M365Corner

🔧 New: User Management Graph PowerShell Toolkit

Simplify user tasks like bulk creation, updates, password resets, deletions, license checks & more — all from one place.

🚀 Launch Toolkit
M365 PowerShell

Get-MgDirectoryDeletedItemAsGroup – Retrieve Deleted Groups Using Graph PowerShell

The Get-MgDirectoryDeletedItemAsGroup cmdlet in Microsoft Graph PowerShell helps administrators view and manage deleted Microsoft 365 groups that are currently in a soft-deleted state.

When a Microsoft 365 group (or Microsoft Team) is deleted, it isn’t immediately removed from your tenant. Instead, it’s retained in the Azure AD recycle bin for 30 days, allowing you to restore or permanently delete it during that retention period.

This cmdlet is essential for identifying deleted groups and retrieving their Group IDs, which are required when restoring or permanently deleting them programmatically through Microsoft Graph PowerShell.


Cmdlet Syntax

Get-MgDirectoryDeletedItemAsGroup [-DirectoryObjectId <String>] [<CommonParameters>]

Parameters:

  • -DirectoryObjectId – (Optional) Specifies the object ID of a deleted group to fetch details about that specific group.
  • <CommonParameters> – Supports standard PowerShell parameters like -Verbose, -Debug, etc.

Usage Examples

Below are practical examples of using the Get-MgDirectoryDeletedItemAsGroup cmdlet in Microsoft Graph PowerShell.

Example 1: Fetch all deleted groups

Get-MgDirectoryDeletedItemAsGroup

This command lists all the deleted Microsoft 365 groups currently stored in your organization’s recycle bin.

Example 2: Fetch details of a single deleted group

Get-MgDirectoryDeletedItemAsGroup -DirectoryObjectId 78db8584-3633-4c8a-ae6e-e144d63e7e12

This command retrieves details of a specific deleted group, using the provided Directory Object ID.

Note: The Group ID (DirectoryObjectId) is required when you want to restore or permanently delete a group programmatically using Graph PowerShell. You can only obtain this ID using the Get-MgDirectoryDeletedItemAsGroup cmdlet.


Cmdlet Tips

  • Connect to Microsoft Graph with the necessary permissions before running the cmdlet: Connect-MgGraph -Scopes "Group.Read.All", "Directory.Read.All"
  • Deleted groups remain recoverable for 30 days after deletion. Once purged, they cannot be restored.
  • Combine this cmdlet with Restore-MgDirectoryDeletedItem or Remove-MgDirectoryDeletedItem for managing the lifecycle of deleted groups.
  • Use Select-Object to display specific properties such as name, ID, and deletion date:
    • Get-MgDirectoryDeletedItemAsGroup | Select-Object Id, DisplayName, Description, DeletedDateTime
  • If you manage many groups, consider exporting the results for audit or reporting purposes:
    • Get-MgDirectoryDeletedItemAsGroup | Export-Csv "DeletedGroups.csv" -NoTypeInformation

Use Cases

Here are some common scenarios where this cmdlet is useful:

  1. Recovering accidentally deleted groups

    2. Quickly identify and restore Microsoft 365 groups that were deleted unintentionally using:

    Restore-MgDirectoryDeletedItem -DirectoryObjectId <GroupId>
  2. Auditing deleted groups

    3. Generate reports of deleted groups to analyze deletion patterns or ensure compliance.

  3. Permanent cleanup of unused groups

    4. Remove deleted groups that are no longer needed by combining with:

    Remove-MgDirectoryDeletedItem -DirectoryObjectId <GroupId>
  4. Automated group restoration scripts

    5. Use this cmdlet in automation workflows that detect and restore critical deleted groups based on predefined conditions.


Possible Errors & Solutions

Error Cause Solution
Access Denied. You do not have the required permissions to access this resource. The connected account doesn’t have sufficient permissions. Reconnect using Connect-MgGraph -Scopes "Group.Read.All", "Directory.Read.All".
Resource not found for the segment 'directoryObjects'. The specified group ID no longer exists or has already been permanently deleted. Verify the ID using Get-MgDirectoryDeletedItemAsGroup before performing restore or delete actions.
Get-MgDirectoryDeletedItemAsGroup : The term is not recognized The Microsoft Graph module is not installed or imported. Install and import the module using:
Install-Module Microsoft.Graph
Import-Module Microsoft.Graph
Insufficient privileges to complete the operation The app registration or user lacks admin consent for the required permissions. Ensure that the app or user account has admin consent for Group.Read.All and Directory.Read.All scopes.

Conclusion

The Get-MgDirectoryDeletedItemAsGroup cmdlet is an indispensable tool for managing deleted Microsoft 365 groups. It allows administrators to easily retrieve group details, audit deleted resources, and prepare for restoration or permanent deletion.

Remember, the Group ID retrieved through this cmdlet is required to restore or permanently delete groups programmatically via Microsoft Graph PowerShell.

By integrating this cmdlet into your daily administrative scripts, you can maintain tighter control over your Microsoft 365 environment and ensure no critical group is lost permanently by mistake.


Table of Contents

X

Table of Contents

Graph PowerShell Explorer Widget

20 Graph PowerShell cmdlets with easily accessible "working" examples.


Permission Required

Example:


                

                

                

                

                

            

        

    


 
            

        

    

    
    
    
    

        

            © m365corner.com. All Rights Reserved.
            Design by HTML Codex