M365Corner
PowerShell

Using Get-MgUserMemberOfCount in Graph PowerShell

The Get-MgUserMemberOfCount cmdlet is a useful tool for retrieving the count of directory objects that a user is a member of, such as groups, directories, or other entities. This cmdlet is particularly valuable in administrative tasks, where you may need to track user memberships, especially when managing security and access control across an organization.

In this article, we'll dive into how the Get-MgUserMemberOfCount cmdlet works, provide usage examples, and discuss common errors and solutions. Additionally, we’ll explore how to leverage this cmdlet for real-world administrative use cases.

Cmdlet Syntax

Get-MgUserMemberOfCount -UserId <String> -ConsistencyLevel Eventual

Parameters

  • UserId: The unique identifier (User Principal Name or Object ID) of the user whose membership count you want to retrieve.
  • ConsistencyLevel: The required level of consistency when querying objects using this cmdlet.

Usage Examples

Example 1: Retrieve Total Membership Count for a User

To get the total number of groups and directory objects a specific user is a member of, use their UserId or UPN:

Get-MgUserMemberOfCount -UserId "john.doe@yourdomain.com" -ConsistencyLevel Eventual

In this example, the cmdlet returns the number of directory objects that John Doe is a member of. This helps in quickly assessing the number of roles, security groups, or distribution lists the user belongs to.

Example 2: Retrieve Membership Count with a Filter

Using the -Filter parameter, you can retrieve the count of directory objects based on a condition. Here’s an example of filtering for Microsoft 365 groups:

Get-MgUserMemberOfCount -UserId "jane.smith@yourdomain.com" -Filter "groupTypes/any(c:c eq 'Unified')" -ConsistencyLevel Eventual

This command retrieves the number of Microsoft 365 groups that Jane Smith is a member of. The filter ensures only the count of Unified groups (Microsoft 365 Groups) is returned.

Example 3: Retrieve Membership Count for a User by Object ID

You can also use the Object ID of a user rather than their User Principal Name (UPN):

Get-MgUserMemberOfCount -UserId "b7f08384-41c6-4d60-ae58-5a6f2c2d5f37" -ConsistencyLevel Eventual

In this case, the Object ID is used to retrieve the membership count for the user. This is particularly useful when working in scripts that interact with multiple users.

Cmdlet Tips

  • Using ConsistencyLevel: Always include -ConsistencyLevel Eventual to ensure that the cmdlet functions correctly. Omitting this parameter may result in incomplete or inaccurate data being returned.
  • Filtering: When using filters, make sure you are familiar with the properties of the directory objects you’re querying. Using incorrect filter syntax will result in errors.
  • Batch Operations: When working with a large number of users, consider scripting bulk operations with this cmdlet to get membership counts for multiple users.

Possible Errors & Solutions

Error 1: "User Not Found"

Cause: The UserId provided is incorrect or does not exist in the directory.

Solution: Double-check the user’s UPN or Object ID. Ensure that the user is present in your directory and the correct identifier is used.

Error 2: Invalid Filter Clause

Cause: Incorrect syntax or property in the -Filter parameter.

Solution: Verify the filter properties and syntax according to the OData query standards. For example, ensure that you are querying the correct group type or membership attribute.

Error 3: ConsistencyLevel is required

Cause: The -ConsistencyLevel parameter was not included.

Solution: Add the -ConsistencyLevel Eventual parameter to the cmdlet to ensure accurate results.

Use Cases

  • Tracking User Access Across Groups: As an IT administrator, you may need to audit the groups or directories that a user is a part of to maintain security standards. Using Get-MgUserMemberOfCount, you can quickly get a count of all the memberships and determine whether a user has excessive or unnecessary access.
  • Assessing License Requirements: For organizations using Microsoft 365, it is essential to keep track of which users are part of which licensing groups. By using Get-MgUserMemberOfCount with the appropriate filter, you can determine how many users are part of a specific group type, such as a Microsoft 365 or security group.
  • Group Cleanup and Management: Organizations periodically clean up unused or redundant groups to reduce clutter and simplify administration. This cmdlet can help identify users who belong to an unusually high number of groups, flagging them for review and potential removal from unnecessary memberships.

Conclusion

The Get-MgUserMemberOfCount cmdlet is an essential tool for administrators managing group memberships in Microsoft 365 environments. It allows you to retrieve the count of directory objects users are members of, which is crucial for auditing, security, and resource allocation. By using the examples and tips provided, you can ensure you’re leveraging this cmdlet effectively in your administrative tasks.


Additional Resources:

Graph PowerShell Get-MgUserMemberOfCount Cmdlet Documentation
Microsoft Graph PowerShell Module Documentation
Microsoft Graph API Documentation

Related Articles:

Using Get-MgDirectoryRole in Graph PowerShell
Using Get-MgUserLicenseDetail in Graph PowerShell
Using Find-GraphMgCommand in Graph PowerShell
Connect to Microsoft 365 Using PowerShell
How to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Using Powershell Graph Filter Query
Using Where-Object In Graph PowerShell
Using Expand Property In Graph PowerShell
Using Select Object In Graph PowerShell
Using -Contains Operator In Graph PowerShell
Add User to Multiple Microsoft 365 Groups Using Graph PowerShell
Get Microsoft 365 User Location Using Graph PowerShell
Import Microsoft 365 Groups from CSV File Using Graph PowerShell
Microsoft 365 Group User Import Using Graph PowerShell
Table of Contents

X

Table of Contents

© m365corner.com. All Rights Reserved. Design by HTML Codex