M365Corner

🔧 New: User Management Graph PowerShell Toolkit

Simplify user tasks like bulk creation, updates, password resets, deletions, license checks & more — all from one place.

🚀 Launch Toolkit
M365 PowerShell

Get-MgDirectoryAdministrativeUnit – Retrieve Administrative Units in Microsoft Entra ID

The Get-MgDirectoryAdministrativeUnit cmdlet in Microsoft Graph PowerShell enables administrators to retrieve information about Administrative Units (AUs) within Microsoft Entra ID (formerly Azure Active Directory).

Administrative Units help large organizations delegate directory management tasks efficiently by grouping users, devices, and groups under logical administrative boundaries. This cmdlet provides a straightforward way to view and manage these units programmatically.


Cmdlet Syntax

Get-MgDirectoryAdministrativeUnit [-AdministrativeUnitId  <String>] [-ConsistencyLevel <String> ]

Key parameters explained:

  • -AdministrativeUnitId – Specifies the unique ID of a particular administrative unit.
  • -ConsistencyLevel – Used with advanced queries that require count or filter operations.

Usage Examples

Example 1: Fetch all administrative units

Get-MgDirectoryAdministrativeUnit

This command retrieves all administrative units in your Microsoft Entra tenant. It’s useful for generating a full overview of your organization’s administrative boundaries.

Example 2: Fetch a single administrative unit by ID

Get-MgDirectoryAdministrativeUnit -AdministrativeUnitId "aeebb350-da0c-4d21-ab89-965334c8569c"

This retrieves detailed information about the specific administrative unit identified by its unique ID.

You can use this to inspect a unit’s properties, such as its display name, description, and assigned roles.

Cmdlet Tips

  • Use filters for better performance: When your organization has many AUs, using -Filter helps reduce response size and improve query performance.
  • Combine with Select-Object: To display specific properties neatly, pipe results to Select-Object.
    • Get-MgDirectoryAdministrativeUnit | Select-Object Id, DisplayName, Description
  • Retrieve related information: To view members or roles within an administrative unit, you can expand properties using the -ExpandProperty parameter.
  • Ideal for delegation audits: Combine with Get-MgDirectoryAdministrativeUnitMember to check who belongs to each AU.

Possible Errors and Solutions

Error Cause Solution
Invalid filter clause The syntax used in the -Filter parameter does not comply with OData query standards. Example: -Filter "startswith(displayName, 'Finance')"
ResourceNotFound The specified AdministrativeUnitId doesn’t exist or is typed incorrectly. Verify the ID using: Get-MgDirectoryAdministrativeUnit | Select-Object Id, DisplayName
PermissionDenied or Insufficient privileges The signed-in account lacks permissions to read directory administrative units. Connect to Microsoft Graph with proper scopes: Connect-MgGraph -Scopes "Directory.Read.All"

Conclusion

The Get-MgDirectoryAdministrativeUnit cmdlet provides administrators with a reliable way to retrieve and analyze administrative units within Microsoft Entra ID.

Whether you’re listing all AUs, focusing on a specific one, or filtering results to locate a departmental unit, this cmdlet is essential for large organizations using delegated administration. Combined with other Graph PowerShell commands, it forms a powerful foundation for efficient directory management and reporting.


Table of Contents

X

Table of Contents

Graph PowerShell Explorer Widget

20 Graph PowerShell cmdlets with easily accessible "working" examples.


Permission Required

Example:


                

                

                

                

                

            

        

    


 
            

        

    

    
    
    
    

        

            © m365corner.com. All Rights Reserved.
            Design by HTML Codex