Add Owners to Microsoft 365 Groups Using New-MgGroupOwner

Microsoft 365 groups are a powerful feature within the Microsoft ecosystem facilitating collaboration and communication among team members. Managing these groups efficiently is crucial, and PowerShell provides robust tools to do so. One such tool is the New-MgGroupOwner cmdlet which allows administrators to add owners to Microsoft 365 groups.

Prerequisites

Before using the Update-MgApplication cmdlet, ensure the following prerequisites are met:

Microsoft Graph PowerShell Module: Install the Microsoft Graph PowerShell module if not already installed. You can do this using the command:

Install-Module Microsoft.Graph -Scope CurrentUser

Authentication: Authenticate to Microsoft Graph using Connect-Mggraph:

Connect-MgGraph -Scopes "Group.ReadWrite.All"

Group ID: Group Id to which owner is to be added. The Group Id can be obtained using Get-MgGroup cmdlet.
DirectoryObjectId (User Id): Id of the user to be added as owner to group. The User Id can be obtained using Get-MgUser cmdlet.

Cmdlet Syntax

New-MgGroupOwner -GroupId <String> -DirectoryObjectId <String> [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters:

-GroupId: The unique identifier of the group.
-DirectoryObjectId: The unique identifier of the user to be added as an owner.
-WhatIf: Shows what would happen if the cmdlet runs. The cmdlet is not run.
-Confirm: Prompts for confirmation before running the cmdlet.
<CommonParameters>: These parameters include -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable.

Usage Examples

Example 1: Adding a Single Owner to a Group

$groupId = "12345abc-678d-90ef-ghij-klmnopqrstuv"
$directoryObjectId = "98765zyx-432w-vuts-rqpo-nmlkjihgfedc"

New-MgGroupOwner -GroupId $groupId -DirectoryObjectId $directoryObjectId

Example 2: Adding Multiple Owners to a Group

$groupId = "12345abc-678d-90ef-ghij-klmnopqrstuv"
$directoryObjectIds = @("98765zyx-432w-vuts-rqpo-nmlkjihgfedc", "abcdef12-3456-7890-abcd-efghijklmnop")

foreach ($directoryObjectId in $directoryObjectIds) {
New-MgGroupOwner -GroupId $groupId -DirectoryObjectId $directoryObjectId
}

Example 3: Adding Owner with Confirmation

$groupId = "12345abc-678d-90ef-ghij-klmnopqrstuv"
$directoryObjectId = "98765zyx-432w-vuts-rqpo-nmlkjihgfedc"

New-MgGroupOwner -GroupId $groupId -DirectoryObjectId $directoryObjectId -Confirm

Example 4: Importing Group Owners from a CSV File

If you have a CSV file with a list of group IDs and directory object IDs, you can import and use them to add multiple owners:

CSV File Structure

GroupId,DirectoryObjectId
12345abc-678d-90ef-ghij-klmnopqrstuv,98765zyx-432w-vuts-rqpo-nmlkjihgfedc
12345abc-678d-90ef-ghij-klmnopqrstuv,abcdef12-3456-7890-abcd-efghijklmnop

PowerShell Script

$csvPath = "C:\path\to\your\file.csv"
$groupOwners = Import-Csv -Path $csvPath

foreach ($owner in $groupOwners) {
New-MgGroupOwner -GroupId $owner.GroupId -DirectoryObjectId $owner.DirectoryObjectId
}

Example 5: Adding Owner with WhatIf

You can also use -WhatIf param with New-MgGroupOwner to check the action that will be peformed when the cmdlet is executed.

$groupId = "baf5dfb6-da17-4439-a0ff-6ea7b59d6c5f"
$directoryObjectId = "98765zyx-432w-vuts-rqpo-nmlkjihgfedc"
New-MgGroupOwner -GroupId $groupId -DirectoryObjectId $directoryObjectId -WhatIf

Example 6: Add an Owner to a Group Using UPN Instead of Object ID

This method is useful when you want to work with familiar user principal names (UPNs) and avoid hardcoding or looking up GUIDs manually. It improves script readability and reduces lookup errors.

# Sample: Add a user as a group owner using their UPN directly
$groupId = "f47ac10b-58cc-4372-a567-0e02b2c3d479"
$user = Get-MgUser -UserId "mira.jones@yourdomain.com"
New-MgGroupOwner -GroupId $groupId -DirectoryObjectId $user.Id

Cmdlet Tips

Verify Group and User IDs: Ensure that the group and user IDs are correct before running the cmdlet.
Use -WhatIf Parameter: This parameter helps to preview the changes before applying them, which is useful for preventing mistakes.
Automate with Scripts: For adding multiple owners or handling multiple groups, consider using scripts to automate the process.
Ensure the user is already a member of the group before assigning as owner While technically not required, adding the user as a member before making them an owner avoids confusion and ensures the user appears in both member and owner listings, which some apps depend on.

Use Cases

Delegating Management: Adding multiple owners to a group to delegate management tasks.
Team Collaboration: Ensuring that key team members have the necessary permissions to manage the group's resources.
Administrative Tasks: Automating the addition of owners during the group creation process.
Delegate group management to department heads: You can use New-MgGroupOwner to assign department heads as group owners, allowing them to manage memberships without needing Global Admin access — perfect for decentralized group control.

Possible Errors & Solutions

Error	Cause	Solution
Invalid Group or User ID	The specified group or user ID does not exist.	Verify that the IDs are correct. Use the Get-MgGroup and Get-MgUser cmdlets to retrieve valid IDs.
Insufficient Permissions	The user running the cmdlet does not have the necessary permissions.	Ensure the user has the required roles to manage group ownership. Check and assign appropriate administrative roles. Then recoonect with Connect-Mggraph cmdlet.

New-MgGroupOwner Vs. New-MgGroupOwnerByRef

The difference between New-MgGroupOwner and New-MgGroupOwnerByRef cmdlets lies in how they identify and reference the group and user objects. New-MgGroupOwner Adds an owner to a group using the group's unique identifier and the user's unique identifier.

New-MgGroupOwner

New-MgGroupOwner: Adds an owner to a group using the group's unique identifier and the user's unique identifier.
Parameters: -GroupId and -DirectoryObjectId

New-MgGroupOwnerByRef

New-MgGroupOwnerByRef: Adds an owner to a group using a reference to the user object rather than the user's unique identifier..
Parameters: -GroupId and -BodyParameter (that takes the URL reference to the user object).

$newGroupOwner =@{
"@odata.id"= "https://graph.microsoft.com/v1.0/users/{4de19c17-6a28-4a91-86d1-f717c3c8c229}"
}
New-MgGroupOwnerByRef -GroupId '1cb7317c-9c49-4dc8-a358-67ad8e95217c' -BodyParameter $newGroupOwner

Frequently Asked Questions

What is New-MgGroupOwner used for?
The New-MgGroupOwner cmdlet is used to assign users or service principals as owners of a Microsoft 365 group. Owners have elevated permissions to manage the group, such as modifying settings or adding members.

Can I assign multiple owners to a group at once?
Yes, you can assign multiple owners by iterating through a list of User IDs. Here’s an example:


$GroupId = "<GroupId>"
$Owners = @("<OwnerId>", "<OwnerId2>", "<OwnerId3>")
foreach ($OwnerId in $Owners) {
New-MgGroupOwner -GroupId $GroupId -DirectoryObjectId $OwnerId
}

Can New-MgGroupOwner be used for adding group members?
You cannot use New-MgGroupOwner cmdlet to add group members. New-MgGroupMember is the cmdlet for adding group members.
What happens if I try to add the same user as an owner multiple times?
No change will occur, and no error is thrown. Microsoft Graph silently ignores duplicate owner assignments. It’s safe but good practice to check current owners using Get-MgGroupOwner before adding new ones.
Can New-MgGroupOwnerByRef be used for adding group owners?
Yes, New-MgGroupOwnerByRef can also be used to add group owners. Group owner details need to be passed as hashtable to -BodyParameter property.
Do group owners automatically become group members?

Yes. When a user is assigned as a Microsoft 365 Group owner, Microsoft automatically treats them as a member of the group as well.

However, when auditing permissions, it is recommended to check both owners and members separately:


Get-MgGroupOwner -GroupId $GroupId
Get-MgGroupMember -GroupId $GroupId

This helps administrators understand the distinction between management rights (owners) and regular membership.

Adding Group Owner Using Microsoft 365 Admin Center

Login into Microsoft 365 Admin Center
Select Teams & Groups >> Active teams & groups page.

Microsoft 365 admin center interface showing group membership tab with owners option highlighted

Select the group (or team) for which you are going to add the group owner.

Select Membership tab >> click Add Owners button.

Select the group owner and click Add

🔐 Only Existing Azure AD Objects Can Be Assigned as Owners

Before assigning an owner using New-MgGroupOwner, ensure the user or service principal already exists in Azure AD.

You can retrieve the Object ID using:

Get-MgUser – for users
Get-MgServicePrincipal – for apps or services

🧠 Use the Directory Object ID for Owner Assignment

When assigning a group owner with New-MgGroupOwner, you must use the Directory Object ID of the user or service principal.

Supplying a UPN or display name will result in errors. Always resolve the Object ID in advance to ensure a successful assignment.

🔄 Use Group Owners to Delegate Admin Tasks Efficiently

Adding multiple owners to a Microsoft 365 group ensures that critical administrative tasks—like approving member requests or managing resources—aren’t bottlenecked by a single person.

This is especially useful for distributed teams or when the primary owner is unavailable.

Conclusion

The New-MgGroupOwner cmdlet is a powerful tool for managing group ownership in Microsoft 365. By understanding its syntax, usage, and potential pitfalls, administrators can efficiently delegate group management tasks, thereby enhancing team collaboration and operational efficiency. Utilize this cmdlet as part of your PowerShell toolkit to streamline group management processes and ensure that the right people have the appropriate permissions.

For more detailed information, refer to the official Microsoft documentation for the New-MgGroupOwner cmdlet.