M365Corner
M365 PowerShell

Add Owners to Microsoft 365 Groups Using New-MgGroupOwner

This guide explores New-MgGroupOwner cmdlet in Microsoft Graph PowerShell. Learn how to assign owners to groups, manage multiple owners, and troubleshoot common errors effectively.

Microsoft 365 groups are a powerful feature within the Microsoft ecosystem facilitating collaboration and communication among team members. Managing these groups efficiently is crucial, and PowerShell provides robust tools to do so. One such tool is the New-MgGroupOwner cmdlet which allows administrators to add owners to Microsoft 365 groups. This article explores the syntax, usage examples, tips, use cases, possible errors, and solutions for the New-MgGroupOwner cmdlet.

Prerequisites

Before using the Update-MgApplication cmdlet, ensure the following prerequisites are met:

  • Microsoft Graph PowerShell Module: Install the Microsoft Graph PowerShell module if not already installed. You can do this using the command:
    • Install-Module Microsoft.Graph -Scope CurrentUser
  • Authentication: Authenticate to Microsoft Graph using:
    • Connect-MgGraph -Scopes "Group.ReadWrite.All"
  • Group ID: Group Id to which owner is to be added. The Group Id can be obtained using Get-MgGroup cmdlet.
  • DirectoryObjectId (User Id): Id of the user to be added as owner to group. The User Id can be obtained using Get-MgUser cmdlet.


Syntax

New-MgGroupOwner -GroupId <String> -DirectoryObjectId <String> [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters:

  • -GroupId: The unique identifier of the group.
  • -DirectoryObjectId: The unique identifier of the user to be added as an owner.
  • -WhatIf: Shows what would happen if the cmdlet runs. The cmdlet is not run.
  • -Confirm: Prompts for confirmation before running the cmdlet.
  • <CommonParameters>: These parameters include -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable.

Usage Examples

Example 1: Adding a Single Owner to a Group

$groupId = "12345abc-678d-90ef-ghij-klmnopqrstuv"
$directoryObjectId = "98765zyx-432w-vuts-rqpo-nmlkjihgfedc"

New-MgGroupOwner -GroupId $groupId -DirectoryObjectId $directoryObjectId

Example 2: Adding Multiple Owners to a Group

$groupId = "12345abc-678d-90ef-ghij-klmnopqrstuv"
$directoryObjectIds = @("98765zyx-432w-vuts-rqpo-nmlkjihgfedc", "abcdef12-3456-7890-abcd-efghijklmnop")

foreach ($directoryObjectId in $directoryObjectIds) {
    New-MgGroupOwner -GroupId $groupId -DirectoryObjectId $directoryObjectId
}

Example 3: Adding Owner with Confirmation

$groupId = "12345abc-678d-90ef-ghij-klmnopqrstuv"
$directoryObjectId = "98765zyx-432w-vuts-rqpo-nmlkjihgfedc"

New-MgGroupOwner -GroupId $groupId -DirectoryObjectId $directoryObjectId -Confirm

Example 4: Importing Group Owners from a CSV File

If you have a CSV file with a list of group IDs and directory object IDs, you can import and use them to add multiple owners:

CSV File Structure

GroupId,DirectoryObjectId
12345abc-678d-90ef-ghij-klmnopqrstuv,98765zyx-432w-vuts-rqpo-nmlkjihgfedc
12345abc-678d-90ef-ghij-klmnopqrstuv,abcdef12-3456-7890-abcd-efghijklmnop

PowerShell Script

$csvPath = "C:\path\to\your\file.csv"
$groupOwners = Import-Csv -Path $csvPath

foreach ($owner in $groupOwners) {
    New-MgGroupOwner -GroupId $owner.GroupId -DirectoryObjectId $owner.DirectoryObjectId
}

Example 5: Adding Owner with WhatIf

You can also use -WhatIf param with New-MgGroupOwner to check the action that will be peformed when the cmdlet is executed. 

$groupId = "baf5dfb6-da17-4439-a0ff-6ea7b59d6c5f"
$directoryObjectId = "98765zyx-432w-vuts-rqpo-nmlkjihgfedc"
New-MgGroupOwner -GroupId $groupId -DirectoryObjectId $directoryObjectId -WhatIf

Cmdlet Tips

  • Verify Group and User IDs: Ensure that the group and user IDs are correct before running the cmdlet.
  • Use -WhatIf Parameter: This parameter helps to preview the changes before applying them, which is useful for preventing mistakes.
  • Automate with Scripts: For adding multiple owners or handling multiple groups, consider using scripts to automate the process.
  • Ensure the user is already a member of the group before assigning as owner While technically not required, adding the user as a member before making them an owner avoids confusion and ensures the user appears in both member and owner listings, which some apps depend on.

Use Cases

  • Delegating Management: Adding multiple owners to a group to delegate management tasks.
  • Team Collaboration: Ensuring that key team members have the necessary permissions to manage the group's resources.
  • Administrative Tasks: Automating the addition of owners during the group creation process.
  • Delegate group management to department heads: You can use New-MgGroupOwner to assign department heads as group owners, allowing them to manage memberships without needing Global Admin access — perfect for decentralized group control.

Possible Errors & Solutions

Error Cause Solution
Invalid Group or User ID The specified group or user ID does not exist. Verify that the IDs are correct. Use the Get-MgGroup and Get-MgUser cmdlets to retrieve valid IDs.
Insufficient Permissions The user running the cmdlet does not have the necessary permissions. Ensure the user has the required roles to manage group ownership. Check and assign appropriate administrative roles. Then recoonect with Connect-Mggraph cmdlet.



New-MgGroupOwner Vs. New-MgGroupOwnerByRef

The difference between New-MgGroupOwner and New-MgGroupOwnerByRef cmdlets lies in how they identify and reference the group and user objects. New-MgGroupOwner Adds an owner to a group using the group's unique identifier and the user's unique identifier.

New-MgGroupOwner

  • New-MgGroupOwner: Adds an owner to a group using the group's unique identifier and the user's unique identifier.
  • Parameters: -GroupId and -DirectoryObjectId

New-MgGroupOwnerByRef

  • New-MgGroupOwnerByRef: Adds an owner to a group using a reference to the user object rather than the user's unique identifier..
  • Parameters: -GroupId and -BodyParameter (that takes the URL reference to the user object).
    • $newGroupOwner =@{
    "@odata.id"= "https://graph.microsoft.com/v1.0/users/{4de19c17-6a28-4a91-86d1-f717c3c8c229}"
    }
New-MgGroupOwnerByRef -GroupId '1cb7317c-9c49-4dc8-a358-67ad8e95217c' -BodyParameter $newGroupOwner

Frequently Asked Questions

What is New-MgGroupOwner used for?

The New-MgGroupOwner cmdlet is used to assign users or service principals as owners of a Microsoft 365 group. Owners have elevated permissions to manage the group, such as modifying settings or adding members.


Can I assign multiple owners to a group at once?

Yes, you can assign multiple owners by iterating through a list of User IDs. Here’s an example:


    $GroupId = "<GroupId>"
    $Owners = @("<OwnerId>", "<OwnerId2>", "<OwnerId3>")
    foreach ($OwnerId in $Owners) {
        New-MgGroupOwner -GroupId $GroupId -DirectoryObjectId $OwnerId
    }

Can New-MgGroupOwner be used for adding group members?

You cannot use New-MgGroupOwner cmdlet to add group members. New-MgGroupMember is the cmdlet for adding group members.

What happens if I try to add the same user as an owner multiple times?

No change will occur, and no error is thrown. Microsoft Graph silently ignores duplicate owner assignments. It’s safe but good practice to check current owners using Get-MgGroupOwner before adding new ones.


Can New-MgGroupOwnerByRef be used for adding group owners?

Yes, MgGroupOwnerByRef can also be used to add group owners. Group owner details need to be passed as hashtable to -BodyParameter property.


Adding Group Owner Using Microsoft 365 Admin Center

  1. Login into Microsoft 365 Admin Center
  2. Select Teams & Groups >> Active teams & groups page.
    3. Microsoft 365 admin center interface showing group membership tab with owners option highlighted
  3. Select the group (or team) for which you are going to add the group owner.
    4. Microsoft 365 admin center interface showing group membership tab with owners option highlighted
  4. Select Membership tab >> click Add Owners button.
    5. Microsoft 365 admin center interface showing group membership tab with owners option highlighted
  5. Select the group owner and click Add
    6. Microsoft 365 admin center interface showing group membership tab with owners option highlighted
🔐 Only Existing Azure AD Objects Can Be Assigned as Owners

Before assigning an owner using New-MgGroupOwner, ensure the user or service principal already exists in Azure AD.

You can retrieve the Object ID using:
🧠 Use the Directory Object ID for Owner Assignment

When assigning a group owner with New-MgGroupOwner, you must use the Directory Object ID of the user or service principal.

Supplying a UPN or display name will result in errors. Always resolve the Object ID in advance to ensure a successful assignment.

Conclusion

The New-MgGroupOwner cmdlet is a powerful tool for managing group ownership in Microsoft 365. By understanding its syntax, usage, and potential pitfalls, administrators can efficiently delegate group management tasks, thereby enhancing team collaboration and operational efficiency. Utilize this cmdlet as part of your PowerShell toolkit to streamline group management processes and ensure that the right people have the appropriate permissions.

For more detailed information, refer to the official Microsoft documentation for the New-MgGroupOwner cmdlet.


Suggested Reading:

Using Get-MgGroupOwner in Graph PowerShell
Using New-MgGroupOwnerByRef in Graph PowerShell
Table of Contents

X

Table of Contents

© m365corner.com. All Rights Reserved. Design by HTML Codex