
function Add-User-Devices

Finds registered devices of users in UserGroup and adds them into DeviceGroup.
Author: David Velasquez
AzureAD Module
NuGet provider version '' or newer
Optional Dependencies:
ImportExcel Module
Accepts [-Excel] as optional parameter to generate an excel spreadsheet report.
Accepts [-Mobile] as optional parameter to only add mobile devices to [-DeviceGroup].
Accepts [-E] and [-M] as parameter aliases for [-Excel] and [-Mobile].
Accepts [-From] and [-To] as parameter aliases for [-UserGroup] and [-DeviceGroup].
Add-User-Devices [-From] <String> [-To] <String> [-E] [-M] [<CommonParameters>]
Note: <string> is the ObjectID of the User and Device groups.
Specifies the name of the user group where users can be found.
.PARAMETER DeviceGroup
Specifies the name of the device group where registered devices should be placed.
Optional: Generates an excel spreadsheet report and will open in excel if installed.
Optional: Specifies the name of the device group where registered mobile devices should be placed.
PS C:\> Add-User-Devices -UserGroup <ObjectID> -DeviceGroup <ObjectID>
PS C:\> Add-User-Devices -From <ObjectID> -To <ObjectID>
PS C:\> Add-User-Devices -From <ObjectID> -To <ObjectID> -Excel
PS C:\> Add-User-Devices -From <ObjectID> -To <ObjectID> -Mobile
PS C:\> Add-User-Devices -From <ObjectID> -To <ObjectID> -E -M

[CmdletBinding()] Param(
        [Parameter(Mandatory = $True,HelpMessage='User Group ObjectId')]

        [Parameter(Mandatory = $True,HelpMessage='Device Group ObjectId')]
        [Parameter(Mandatory = $False)]
        [Parameter(Mandatory = $False)]
    if (!(Connected)) {Azure-Ad-Auth}
    #Write-Host "`nFinding registered devices"
    $UserList = Get-AzureADGroupMember -ObjectId $UserGroup -All $true | Sort-Object -Property DisplayName
    If (!($UserList)) { Write-Host "No users were found - exiting" ; break }
    Write-Host ("`nProcessing details for {0} users" -f $UserList.count) -ForegroundColor Green

    $DeviceList = Get-AzureADGroupMember -ObjectId $DeviceGroup -All $true | Sort-Object -Property DisplayName
    $global:UserGroupName = (Get-AzureADGroup -objectid $UserGroup).displayname
    $global:DeviceGroupName = (Get-AzureADGroup -objectid $DeviceGroup).displayname

    $i = 0
    foreach ($User in $UserList)
    Write-Host ("`nFinding devices registered to {0} ({1}/{2})" -f $User.DisplayName, $i, $UserList.count) -ForegroundColor Yellow
    $DeviceQuery = Get-AzureADUserRegisteredDevice -objectid $User.objectid -All $true
    if ($Mobile)
        $Devices = $DeviceQuery | where-object { ($_.displayname -like "*iphone*") -or ($_.displayname -like "*ipad*") }
        $Devices = $DeviceQuery | where-object { ($_.displayname -notlike "*iphone*") -and ($_.displayname -notlike "*MacBook*") -and ($_.displayname -notlike "*ipad*") -and ($_.displayname -notlike "*vdi*") -and ($_.displayname -notlike "*yealink*") -and ($_.displayname -notlike "*android*") }
        $j = 0
        foreach ($Device in $Devices)
            if ($Device -ne $null)
                if ($DeviceList.objectid -notcontains  $Device.objectid)
                    Write-Host ("`nProcessing ({0}/{1}) devices for {2}" -f $j, $Devices.count, $User.DisplayName) -ForegroundColor Green
                    Write-Host ("`nAdding {0}'s {1} to {2}" -f $User.DisplayName, $Device.displayname, $DeviceGroupName) -ForegroundColor Cyan
                    Add-AzureADGroupMember -ObjectId $DeviceGroup -RefObjectId $Device.objectid
                    Write-Host ("`nProcessing ({0}/{1}) devices for {2}" -f $j, $Devices.count, $User.DisplayName) -ForegroundColor Green
                    Write-Host ("`n{0}'s {1} is already a member of {2}" -f $User.DisplayName, $Device.displayname, $DeviceGroupName) -ForegroundColor Red
    write-host ""
    Write-Host -ForegroundColor Yellow -NoNewLine 'Press any key to continue and generate report... ';
    $null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown');

    if ($Excel)
        Get-Report -From $UserGroup -To $DeviceGroup -Excel
        Get-Report -From $UserGroup -To $DeviceGroup

function Connected()
    $retval = $true
    try { 
     $Status = Get-AzureADTenantDetail 
    catch [Microsoft.Open.Azure.AD.CommonLibrary.AadNeedAuthenticationException] {
     $retval = $false
     return $retval
    return $retval

function Azure-Ad-Auth()

    $NuGet = (Get-packageprovider -ListAvailable -Name NuGet -ea silentlycontinue)
    if (!$NuGet)
        Install-PackageProvider -Name NuGet -MinimumVersion -Force | Out-Null
    Import-PackageProvider -Name NuGet | Out-Null
    $AzureAD = (Get-Module -ListAvailable -Name AzureAD -ea silentlycontinue)
    if (!$AzureAD)
        Install-Module -Name AzureAD -Force | Out-Null
    Import-Module AzureAD | Out-Null
    $mod = get-module AzureAD
    if ($mod -ne $null)
            Write-warning "Could not connect to Azure AD"

function Get-Report()

[CmdletBinding()] Param(
        [Parameter(Mandatory = $True,HelpMessage='User Group ObjectId')]

        [Parameter(Mandatory = $True,HelpMessage='Device Group ObjectId')]
        [Parameter(Mandatory = $False)]

    if (!(Connected)) {Azure-Ad-Auth}
    $UserList = Get-AzureADGroupMember -ObjectId $UserGroup -All $true | Sort-Object -Property DisplayName
    $DeviceList = Get-AzureADGroupMember -ObjectId $DeviceGroup -All $true | Sort-Object -Property DisplayName
    $global:UserGroupName = (Get-AzureADGroup -objectid $UserGroup).displayname
    $global:DeviceGroupName = (Get-AzureADGroup -objectid $DeviceGroup).displayname
    $global:Report = [System.Collections.Generic.List[Object]]::new() 

    foreach ($User in $UserList)
    $DeviceQuery = Get-AzureADUserRegisteredDevice -objectid $User.objectid -All $true
    $Devices = $DeviceQuery | where-object { ($_.displayname -notlike "*iphone*") -and ($_.displayname -notlike "*ipad*") -and ($_.displayname -notlike "*MacBook*") -and ($_.displayname -notlike "*vdi*") -and ($_.displayname -notlike "*android*") -and ($_.displayname -notlike "*yealink*") }
    $iPhones = $DeviceQuery | where-object {$_.displayname -like "*iphone*"}
    $iPads = $DeviceQuery | where-object {$_.displayname -like "*ipad*"}
    $Laptops = $DeviceQuery | where-object {$_.displayname -like "*-LT-*"}
    $AppleLaptops = $DeviceQuery | where-object {$_.displayname -like "*MacBook*"}
    $Desktops = $DeviceQuery | where-object { ($_.displayname -notlike "*iphone*") -and ($_.displayname -notlike "*ipad*") -and ($_.displayname -notlike "*MacBook*") -and ($_.displayname -notlike "*vdi*") -and ($_.displayname -notlike "*-LT-*") -and ($_.displayname -notlike "*android*") -and ($_.displayname -notlike "*yealink*") }
    $MobileDevices = $DeviceQuery | where-object { ($_.displayname -like "*iphone*") -or ($_.displayname -like "*ipad*") }
    $VirtualDesktops = $DeviceQuery | where-object {$_.displayname -like "*VDI-*"}
    $DevicesInDeviceGroup = $DeviceQuery | where-object { ($_.objectid -in $DeviceList.objectid) -and ($_.displayname -notlike "*iphone*") -and ($_.displayname -notlike "*ipad*") -and ($_.displayname -notlike "*MacBook*") -and ($_.displayname -notlike "*vdi*") -and ($_.displayname -notlike "*android*") }
    $MobileDevicesInDeviceGroup = $DeviceQuery | where-object { ($_.objectid -in $DeviceList.objectid) -and ($_.displayname -like "*iphone*") -or ($_.displayname -like "*ipad*") }

    $Lines = [PSCustomObject]@{
    User = $User.displayname
    UserObjectID = $User.objectid
    UserGroup = $UserGroupName
    UserGroupObjectID = $UserGroup
    DeviceGroup = $DeviceGroupName
    DeviceGroupObjectID = $DeviceGroup
    Devices = $Devices.displayname
    DeviceObjectIDs = $Devices.objectid
    DesktopDevices = $Desktops.displayname
    DesktopDeviceIDs = $Desktops.objectid
    LaptopDevices = $Laptops.displayname
    LaptopDeviceIDs = $Laptops.objectid
    AppleLaptopDevices = $AppleLaptops.displayname
    AppleLaptopDeviceIDs = $AppleLaptops.objectid
    iPadDevices = $iPads.displayname
    iPadDeviceIDs = $iPads.objectid
    iPhoneDevices = $iPhones.displayname
    iPhoneDeviceIDs = $iPhones.objectid
    VirtualDesktopDevices = $VirtualDesktops.displayname
    VirtualDesktopDeviceIDs = $VirtualDesktops.objectid
    CustomAttributes = $null
    DevicesInDeviceGroup = $DevicesInDeviceGroup.displayname
    DevicesInDeviceGroupIDs = $DevicesInDeviceGroup.objectid
    MobileDevicesInDeviceGroup = $MobileDevicesInDeviceGroup.displayname
    MobileDevicesInDeviceGroupIDs = $MobileDevicesInDeviceGroup.objectid

    Write-Host "`nGenerated Report"
    Write-Host "----------------`n"
    $Report | Pretty-Table | Out-GridView -wait

    $ExcelParam = $null
    if ($Excel)
        if ((Enum-Excel-Module))
            $ExcelParam = "-Excel"
    write-host "`nReport Generated by running:" -ForegroundColor Magenta
    write-host ("Get-Report -From {0} -To {1} {2}" -f $UserGroup, $DeviceGroup, $ExcelParam) -ForegroundColor Magenta

function Output-To-Excel()
$xlfile = "$env:USERPROFILE\Desktop\PSreport.xlsx"
Remove-Item $xlfile -ErrorAction SilentlyContinue

$excel = $Report | Pretty-Table | Export-Excel $xlfile -AutoSize -StartRow 2 -TableName GeneratedReport -PassThru

$ws = $excel.Workbook.Worksheets['Sheet1']

$xlParams = @{WorkSheet=$ws;Bold=$true;FontSize=24;AutoSize=$true}

Set-Format -Range A1  -Value "Generated Report" @xlParams

$ws.Cells["A1:B1"].merge = $true


Set-ExcelRange -Worksheet $ws -Range "A:B" -Width 50

#Set-ExcelRange -Worksheet $ws -Range "A3:B3" -Bold

$rowMax = ($ws).dimension.rows
$colNameA = "A"
$columnB = "B"
for ($i=3; $i -le $rowMax-1; $i = $i + 25)
    $range =  -join($colNameA, $i, ":", $columnB, $i)
    Set-ExcelRange -Worksheet $ws -Range "$range" -Bold -FontSize "20"

write-host ("Generated Report Saved to: {0}" -f $xlfile) -ForegroundColor Magenta

$HasOffice = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\O365ProPlusRetail*).displayname

if ($HasOffice)
    Close-ExcelPackage $excel -show
Close-ExcelPackage $excel


function Pretty-Table()
        [Parameter(Mandatory=$true, ValueFromPipeline=$true)]
        $InputObject |
        ForEach-Object {
        foreach ($Property in $
                $Hash = [ordered]@{

function Enum-Excel-Module()
    Import-PackageProvider -Name NuGet | Out-Null
    $ImportExcel = (Get-Module -ListAvailable -Name ImportExcel -ea silentlycontinue)
    if (!$ImportExcel)
        Set-PSRepository -Name PSGallery -InstallationPolicy Trusted | Out-Null
        Install-Module -Name ImportExcel -Force | Out-Null
    Import-Module ImportExcel | Out-Null
    $mod = get-module ImportExcel
    if ($mod -ne $null)
        return $true

Export-ModuleMember -function * -alias *