Using New-MgGroupOwner in Graph PowerShell

Microsoft 365 groups are a powerful feature within the Microsoft ecosystem facilitating collaboration and communication among team members. Managing these groups efficiently is crucial, and PowerShell provides robust tools to do so. One such tool is the New-MgGroupOwner cmdlet which allows administrators to add owners to Microsoft 365 groups. This article explores the syntax, usage examples, tips, use cases, possible errors, and solutions for the New-MgGroupOwner cmdlet.

Prerequisites

Before using the Update-MgApplication cmdlet, ensure the following prerequisites are met:

  • Microsoft Graph PowerShell Module: Install the Microsoft Graph PowerShell module if not already installed. You can do this using the command:
  • Install-Module Microsoft.Graph -Scope CurrentUser
  • Authentication: Authenticate to Microsoft Graph using:
  • Connect-MgGraph -Scopes "Group.ReadWrite.All"


Syntax

New-MgGroupOwner -GroupId <String> -DirectoryObjectId <String> [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters:

  • -GroupId: The unique identifier of the group.
  • -DirectoryObjectId: The unique identifier of the user to be added as an owner.
  • -WhatIf: Shows what would happen if the cmdlet runs. The cmdlet is not run.
  • -Confirm: Prompts for confirmation before running the cmdlet.
  • <CommonParameters>: These parameters include -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable.

Usage Examples

Example 1: Adding a Single Owner to a Group

$groupId = "12345abc-678d-90ef-ghij-klmnopqrstuv"
$directoryObjectId = "98765zyx-432w-vuts-rqpo-nmlkjihgfedc"

New-MgGroupOwner -GroupId $groupId -DirectoryObjectId $directoryObjectId

Example 2: Adding Multiple Owners to a Group

$groupId = "12345abc-678d-90ef-ghij-klmnopqrstuv"
$directoryObjectIds = @("98765zyx-432w-vuts-rqpo-nmlkjihgfedc", "abcdef12-3456-7890-abcd-efghijklmnop")

foreach ($directoryObjectId in $directoryObjectIds) {
    New-MgGroupOwner -GroupId $groupId -DirectoryObjectId $directoryObjectId
}

Example 3: Adding Owner with Confirmation

$groupId = "12345abc-678d-90ef-ghij-klmnopqrstuv"
$directoryObjectId = "98765zyx-432w-vuts-rqpo-nmlkjihgfedc"

New-MgGroupOwner -GroupId $groupId -DirectoryObjectId $directoryObjectId -Confirm

Example 4: Importing Group Owners from a CSV File

If you have a CSV file with a list of group IDs and directory object IDs, you can import and use them to add multiple owners:

CSV File Structure

GroupId,DirectoryObjectId
12345abc-678d-90ef-ghij-klmnopqrstuv,98765zyx-432w-vuts-rqpo-nmlkjihgfedc
12345abc-678d-90ef-ghij-klmnopqrstuv,abcdef12-3456-7890-abcd-efghijklmnop

PowerShell Script

$csvPath = "C:\path\to\your\file.csv"
$groupOwners = Import-Csv -Path $csvPath

foreach ($owner in $groupOwners) {
    New-MgGroupOwner -GroupId $owner.GroupId -DirectoryObjectId $owner.DirectoryObjectId
}

Adding Group Owner Using Microsoft 365 Admin Center

Select the Group >> Select Membership tab >> Select Owners option >> Click Add owners button.


Cmdlet Tips

  • Verify Group and User IDs: Ensure that the group and user IDs are correct before running the cmdlet.
  • Use -WhatIf Parameter: This parameter helps to preview the changes before applying them, which is useful for preventing mistakes.
  • Automate with Scripts: For adding multiple owners or handling multiple groups, consider using scripts to automate the process.

Use Cases

  • Delegating Management: Adding multiple owners to a group to delegate management tasks.
  • Team Collaboration: Ensuring that key team members have the necessary permissions to manage the group's resources.
  • Administrative Tasks: Automating the addition of owners during the group creation process.

Possible Errors & Solutions

Error: Invalid Group or User ID

Description: The specified group or user ID does not exist.

Solution:

  • Verify that the IDs are correct.
  • Use the Get-MgGroup and Get-MgUser cmdlets to retrieve valid IDs.

Error: Insufficient Permissions

Description: The user running the cmdlet does not have the necessary permissions.

Solution:

  • Ensure the user has the required roles to manage group ownership.
  • Check and assign appropriate administrative roles.

New-MgGroupOwner Vs. New-MgGroupOwnerByRef

The difference between New-MgGroupOwner and New-MgGroupOwnerByRef cmdlets lies in how they identify and reference the group and user objects. New-MgGroupOwner Adds an owner to a group using the group's unique identifier and the user's unique identifier.

New-MgGroupOwner

  • New-MgGroupOwner: Adds an owner to a group using the group's unique identifier and the user's unique identifier.
  • Parameters: -GroupId and -DirectoryObjectId

New-MgGroupOwnerByRef

  • New-MgGroupOwnerByRef: Adds an owner to a group using a reference to the user object rather than the user's unique identifier..
  • Parameters: -GroupId and -BodyParameter (that takes the URL reference to the user object).
  • $newGroupOwner =@{
        "@odata.id"= "https://graph.microsoft.com/v1.0/users/{4de19c17-6a28-4a91-86d1-f717c3c8c229}"
        }
    New-MgGroupOwnerByRef -GroupId '1cb7317c-9c49-4dc8-a358-67ad8e95217c' -BodyParameter $newGroupOwner
    

Conclusion

The New-MgGroupOwner cmdlet is a powerful tool for managing group ownership in Microsoft 365. By understanding its syntax, usage, and potential pitfalls, administrators can efficiently delegate group management tasks, thereby enhancing team collaboration and operational efficiency. Utilize this cmdlet as part of your PowerShell toolkit to streamline group management processes and ensure that the right people have the appropriate permissions.

For more detailed information, refer to the official Microsoft documentation for the New-MgGroupOwner cmdlet.


Suggested Reading:

Using Get-MgGroupOwner in Graph PowerShell
Using New-MgGroupOwnerByRef in Graph PowerShell

© m365corner.com. All Rights Reserved. Design by HTML Codex