Checking Group Membership in Microsoft 365

Here's a PowerShell script using the Microsoft Graph PowerShell SDK to check whether a specific user is a part of a Microsoft 365 Group. This script will prompt you for the user's email and the Group ID, then check the membership and provide the result.

Before running this script, ensure you have the Microsoft Graph PowerShell SDK installed. You can install it using the following command: Install-Module -Name Microsoft.Graph -AllowClobber -Scope CurrentUser

Also, ensure you have the necessary permissions to read group memberships and user details in Microsoft 365. The permissions in question are: User.Read.All and Group.Read.All


Graph PowerShell Script for Checking M365 Group Membership

You can download the script here: graph-powershell-script-for-checking-microsoft-365-group-membership.ps1

How the Script Works?


Define a Function to Authenticate

  • Function Definition: Defines a function named Get-GraphToken.
  • $scopes: Specifies the permissions needed by the script. Group.Read.All allows reading all group memberships, and User.Read.All allows reading data of all users.
  • Connect-MgGraph: This cmdlet connects to Microsoft Graph with the specified permission scopes. The -ForceRefresh parameter forces a refresh of the authentication token.

Define a Function to Check Group Membership

  • Function Definition: Defines a function Check-UserInGroup that takes two parameters, $userEmail and $groupId.
  • Get-MgUser: Fetches the user object from Microsoft 365 using the user's email address. The -Filter parameter is used to specify which user to fetch.
  • Null Check: Checks if the $user variable is null (i.e., no user found). If no user is found, it prints a message and exits the function.
  • Get-MgGroupMember: Retrieves the members of the specified group by its ID.
  • Membership Check: Checks if the user's ID is in the list of group member IDs. It then prints a message indicating whether the user is a member of the group.


Authenticate Using the Defined Function

  • Calls the Get-GraphToken function to authenticate and set up the necessary permissions for subsequent Microsoft Graph calls.


Collect User Input

  • These lines prompt the user running the script to enter the email of the user and the ID of the Microsoft 365 group to check.


Check Group Membership

  • Calls the Check-UserInGroup function with the user-provided email and group ID to determine if the specified user is a member of the specified group.

Running the Script

  • Navigate to the location where you have placed the script file and run the file with a ./<your-file-name> command.
  • The script prompts you to sign in if you are not signed into Microsoft 365 already.
  • Next, you'll have to enter the user's email id, followed the Group ID.
  • User is a member of the group message gets displayed if the user is present in the group. Else user is not a member of the group message gets displayed.

Errors You Might Face

  • Permissions not available: Make sure that the required permissions (User.Read.All, Group.Read.All) are not only added in the Azure portal under your app registration but also have been granted admin consent, especially in organizational contexts.
  • Not running PowerShell as administrator: Ensure you always run the PowerShell as an administrator.
  • Execution policy set to restricted: If execution policy is set to restricted, then you cannot execute scripts. Execute Get-ExecutionPolicy cmdlet to find out the current execution policy. Your execution policy should be set to RemoteSigned. To set execution policy to RemoteSigned, execute the following command: Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

Related Articles:

Connect to Microsoft 365 Using PowerShell
How to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Using Powershell Graph Filter Query
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query

© m365corner.com. All Rights Reserved. Design by HTML Codex