top of page

AzureAD Module Group Management

Before you dive in please have a look at this in explanation of accounts. This will allow proper managment of user accounts in Azure AD. As always make sure to review changes first then commit. When comparing Active Directory Security Identifier (SID) and Azure ObjectId, it's important to understand their distinct roles and contexts within traditional on-premises Active Directory (AD) and Azure Active Directory (Azure AD):

Active Directory Security Identifier (SID)

  • Context: Traditional on-premises Active Directory (AD).

  • Purpose: A unique identifier for security principals (e.g., users, groups, computers) within an AD domain.

  • Format: A string that includes a domain identifier and a unique relative identifier (RID).

    • Example: S-1-5-21-3623811015-3361044348-30300820-1013.

  • Usage: Used by Windows for managing permissions, authentication, and security. Each AD object has a SID, and it's used extensively in access control lists (ACLs) and security descriptors.

  • Uniqueness: Unique within a domain and persists even if the object’s attributes (e.g., username) change.

Azure ObjectId

  • Context: Azure Active Directory (Azure AD).

  • Purpose: A globally unique identifier (GUID) for each Azure AD object, such as users, groups, and applications.

  • Format: A long, GUID string. Example: 12345678-1234-1234-1234-1234567890ab.

  • Usage: Used to uniquely identify Azure AD objects for management, API operations, and application integrations.

  • Uniqueness: Globally unique across the Azure AD tenant.

Key Comparisons:

  • Scope of Uniqueness:

    • SID: Unique within an AD domain. The domain part of the SID ensures uniqueness within that domain.

    • Azure ObjectId: Unique across the entire Azure AD tenant.

  • Format:

    • SID: Complex string format that includes a domain identifier and RID.

    • Azure ObjectId: Simple GUID string.

  • Usage Context:

    • SID: Primarily for on-premises environments for permissions, ACLs, and security descriptors.

    • Azure ObjectId: For cloud environments, used in Azure AD for identifying and managing objects.

  • Primary Role:

    • SID: Security-focused identifier used in managing access and permissions within Windows environments.

    • Azure ObjectId: Identifier for managing and interacting with Azure AD objects, used in cloud-based applications and services.


  • SID is integral to on-premises AD for security and permissions, ensuring consistent identification of objects within a domain even if their attributes change.

  • Azure ObjectId serves as a globally unique identifier in Azure AD, facilitating object management and integration in cloud-based environments.

Understanding these identifiers and their roles is crucial for IT professionals managing hybrid environments to ensure seamless and secure identity management across both on-premises and cloud systems.



#  // Create Azure AD Group  
New-AzureADGroup -DisplayName "Accounting Full Rights" -Description "Used for Account NTFS Full Rights" -MailEnabled $false -SecurityEnabled $true -MailNickName "NotSet"





#  // Modify Azure AD Group 
Get-AzureADGroup -SearchString "Accounting Full Rights" | Set-AzureADGroup -Description "Used for Accounting Full Rights"


#  //   Add User to Azure AD Group    
# Get User Account

$UserAccount=Get-AzureADUser | Where{$_.UserPrincipalName -like "Shead@*"} | Select givenname,surname, DisplayName, AccountEnabled, ObjectID

# // Get Azure AD Group Object ID 
$Group_ObjectID=Get-AzureADGroup -SearchString "Accounting Full Rights" | Select -ExpandProperty ObjectID  

# // Add User to Azure AD Group 
Add-AzureADGroupMember -objectID $Group_ObjectID  -RefObjectId $UserAccount.ObjectID

# // Follow up and Check Group Membership 
Get-AzureADGroupMember -ObjectId $Group_ObjectID 






#  // Remove user from Azure AD Group  
Remove-AzureADGroupMember -ObjectId $Group_ObjectID -MemberId $UserAccount.ObjectID

# // Follow up and Check Group Membership 
Get-AzureADGroupMember -ObjectId $Group_ObjectID 

Add-AzureADGroupMember by ObjectID
Get-AzureADGroup by ObjectID
Get-AzureADUser - Select ObjectID
Get-AzureADGroupMember by ObjectID
Get-AzureADGroupMember by ObjectID
Remove-AzureADGroupMember by ObjectID
bottom of page