m365Corner
M365 Blogs

Ultimate Guide for Using Get-MgGroupMember Cmdlet

Managing group memberships in Microsoft 365 is a crucial part of ensuring that the right individuals have access to the resources and tools they need. Whether it’s adding or removing users, monitoring group memberships, or automating routine tasks, administrators need a reliable way to manage and query group members.

This guide delves into the Get-MgGroupMember cmdlet, a powerful tool in the Microsoft Graph PowerShell module, and shows how it can simplify group membership management.

Who Are Microsoft 365 Group Members?

Microsoft 365 groups enable seamless collaboration by connecting a group of users to shared tools like Outlook, Teams, SharePoint, and Planner. Each member of a group is an account (user or service principal) that has specific permissions and access to resources.

Admins manage group memberships to:

  • Ensure proper access control.
  • Facilitate effective communication within teams.
  • Maintain up-to-date membership records for security and compliance
While the Admin Center is user-friendly, it’s not always efficient for bulk operations or advanced filtering. This is where Get-MgGroupMember becomes invaluable.

Why Use Get-MgGroupMember?

The Get-MgGroupMember cmdlet provides a programmatic way to fetch the members of any Microsoft 365 group. While the Admin Center allows manual membership management, Get-MgGroupMember shines in scenarios requiring:

  • Bulk queries for multiple groups.
  • Automation of membership monitoring tasks.
  • Detailed reporting on group memberships.

Setting Up Microsoft Graph PowerShell

To use the Get-MgGroupMember cmdlet, you need to set up the Microsoft Graph PowerShell module. Here’s how:

1. Install the Module

Run this command in PowerShell to install the module: 

Install-Module Microsoft.Graph -Scope CurrentUser

2. Connect to Microsoft Graph

Once installed, connect to your Microsoft 365 tenant: 

Connect-MgGraph

3. Disconnect After Use

When finished, disconnect to secure your session: 

Disconnect-MgGraph

Exploring the Get-MgGroupMember Cmdlet

The Get-MgGroupMember cmdlet retrieves members of a specified Microsoft 365 group. Whether you want a quick list of user IDs or detailed user information, this cmdlet offers flexibility and power.

Cmdlet Syntax

Get-MgGroupMember [-GroupId <String>] [-Filter <String>] [-All <Boolean>] [<CommonParameters>]

Usage Examples

  1. Passing Group ID Directly

    2. To fetch members of a specific group by its unique ID:

    Get-MgGroupMember -GroupId "1cbe8c31-589d-453a-a1e5-045f7f00c967"

    This command returns the IDs of all group members.

  2. Passing Group ID When Prompted by Console

    3. If you directly execute the Get-MgGroupMember cmdlet without the group id, the console prompts you to enter the same.

    Get-MgGroupMember
    Note: You can get the group id by executing Get-MgGroup cmdlet.
  3. Get-MgGroupMember Returns Only Member or User IDs by Default

    4. The output of Get-MgGroupMember includes only the IDs of group members, not personal details like names or email addresses. While this information is sufficient for some use cases, administrators often require additional user details.

    Get-MgUser -UserId "john.doe@contoso.com"
  4. Use Get-MgUser with Get-MgGroupMember to Get Detailed User Information

    5. To fetch additional information like DisplayName, UPN, or Mail, combine Get-MgGroupMember with Get-MgUser:

    # Retrieve members of a specified group
$groupMembers = Get-MgGroupMember -GroupId "1cbe8c31-589d-453a-a1e5-045f7f00c967"
                                                
# Initialize an array to store detailed user information
$userDetails = @()
                                                
# Loop through each group member and retrieve additional properties
foreach ($member in $groupMembers) {
        $user = Get-MgUser -UserId $member.Id -Property "id, displayName, userPrincipalName"
        $userDetails += [PSCustomObject]@{
            Id                 = $user.Id
            DisplayName        = $user.DisplayName
            UserPrincipalName  = $user.UserPrincipalName
        }
}
                                                
# Display the detailed user information
$userDetails | Select-Object Id, DisplayName, UserPrincipalName

    This script retrieves and displays user details for all group members, providing the information needed for advanced reporting or management tasks.

Best Practices for Get-MgGroupMember

  • Limit Scope: Use filters or specific parameters to retrieve only the data you need, avoiding excessive data pulls.
  • Combine with Other Cmdlets: Combine Get-MgGroupMember with cmdlets like Get-MgUser or Remove-MgGroupMember to create workflows for automation.
  • Simulate Actions: Use the -WhatIf parameter to preview commands and avoid unintended changes.
  • Secure Access: Always disconnect from Microsoft Graph after completing tasks to maintain security.

Conclusion

The Get-MgGroupMember cmdlet is a versatile tool for Microsoft 365 administrators, offering an efficient way to query group memberships. By combining it with other Graph PowerShell cmdlets, admins can unlock advanced capabilities, from fetching detailed user information to automating membership management.

Whether you’re managing a small team or overseeing an enterprise environment, mastering Get-MgGroupMember will save time, reduce errors, and enhance productivity.


Permission Required

Example:


                            

                            

                            

                            

                            

                        

                    

                


                
            

        

    

    


    
  
    

        
© Your Site Name. All Rights Reserved. 
		
		
		Design by HTML Codex