Public/Get-specEntraIDUserGroup.ps1

function Get-specEntraIDUserGroup {
    <#
    .SYNOPSIS
    Retrieves group membership information for users from Microsoft Graph API based on their UserPrincipalName (UPN).
 
    .DESCRIPTION
    This function retrieves group membership information for users from Microsoft Graph API based on their UserPrincipalName (UPN). It requires an access token with appropriate permissions to access Microsoft Graph.
 
    .PARAMETER UPN
    Specifies the UserPrincipalName (UPN) of the user(s) whose group membership information is to be retrieved. This parameter accepts input from the pipeline. If not specified, the default value is set to the UPN of the currently logged-in user.
 
    .PARAMETER AccessToken
    Specifies the access token required to authenticate with Microsoft Graph API. This parameter is mandatory.
 
    .EXAMPLE
    Get-specEntraIDUserGroup -UPN "user1@specsavers.com" -AccessToken "your_access_token_here"
    Retrieve group membership information for a single user with the specified UPN.
 
    .EXAMPLE
    "user1@specsavers.com" | Get-specEntraIDUserGroup -AccessToken "your_access_token_here"
    Retrieve group membership information for a single user using pipeline input for the UPN.
 
    .EXAMPLE
    $customObject = [pscustomobject]@{
        UPN = "user1@specsavers.com"
        AccessToken = "your_access_token_here"
    }
    $customObject | Get-specEntraIDUserGroup
    Retrieve group membership information for user(s) whose UPNs are contained in a custom object sent through the pipeline.
 
    .NOTES
    Author: owen.heaume
    Version: 1.0.0 Initial Release
             1.0.1 Add @odata.nextlink code so it returns all groups if over 100 (Previously would only return a max of 100 groups)
    #>


    [cmdletbinding()]
    param(
        [parameter(Mandatory = $false, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
        [Alias('UserPrincipalName')]
        [string[]]$UPN = "$ENV:Username@specsavers.com",

        [parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true)]
        [string]$AccessToken
    )

    Begin { }

    process {
        foreach ($user in $UPN) {
            $url = "https://graph.microsoft.com/v1.0/users/$user/memberOf"
            $allGroups = @()
            do {
                try {
                    $result = Invoke-RestMethod -Method Get -Uri $url -Headers @{Authorization = "Bearer $($AccessToken)" } -ea Stop
                    $allGroups += $result.value
                    $url = $result.'@odata.nextLink'
                } catch {
                    Write-Warning "$User Error: $($_.Exception.Message)"
                    $url = $null
                }
            } while ($url)

            $allGroups | ForEach-Object {
                [pscustomobject]@{
                    UPN          = $user
                    GroupID      = $_.id
                    DisplayName  = $_.displayName
                    Description  = $_.description
                    MailEnabled  = $_.mailEnabled
                    CreationDate = $_.createdDateTime
                }
            }
        }
    }
}