The Get-MgGroupOwner cmdlet in Microsoft Graph PowerShell allows administrators to retrieve the owners of Microsoft 365 Groups. Group owners are essential members with elevated privileges, such as managing group settings, adding or removing members, and overall administration of the group.
This article will dive deep into how to use Get-MgGroupOwner to extract essential owner details, including their email addresses and user principal names (UPNs), by nesting Get-MgUser within Get-MgGroupOwner. We will cover syntax, usage examples, cmdlet tips, possible errors, solutions, and use cases to help administrators get the most out of this cmdlet.
Get-MgGroupOwner -GroupId <String>
Parameters:
Important Notes: The Get-MgGroupOwner
cmdlet only returns user IDs by default. To obtain detailed information about each user (such as display names or UPNs), you must use the Get-MgUser
cmdlet to query additional user details.
This example demonstrates how to retrieve only the owner IDs of a specified Microsoft 365 Group using the Get-MgGroupOwner cmdlet.
# Retrieve the owner IDs of a group
# Retrieve only the owner IDs of a Microsoft 365 Group
Get-MgGroupOwner -GroupId '7bf57d88-42e1-4c8b-8a44-5a6f04a29073' | Select-Object Id
This command fetches the owner IDs of the group with the specified GroupId. The output will be a list of GUIDs representing each owner.
To get detailed information about each owner (like their email address and user principal name), we can nest the Get-MgUser cmdlet within Get-MgGroupOwner. This provides more valuable data about the group owners.
# Retrieve the detailed information of group owners
$owners = Get-MgGroupOwner -GroupId '7bf57d88-42e1-4c8b-8a44-5a6f04a29073'
foreach ($owner in $owners) {
Get-MgUser -UserId $owner.Id | Select-Object DisplayName, Mail, UserPrincipalName
}
This example fetches the Id of each owner and then passes that ID to the Get-MgUser cmdlet to retrieve additional information, such as DisplayName, Mail, and UserPrincipalName.
$groups = Get-MgGroup -All
foreach ($group in $groups) {
$owners = Get-MgGroupOwner -GroupId $group.Id
if ($owners.Count -eq 0) {
Write-Host "Group $($group.DisplayName) has no owners!"
}
}
$groups = Get-MgGroup -All
foreach ($group in $groups) {
$owners = Get-MgGroupOwner -GroupId $group.Id
foreach ($owner in $owners) {
$user = Get-MgUser -UserId $owner.Id
Write-Output "Group: $($group.DisplayName) - Owner: $($user.DisplayName), $($user.Mail), $($user.UserPrincipalName)"
}
}
This script generates a list of groups along with their owners' details, making it easier to review ownership and ensure compliance with organizational policies.
Error | Cause | Solution |
Group Not Found | The specified GroupId is incorrect, or the group has been deleted. | Double-check the GroupId. You can use Get-MgGroup to list groups and confirm the ID before running the Get-MgGroupOwner cmdlet. |
Insufficient Permissions | The user account running the command lacks sufficient permissions to view group owners. | Ensure that your account has the necessary permissions, such as Group.Read.All or Directory.Read.All in Azure AD. |
No Owners Found | The group may not have any assigned owners, which is unusual but possible. | Verify the group structure and assign owners if necessary. You can use the Add-MgGroupOwner cmdlet to assign new owners to the group. |
The Get-MgGroupOwner
cmdlet is a versatile tool for administrators seeking to manage and audit Microsoft 365 groups. By combining this cmdlet with Get-MgUser
, administrators can retrieve detailed information about group owners, making it easier to manage group permissions and maintain control over critical resources. Whether you're retrieving owners for a single group or auditing group ownership across an entire organization, this cmdlet simplifies the process.
© m365corner.com. All Rights Reserved. Design by HTML Codex