Using Get-MgGroupMember with Get-MgUser: Fetch Detailed Group Membership Information

Managing group memberships in Microsoft 365 is essential for administrators. The Get-MgGroupMember cmdlet allows you to retrieve group member details, but it only provides limited information, such as user IDs. To fetch additional details like Display Name and User Principal Name (UPN), you can pair it with the Get-MgUser cmdlet. This article demonstrates how to combine these two cmdlets to retrieve and display detailed user information for group members.

Script: Retrieve and Display Detailed Group Member Information

# Retrieve members of a specified group
$groupId = "1cbe8c31-589d-453a-a1e5-045f7f00c967" # Replace with your group's ID
$groupMembers = Get-MgGroupMember -GroupId $groupId
                                
# Initialize an array to store detailed user information
$userDetails = @()
                                
# Loop through each group member and retrieve additional properties
foreach ($member in $groupMembers) {
    $user = Get-MgUser -UserId $member.Id -Property "id, displayName, userPrincipalName"
    $userDetails += [PSCustomObject]@{
            Id                 = $user.Id
            DisplayName        = $user.DisplayName
            UserPrincipalName  = $user.UserPrincipalName
    }
}
                                
# Display the detailed user information
$userDetails | Select-Object Id, DisplayName, UserPrincipalName

Script Output:

Explanation of the Script

  1. Retrieve Group Members: The Get-MgGroupMember cmdlet retrieves the IDs of all members in the specified group.
  2. $groupMembers = Get-MgGroupMember -GroupId $groupId
  3. Loop Through Members: Using a foreach loop, each member's ID is passed to Get-MgUser to fetch detailed user information like Display Name and UPN.
  4. foreach ($member in $groupMembers) {
        $user = Get-MgUser -UserId $member.Id -Property "id, displayName, userPrincipalName"
    }
                                    
  5. Store Results: The details are added to an array $userDetails for easy display or export.
  6. $userDetails += [PSCustomObject]@{
        Id                 = $user.Id
        DisplayName        = $user.DisplayName
        UserPrincipalName  = $user.UserPrincipalName
    }
                                    
                                    
  7. Display Results: The Select-Object cmdlet formats the output for readability.
  8. $userDetails | Select-Object Id, DisplayName, UserPrincipalName

Possible Errors & Solutions

Error Cause Solution
Insufficient privileges to complete the operation. Missing permissions like Group.Read.All or User.Read.All. Grant the necessary permissions in Azure AD or use a Global Admin account.
The specified object was not found in the directory. Invalid group ID or user ID. Double-check the group ID and ensure it exists in your tenant.
The user does not have access to perform the operation. Lack of access to group or user details. Ensure proper role assignments for the account running the script.

Use Cases

  • Audit Group Memberships: Generate detailed reports of group members, including UPNs and Display Names.
  • Troubleshoot Access Issues: Verify if the correct users are part of a group responsible for permissions or access.
  • Export for Documentation:: Maintain an up-to-date list of group memberships for audits or compliance.

Conclusion

Combining Get-MgGroupMember and Get-MgUser is a powerful way to retrieve detailed group membership information in Microsoft 365. This script simplifies the process of mapping user details to group memberships, making it easier for administrators to audit, troubleshoot, and document their environments. Try this today to streamline your Microsoft 365 management tasks!

© m365corner.com. All Rights Reserved. Design by HTML Codex