M365Corner
PowerShell

List Microsoft 365 Groups by Owner Count

Microsoft 365 Groups are essential collaboration tools that combine email, file sharing, and other collaboration features. However, as an administrator, managing group owners can be a time-consuming task, especially when you're dealing with multiple groups. Knowing who owns which group and how many owners each group has is critical for security and administration purposes. With Graph PowerShell, you can easily query Microsoft 365 and retrieve detailed group ownership information, making your job easier and more efficient.

The Script

# Connect to Microsoft Graph
Connect-MgGraph -Scopes "Group.Read.All"

# Define the query to get all groups
$Groups = Get-MgGroup -Filter "groupTypes/any(c:c eq 'Unified')" -Property DisplayName, Mail, Visibility, Id -All

# Create an array to hold the result
$GroupOwnersCount = @()

foreach ($Group in $Groups) {
    # Get the owners of the group
    $Owners = Get-MgGroupOwner -GroupId $Group.Id

    # Store the group information and the count of owners
    $GroupOwnersCount += [pscustomobject]@{
        "Group Name" = $Group.DisplayName
        "Owners Count" = $Owners.Count
        "Group Mail" = $Group.Mail
        "Privacy" = if ($Group.Visibility -eq "Private") { "Private" } else { "Public" }
    }
}

# Output the result in a table format
$GroupOwnersCount | Format-Table -Property "Group Name", "Owners Count", "Group Mail", "Privacy" -AutoSize

How the Script Works

  1. Connect to Microsoft Graph: The script starts by connecting to Microsoft Graph with the necessary permissions using the Connect-MgGraph cmdlet. In this case, we are using the "Group.Read.All" permission, which allows us to read information about Microsoft 365 groups.
  2. Retrieve Microsoft 365 Groups: Next, the script uses the Get-MgGroup cmdlet to retrieve all Microsoft 365 Groups (Unified groups). The -Filter parameter ensures that only groups of type "Unified" are returned, and the -Property parameter retrieves specific properties like DisplayName, Mail, Visibility, and Id.
  3. Get Group Owners: For each group, the script retrieves its owners using the Get-MgGroupOwner cmdlet. This cmdlet returns all owners associated with a specific group based on its unique ID.
  4. Store and Display the Information: The script then creates a custom object ([pscustomobject]) for each group that holds the group name, the number of owners, the group’s email, and its privacy status. This information is added to an array, which is then displayed in a table format using Format-Table.

Further Enhancing the Script

  • Exporting to CSV: Instead of just displaying the data in a table, you can export the results to a CSV file for future reference or reporting purposes. This can be done by replacing the last line with:
    • $GroupOwnersCount | Export-Csv -Path "C:\GroupOwnersReport.csv" -NoTypeInformation
  • Sorting and Filtering: You might want to sort the results by the number of owners or filter out groups with no owners. For example, you can add:
    • $GroupOwnersCount | Where-Object { $_.Owners -gt 0 } | Sort-Object -Property OwnersCount
  • Including Additional Properties: You can expand the script to retrieve additional group properties, such as group creation date, group description, or whether the group has a shared mailbox.

Possible Errors & Solutions

Error Cause Solution
Insufficient Privileges The account you're using might not have the necessary permissions to retrieve group information. Ensure the account has the "Group.Read.All" or "Group.ReadWrite.All" permission. Update your app registration or provide the correct scopes when running Connect-MgGraph.
Throttling Microsoft Graph may throttle requests if too many are made in a short time. Implement request throttling in the script by adding a delay (Start-Sleep) after each group query. You could also break up the request into smaller batches.
Group Not Found If you're querying a specific group, it may not exist, or its ID could be incorrect. Double-check the group ID or use the group's display name to ensure you're targeting the correct group.
Cannot convert null to type 'System.Int32' If a group doesn't have any owners, the $Owners.Count may return null, leading to an error when displaying the owner count. Modify the script to handle null values gracefully. For example: 

"Owners Count" = if ($Owners) { $Owners.Count } else { 0 }

Conclusion

This simple yet powerful Graph PowerShell script allows administrators to quickly gather essential information about Microsoft 365 groups, including the number of owners, group email addresses, and privacy settings. By automating the retrieval of group ownership data, you can save time and ensure proper group management across your organization.

The script can be easily extended to export data, include additional properties, or handle large environments where throttling is a concern. With a little customization, this tool can become an essential part of your Microsoft 365 administration toolkit.

Make sure to keep an eye out for possible errors and use the solutions provided to ensure the script runs smoothly. Happy scripting!

Table of Contents

X

Table of Contents

© m365corner.com. All Rights Reserved. Design by HTML Codex