleName "Company Administrator"
    
2. Enter the command:
    
   Get-MsolRoleMember -RoleObjectId $role.ObjectId | Export-CSV c:\directory\filename.csv
    
   This will export all the members of the Company Administrator (Global Admin) group.

If you want to export from the other built-in groups, a list is provided below. You can always view the roles by entering the command Get-MsolRole