SMSAgentSoftware · March 18, 2025 14:30 · SMSAgentSoftware · Aug 4, 2022
diff --git a/Get-ManagedDeviceGroupMembership.ps1 b/Get-ManagedDeviceGroupMembership.ps1
 ## Requires the Microsoft.Graph.Intune module

 ## Examples:
 $GroupMembership = Get-DeviceGroupMembership -DeviceName "PC001" 
 $GroupMembership = Get-DeviceGroupMembership -AADDeviceId "c089201c-ad84-1234-5678-00d06dc86d8f"
 $GroupMembership | Sort Name | Out-GridView
 # Is device a member of a specific group
 $GroupMembership.Name -contains "Intune - All Windows 10 Workstations"


 # Function
 function Get-DeviceGroupMembership{
    [CmdletBinding(DefaultParameterSetName='Name')]
    Param(  
    [Parameter(Mandatory=$true,ParameterSetName='Name')]  
    [ValidateNotNullOrEmpty()]  
        [string]$DeviceName,
    [Parameter(Mandatory=$true,ParameterSetName='Id')]  
    [ValidateNotNullOrEmpty()] 
        [string]$AADDeviceId
    )

    $ProgressPreference = 'SilentlyContinue'
    # Get a user token for MS Graph
    $GraphToken = Connect-MSGraph -PassThru

    # Find the object id
    If ($DeviceName)
    {
        $URL = "https://graph.microsoft.com/v1.0/devices?`$filter=displayName eq '$DeviceName'&`$select=id"
    }
    If ($AADDeviceId)
    {
        $URL = "https://graph.microsoft.com/v1.0/devices?`$filter=deviceId eq '$AADDeviceID'&`$select=id"
    }
    $headers = @{'Authorization'="Bearer " + $GraphToken}
    $D_Response = Invoke-WebRequest -Uri $URL -Method GET -Headers $Headers -UseBasicParsing
    If ($D_Response.StatusCode -eq 200)
    {
        # Check for duplicates
        $DeviceId = ($D_Response.Content | ConvertFrom-Json).Value.id
        If ($DeviceId.Count -gt 1)
        {
            Write-Warning "Multiple devices found. Please pass a unique devicename or AAD device Id!"
            Return
        }
        else 
        {
            If ($DeviceId)
            {
                # Get the group membership
                $URL = "https://graph.microsoft.com/beta/devices/$DeviceId/memberOf?`$select=displayName,description,id,groupTypes,membershipRule,membershipRuleProcessingState"
                $G_Response = Invoke-WebRequest -Uri $URL -Method GET -Headers $Headers -UseBasicParsing
                If ($G_Response.StatusCode -eq 200)
                {
                    $Groups = ($G_Response.Content | ConvertFrom-Json).Value 
                }

                # Get the transitive group membership
                $URL = "https://graph.microsoft.com/beta/devices/$DeviceId/transitiveMemberOf?`$select=displayName,description,id,groupTypes,membershipRule,membershipRuleProcessingState"
                $TG_Response = Invoke-WebRequest -Uri $URL -Method GET -Headers $Headers -UseBasicParsing
                If ($TG_Response.StatusCode -eq 200)
                {
                    $TransitiveGroups = ($TG_Response.Content | ConvertFrom-Json).Value 
                }
            }
            else 
            {
                Write-Warning "Device not found!"    
            }
        }
    }
    else 
    {
        Return    
    }

    # If results found
    If ($Groups.Count -ge 1 -or $TransitiveGroups.Count -ge 1)
    {
        # Create a datatable to hold the groups
        $DataTable = [System.Data.DataTable]::New()
        $Columns = @()
        @(
            'Name'
            'Description'
            'Object Id'
            'Membership Type'
            'Direct or Transitive'
            'Membership Rule'
            'Membership Rule Processing State'
        ) | foreach {
            $Columns += [System.Data.DataColumn]::new("$_")
        }
        $DataTable.Columns.AddRange($Columns)

        # Add the groups
        foreach ($Group in $Groups)
        {
            If (($Group.groupTypes | Select -First 1) -eq "DynamicMembership")
            {$MembershipType = "Dynamic"}
            Else {$MembershipType = "Assigned"}
            [void]$DataTable.Rows.Add($Group.displayName,$Group.description,$Group.id,$MembershipType,"Direct",$Group.membershipRule,$Group.membershipRuleProcessingState)
        }

        # Add the transitive groups
        foreach ($TransitiveGroup in ($TransitiveGroups | where {$_.id -NotIn $Groups.id}))
        {
            If (($TransitiveGroup.groupTypes | Select -First 1) -eq "DynamicMembership")
            {$MembershipType = "Dynamic"}
            Else {$MembershipType = "Assigned"}
            [void]$DataTable.Rows.Add($TransitiveGroup.displayName,$TransitiveGroup.description,$TransitiveGroup.id,$MembershipType,"Transitive",$TransitiveGroup.membershipRule,$TransitiveGroup.membershipRuleProcessingState)
        }

        Return $DataTable
    }
 }
	## Requires the Microsoft.Graph.Intune module

	## Examples:
	$GroupMembership = Get-DeviceGroupMembership -DeviceName "PC001"
	$GroupMembership = Get-DeviceGroupMembership -AADDeviceId "c089201c-ad84-1234-5678-00d06dc86d8f"
	$GroupMembership \| Sort Name \| Out-GridView
	# Is device a member of a specific group
	$GroupMembership.Name -contains "Intune - All Windows 10 Workstations"


	# Function
	function Get-DeviceGroupMembership{
	[CmdletBinding(DefaultParameterSetName='Name')]
	Param(
	[Parameter(Mandatory=$true,ParameterSetName='Name')]
	[ValidateNotNullOrEmpty()]
	[string]$DeviceName,
	[Parameter(Mandatory=$true,ParameterSetName='Id')]
	[ValidateNotNullOrEmpty()]
	[string]$AADDeviceId
	)

	$ProgressPreference = 'SilentlyContinue'
	# Get a user token for MS Graph
	$GraphToken = Connect-MSGraph -PassThru

	# Find the object id
	If ($DeviceName)
	{
	$URL = "https://graph.microsoft.com/v1.0/devices?`$filter=displayName eq '$DeviceName'&`$select=id"
	}
	If ($AADDeviceId)
	{
	$URL = "https://graph.microsoft.com/v1.0/devices?`$filter=deviceId eq '$AADDeviceID'&`$select=id"
	}
	$headers = @{'Authorization'="Bearer " + $GraphToken}
	$D_Response = Invoke-WebRequest -Uri $URL -Method GET -Headers $Headers -UseBasicParsing
	If ($D_Response.StatusCode -eq 200)
	{
	# Check for duplicates
	$DeviceId = ($D_Response.Content \| ConvertFrom-Json).Value.id
	If ($DeviceId.Count -gt 1)
	{
	Write-Warning "Multiple devices found. Please pass a unique devicename or AAD device Id!"
	Return
	}
	else
	{
	If ($DeviceId)
	{
	# Get the group membership
	$URL = "https://graph.microsoft.com/beta/devices/$DeviceId/memberOf?`$select=displayName,description,id,groupTypes,membershipRule,membershipRuleProcessingState"
	$G_Response = Invoke-WebRequest -Uri $URL -Method GET -Headers $Headers -UseBasicParsing
	If ($G_Response.StatusCode -eq 200)
	{
	$Groups = ($G_Response.Content \| ConvertFrom-Json).Value
	}

	# Get the transitive group membership
	$URL = "https://graph.microsoft.com/beta/devices/$DeviceId/transitiveMemberOf?`$select=displayName,description,id,groupTypes,membershipRule,membershipRuleProcessingState"
	$TG_Response = Invoke-WebRequest -Uri $URL -Method GET -Headers $Headers -UseBasicParsing
	If ($TG_Response.StatusCode -eq 200)
	{
	$TransitiveGroups = ($TG_Response.Content \| ConvertFrom-Json).Value
	}
	}
	else
	{
	Write-Warning "Device not found!"
	}
	}
	}
	else
	{
	Return
	}

	# If results found
	If ($Groups.Count -ge 1 -or $TransitiveGroups.Count -ge 1)
	{
	# Create a datatable to hold the groups
	$DataTable = [System.Data.DataTable]::New()
	$Columns = @()
	@(
	'Name'
	'Description'
	'Object Id'
	'Membership Type'
	'Direct or Transitive'
	'Membership Rule'
	'Membership Rule Processing State'
	) \| foreach {
	$Columns += [System.Data.DataColumn]::new("$_")
	}
	$DataTable.Columns.AddRange($Columns)

	# Add the groups
	foreach ($Group in $Groups)
	{
	If (($Group.groupTypes \| Select -First 1) -eq "DynamicMembership")
	{$MembershipType = "Dynamic"}
	Else {$MembershipType = "Assigned"}
	[void]$DataTable.Rows.Add($Group.displayName,$Group.description,$Group.id,$MembershipType,"Direct",$Group.membershipRule,$Group.membershipRuleProcessingState)
	}

	# Add the transitive groups
	foreach ($TransitiveGroup in ($TransitiveGroups \| where {$_.id -NotIn $Groups.id}))
	{
	If (($TransitiveGroup.groupTypes \| Select -First 1) -eq "DynamicMembership")
	{$MembershipType = "Dynamic"}
	Else {$MembershipType = "Assigned"}
	[void]$DataTable.Rows.Add($TransitiveGroup.displayName,$TransitiveGroup.description,$TransitiveGroup.id,$MembershipType,"Transitive",$TransitiveGroup.membershipRule,$TransitiveGroup.membershipRuleProcessingState)
	}

	Return $DataTable
	}
	}