M365Corner
M365 PowerShell

Get-MgUserOwnedObjectCount Cmdlet: Count User Owned Objects

Administrators often need to identify how many Microsoft Entra objects a user owns. A user may own resources such as Microsoft 365 groups, applications, service principals, or other directory objects. Knowing the ownership count can help administrators audit resource ownership, reassign ownership before deleting accounts, or perform security reviews.

The Get-MgUserOwnedObjectCount cmdlet in Microsoft Graph PowerShell allows administrators to quickly determine the number of directory objects owned by a specific user.

This article explains how to use the Get-MgUserOwnedObjectCount cmdlet with practical examples.

🚀 Community Edition Released!

Try the M365Corner Microsoft 365 Reporting Tool — your DIY pack with 20+ out-of-the-box M365 reports for Users, Groups, and Teams.

Cmdlet Syntax

Get-MgUserOwnedObjectCount
Get-MgUserOwnedObjectCount -UserId <String> -ConsistencyLevel eventual

Important parameters

  • UserId – Specifies the User Principal Name (UPN) or User ID whose owned objects are being counted.
  • ConsistencyLevel – Must be set to eventual for directory count operations.

Usage Examples

  1. Fetch User Objects Owned Count by Passing Parameters When Requested by Console

    2. This command runs the cmdlet without parameters. The console will prompt you to provide the required values interactively.

    Get-MgUserOwnedObjectCount

    When executed, you will be prompted to enter details:

    • UserId
    • ConsistencyLevel

    This approach is useful for quick interactive testing.

  2. Fetch User Objects Owned Count by Passing Parameters Directly

    3. You can pass the required parameters directly in the command.

    Get-MgUserOwnedObjectCount -Userid samadmin@7xh7fj.onmicrosoft.com -ConsistencyLevel eventual

    This command returns the total number of directory objects owned by the specified user.

    Typical objects that may be counted include:

    • Microsoft 365 Groups
    • Applications
    • Service Principals
    • Other directory resources

    Administrators often use this command before removing a user to ensure critical resources still have owners.

  3. Exporting the Results to CSV

    4. You can export the ownership count results for reporting or auditing purposes.

    Get-MgUserOwnedObjectCount -Userid samadmin@7xh7fj.onmicrosoft.com -ConsistencyLevel eventual | Export-CSV "d:/Count.csv"

    Exporting results can help with:

    • Ownership audits
    • Compliance reporting
    • Security reviews

Cmdlet Tips

  1. Always Include the ConsistencyLevel Parameter

    2. For count operations in Microsoft Graph, the ConsistencyLevel eventual parameter is required. Without it, the command may fail or return incomplete results.

    Example:

    Get-MgUserOwnedObjectCount -Userid user@domain.com -ConsistencyLevel eventual
  2. Use UPN or Object ID for UserId

    3. The UserId parameter accepts:

    • User Principal Name (UPN)
    • User Object ID (GUID)

    Example:

    Get-MgUserOwnedObjectCount -Userid user@domain.com -ConsistencyLevel eventual

    or

    Get-MgUserOwnedObjectCount -Userid 5f1e8e9a-3e9a-4a8c-9bde-123456789abc -ConsistencyLevel eventual
  3. Useful Before Deleting Users

    4. Before deleting users from Microsoft 365, administrators should check whether the user owns critical resources.

    If a user owns groups or applications, ownership should be reassigned to avoid orphaned resources.

  4. Combine with Ownership Discovery Commands

    5. After finding the count, administrators may want to identify the specific objects owned by the user.

    Example:

    Get-MgUserOwnedObject -UserId user@domain.com

    This helps determine which resources require ownership transfer.


Possible Errors & Solutions

Error Cause Solution
Insufficient privileges to complete the operation The signed-in account does not have permission to read directory data. Connect to Microsoft Graph with the required permissions.
Connect-MgGraph -Scopes "Directory.Read.All"
Administrator consent may be required.
Invalid request: ConsistencyLevel header required The ConsistencyLevel eventual parameter was not included. Add the required parameter when running the command.
Get-MgUserOwnedObjectCount -Userid user@domain.com -ConsistencyLevel eventual
Resource not found The specified UserId does not exist in the tenant. Verify the user exists before running the command.
Example:
Get-MgUser -UserId user@domain.com
Then run the ownership count command again.

Conclusion

The Get-MgUserOwnedObjectCount cmdlet is a helpful tool for Microsoft 365 administrators who need to quickly determine how many directory objects a user owns. This information is particularly useful during user offboarding, ownership audits, and security reviews.

By combining this cmdlet with other Microsoft Graph PowerShell commands, administrators can identify resources owned by users and ensure that critical objects always have appropriate owners assigned.

Using Graph PowerShell for ownership tracking helps maintain better governance and reduces the risk of orphaned resources in Microsoft Entra ID.

Table of Contents

X

Table of Contents

Graph PowerShell Explorer Widget

20 Graph PowerShell cmdlets with easily accessible "working" examples.


Permission Required

Example:


                            

                            

                            

                            

                            

                        

                    

                


                
            

        

    


    
    
  
    

        
© Created and Maintained by LEARNIT WELL SOLUTIONS. All Rights Reserved.