Retrieve Microsoft 365 Group Owners List Using Graph PowerShell
This guide explains how to use Microsoft Graph PowerShell to retrieve the list of owners for Microsoft 365 groups. Learn how to fetch group ownership details with filtering options and export results for reporting purposes.
This Graph PowerShell script retrieves and displays the owners of Microsoft 365 groups. Microsoft 365 administrators can gain quick insights into group ownership, enhancing management and oversight of group access and responsibilities. The script can be customized to target specific groups or output detailed reports for compliance and auditing purposes.
Prerequisites
- You need to install the Microsoft Graph PowerShell SDK. Install-Module Microsoft.Graph -Scope CurrentUser is the command.
- You need to connect to the Microsoft Graph PowerShell Module with the necessary permissions. Connect-MgGraph -Scopes "Group.Read.All", "Directory.Read.All" is the command.
Get M365 Group Owners Graph PowerShell Script
The script fetches all Microsoft 365 groups within the organization and displays each group's name and group id. Then it uses Get-MgGroupOwner cmdlet which gets the group ID and fetches the group owner's DisplayName and UserPrincipalName by selecting and expanding the Additional Properties object.
# Retrieve all Microsoft 365 groups
$allGroups = Get-MgGroup
# Loop through each group
foreach ($group in $allGroups) {
# Display the group name and ID
Write-Host "Group Name: $($group.DisplayName) - Group ID: $($group.Id)"
try {
# Retrieve owners of the group
$groupOwners = Get-MgGroupOwner -GroupId $group.Id | Select -ExpandProperty AdditionalProperties
# Check if there are any owners
if ($groupOwners) {
# Display each owner's DisplayName and UserPrincipalName
foreach ($owner in $groupOwners) {
$displayName = if ($owner.'displayName') { $owner.'displayName' } else { "No display name" }
$upn = if ($owner.'userPrincipalName') { $owner.'userPrincipalName' } else { "No UPN" }
Write-Host " Owner DisplayName: $displayName, UPN: $upn"
}
} else {
Write-Host " No owners found for this group."
}
} catch {
Write-Host " Error fetching owners for this group."
}
# Add a line for better readability in the output
Write-Host "--------------------------------"
}
When you execute the script, you should get the following response:
How the Script Works?
The Get Microsoft 365 Group Owners List Graph PowerShell script does the following:
- Fetching All Groups: The script starts by retrieving a list of all Microsoft 365 groups in your organization using Get-MgGroup. Each group has properties like its name and ID.
- Looping Through Each Group: For each group retrieved, the script processes it individually. It displays the group's name and ID to help you identify which group the subsequent information relates to.
- Retrieving Group Owners: For each group, the script uses Get-MgGroupOwner to get a list of owners. This command fetches information about the people who have ownership rights over the group.
- Accessing Detailed Information: DisplayName and UserPrincipalName cannot be directly accessed. You can get them by using Select -ExpandProperty on Additional Properties object.
- Displaying Owner Information: The script then loops through each owner retrieved and checks for the displayName and userPrincipalName within these additional properties. If these properties are found, they are displayed; if not, a default message like "No display name" or "No UPN" is shown to indicate missing information.
- Handling Errors and Missing Data: The script includes error handling to manage situations where it cannot fetch owners for a group (due to permissions issues, network errors, etc.). It also handles cases where an owner might not have certain details available.
Further Enhancing the Script
Here how you can enhance the functionality and usability of this Graph PowerShell script that fetches Microsoft 365 group owners:
- Filtering Options: Add parameters to the script to allow filtering of groups by certain criteria, such as group type (e.g., dynamic, assigned), creation date, or specific attributes. This can help focus on specific groups of interest without retrieving all groups, which can be more efficient.
- Output to File: Allow the script to output results to a CSV or text file for record-keeping or further processing. This can be useful for audits or reports.
- Enhanced Error Handling: Improve error handling by adding specific responses for different types of errors, such as permission issues, network failures, or throttling by the API.
- Progress Indicators: For scripts that process many groups, include progress indicators to give feedback on how many groups have been processed, which can improve the user experience, especially during lengthy operations.
- Parameterizing the Script: Convert the script into a more formal PowerShell function with parameters for group IDs, filtering options, and output choices. This makes the script reusable and easier to integrate into larger workflows or scripts.
- Include More Owner Details: Consider fetching and displaying additional details for each owner, such as their job title, department, or office location, if available.
These enhancements can make your script more powerful, versatile, and suited to a variety of administrative and compliance tasks.
Frequently Asked Questions
- How can I retrieve the owners of a specific Microsoft 365 group?
Use the following command to fetch the owners of a group:
Get-MgGroupOwner -GroupId "<GroupId>" - Can I list owners for all groups in my tenant?
Yes, you can loop through all groups to retrieve their owners. Example:
$Groups = Get-MgGroup -All foreach ($Group in $Groups) { $Owners = Get-MgGroupOwner -GroupId $Group.Id Write-Output "Group: $($Group.DisplayName)" Write-Output $Owners } - How can I export the group owners list to a CSV file?
Use this script to export the owners of all groups:
$Results = @() $Groups = Get-MgGroup -All foreach ($Group in $Groups) { $Owners = Get-MgGroupOwner -GroupId $Group.Id foreach ($Owner in $Owners) { $Results += [PSCustomObject]@{ GroupName = $Group.DisplayName OwnerName = $Owner.DisplayName OwnerEmail = $Owner.UserPrincipalName } } } $Results | Export-Csv -Path "C:\Path\To\GroupOwners.csv" -NoTypeInformation - What permissions are required to retrieve group owners?
You need the Group.Read.All or Group.ReadWrite.All permission in Microsoft Graph PowerShell. Ensure the permissions are granted and consented before running the cmdlet.
Owners Can Include Users, Service Principals, or Groups
The
Always check the
The
Get-MgGroupOwner cmdlet may return multiple object types — not just user accounts.Always check the
@odata.type property in the response to confirm whether the owner is a user, service principal (app), or another group.
🔍 Always Retrieve the Group ID Before Querying Owners
To avoid errors or mismatched results, use
Then pass that ID to
To avoid errors or mismatched results, use
Get-MgGroup to retrieve the group’s Id first.Then pass that ID to
Get-MgGroupOwner — instead of relying on display names or email aliases, which may not be unique.
Related Articles:
Connect to Microsoft 365 Using PowerShellHow to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Using Powershell Graph Filter Query
Using Where-Object In Graph PowerShell
Using Expand Property In Graph PowerShell
Using Select Object In Graph PowerShell
Using -Contains Operator In Graph PowerShell
Add User to Multiple Microsoft 365 Groups Using Graph PowerShell
Get Microsoft 365 User Location Using Graph PowerShell
Import Microsoft 365 Groups from CSV File Using Graph PowerShell
Microsoft 365 Group User Import Using Graph PowerShell
Import M365 Users to Microsoft Teams from CSV file