Compare Two Azure/AD/M365 Groups and Print the Results

Compare two AD Groups.

$GROUP1=Get-ADGroupMember -Identity "Domain Admins" | select-Object Name
$GROUP2=Get-ADGroupMember -Identity "Enterprise Admins" | select-Object Name

$Comparison=Compare-Object -ReferenceObject $GROUP1.Name -DifferenceObject $GROUP2.Name | Sort-Object Name

foreach ($i in $Comparison){
	if($i.SideIndicator -eq "=>"){
		#Listed in GROUP2 but not in GROUP1
		Write-output "$($i.InputObject) exists in Group 2 but not Group 1"
	}elseif($i.SideIndicator -eq "<="){
		#Listed in GROUP1 but not in GROUP2
		Write-output "$($i.InputObject) exists in Group 1 but not Group 2"
	}
}

Compare two Azure groups.

Connect-AzureAD

$GROUP1=Get-AzureADGroupMember -ObjectId "c203a90f-0ec1-4c75-85c9-8d6e97f78a60" -All $true | Select-Object DisplayName, UserPrincipalName
$GROUP2=Get-AzureADGroupMember -ObjectId "2177ea60-e8d6-4dc9-a044-4a1ccecbf743" -All $true | Select-Object DisplayName, UserPrincipalName

$Comparison=Compare-Object -ReferenceObject $GROUP1.UserPrincipalName -DifferenceObject $GROUP2.UserPrincipalName | Sort-Object UserPrincipalName

foreach ($i in $Comparison){
	if($i.SideIndicator -eq "=>"){
		#Listed in Group 2 but not in Group 1
		Write-output "$($i.InputObject) exists in Group 2 but not Group 1"
	}elseif($i.SideIndicator -eq "<="){
		#Listed in Group 1 but not in Group 2
		Write-output "$($i.InputObject) exists in Group 1 but not Group 2"
	}
}

Compare two Distribution Lists.

Connect-AzureAD

$GROUP1=Get-DistributionGroupMember -Identity "iPhone Notifications" | Select-Object Identity, PrimarySMTPAddress
$GROUP2=Get-DistributionGroupMember -Identity "iPhone Notifications" | Select-Object Identity, PrimarySMTPAddress

$Comparison=Compare-Object -ReferenceObject $GROUP1.PrimarySMTPAddress -DifferenceObject $GROUP2.PrimarySMTPAddress | Sort-Object PrimarySMTPAddress

foreach ($i in $Comparison){
	if($i.SideIndicator -eq "=>"){
		#Listed in Group 2 but not in Group 1
		Write-output "$($i.InputObject) exists in Group 2 but not Group 1"
	}elseif($i.SideIndicator -eq "<="){
		#Listed in Group 1 but not in Group 2
		Write-output "$($i.InputObject) exists in Group 1 but not Group 2"
	}
}

Revision #4
Created 2023-11-17 23:01:59 UTC by Ryan
Updated 2025-03-13 00:55:13 UTC by Ryan