M365Corner
PowerShell

Using Get-MgGroupOwner with Get-MgUser: Fetch Personal Details of Group Owners

In Microsoft 365, groups often have designated owners responsible for managing memberships and permissions. The Get-MgGroupOwner cmdlet retrieves group owners, but by default, it only provides their IDs. To fetch additional details such as Display Name, User Principal Name (UPN), and Email, you need to pair it with the Get-MgUser cmdlet. This article highlights the importance of this pairing and demonstrates how to fetch detailed information about group owners.

Usage Example

The following script retrieves the group owners of a specified group and uses Get-MgUser to fetch their personal details:


# Retrieve the detailed information of group owners 
$owners = Get-MgGroupOwner -GroupId '7bf57d88-42e1-4c8b-8a44-5a6f04a29073'

foreach ($owner in $owners) {
    Get-MgUser -UserId $owner.Id | Select-Object DisplayName, Mail, UserPrincipalName
}

Explanation

  • Retrieve Group Owners: The Get-MgGroupOwner cmdlet fetches the owners of a specific group using the group’s ID.
  • Fetch Personal Details: The Get-MgUser cmdlet retrieves additional details for each owner by using their IDs.
  • Loop Through Owners: A foreach loop ensures details are retrieved for each owner individually.

Tips and Best Practices

  • Special Mention: Nesting Cmdlets is Necessary: Since Get-MgGroupOwner only provides the User ID of the owner, pairing it with Get-MgUser is essential to retrieve additional properties like Display Name and Email. This step cannot be skipped if detailed information is required.
  • Use the Select-Object Cmdlet: Include only relevant properties (e.g., DisplayName, Mail, UserPrincipalName) to make the output concise and clear.
  • Export Results for Analysis: For large groups, export the results to a CSV file for documentation or analysis: 
    $results = foreach ($owner in $owners) {
    Get-MgUser -UserId $owner.Id | Select-Object DisplayName, Mail, UserPrincipalName
}
$results | Export-Csv -Path "GroupOwnersDetails.csv" -NoTypeInformation
  • Handle Large Data Sets: Use the -All parameter when dealing with groups that may have multiple owners or querying large tenants.
  • Avoid Excessive API Calls: To reduce API throttling issues, run the script in batches if you need to retrieve details for multiple groups.

Possible Errors & Solutions

Error Cause Solution
The specified object was not found in the directory. The group ID is invalid or does not exist. Verify the group ID using the Get-MgGroup cmdlet: 

Get-MgGroup -Filter "displayName eq 'GroupName'"
Insufficient privileges to complete the operation. Missing permissions like Group.Read.All or User.Read.All. Grant the necessary permissions in Azure AD.
Cannot process a null value. A group owner might have been removed but still exists as an entry. Add error handling to skip such cases: 

if ($owner -ne $null) {
    Get-MgUser -UserId $owner.Id | Select-Object DisplayName, Mail, UserPrincipalName
}

Conclusion

Pairing Get-MgGroupOwner with Get-MgUser is essential for retrieving detailed information about group owners in Microsoft 365. While Get-MgGroupOwner provides only the User ID by default, the Get-MgUser cmdlet allows you to fetch properties like Display Name, Email, and UPN. This pairing is invaluable for managing groups effectively, generating detailed reports, and ensuring compliance. Start using this approach today to streamline your administrative workflows.

Table of Contents

X

Table of Contents

© m365corner.com. All Rights Reserved. Design by HTML Codex