M365Corner
M365 PowerShell

Using New-MgGroupOwnerByRef in Graph PowerShell

The New-MgGroupOwnerByRef cmdlet is a powerful tool in the Microsoft Graph PowerShell module that allows administrators to add one or more owners to a Microsoft 365 group. This cmdlet is particularly useful for delegating management responsibilities within an organization, ensuring that group management tasks can be shared among multiple users.


Prerequisites

Before using the New-MgGroupOwnerByRef cmdlet, ensure you have the following:

  • Graph PowerShell Module: Install the Microsoft Graph PowerShell module if you haven't already.
    • Install-Module Microsoft.Graph
  • Required Permissions: You need the appropriate permissions to manage group owners. This typically includes Group.ReadWrite.All and Directory.ReadWrite.All permissions.
  • Authentication: Authenticate to the Microsoft Graph PowerShell.
    • Connect-MgGraph -Scopes "Group.ReadWrite.All" "Directory.ReadWrite.All"

Syntax

New-MgGroupOwnerByRef -GroupId <String> -BodyParameter <Hashtable>

Parameters:

  • -GroupId: The unique identifier of the group to which you want to add the owner.
  • -BodyParameter: A hashtable that specifies the @odata.id of the user you want to add as an owner.

Usage Examples

Example 1: Add a Single Owner to a Group

$groupId = "your-group-id"
$ownerId = "new-owner-id"
$body = @{
    "@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/$ownerId"
}

New-MgGroupOwnerByRef -GroupId $groupId -BodyParameter $body

Example 2: Add Multiple Owners to a Group

$groupId = "your-group-id"
$ownerIds = @("owner-id-1", "owner-id-2", "owner-id-3")

foreach ($ownerId in $ownerIds) {
    $body = @{
        "@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/$ownerId"
    }
    New-MgGroupOwnerByRef -GroupId $groupId -BodyParameter $body
}

Cmdlet Tips

  • Batch Processing: Use loops or batch processing to add multiple owners efficiently.
  • Error Handling: Implement error handling to manage scenarios where adding an owner fails.
  • Logging: Log the output of the cmdlet for auditing purposes.

Use Cases

  • Delegating Group Management: Assign multiple owners to a group to distribute management responsibilities.
  • Automating Group Owner Assignments: Automate the assignment of group owners as part of a larger user provisioning process.
  • Bulk Updates: Perform bulk updates to group ownership, especially during organizational changes.

Possible Errors and Solutions

Error: Insufficient privileges to complete the operation

Solution: Ensure that your account has the necessary permissions (Group.ReadWrite.All and Directory.ReadWrite.All).

Error: Resource not found

Solution: Verify that the GroupId and DirectoryObjectId are correct and that the resources exist in your tenant.

Error: The specified user is already an owner of the group

Solution: Use a try-catch block to handle this error gracefully. You can skip adding the owner if they already exist.

try {
    $body = @{
        "@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/$ownerId"
    }
    New-MgGroupOwnerByRef -GroupId $groupId -BodyParameter $body
} catch {
    if ($_.Exception.Message -like "*already an owner*") {
        Write-Host "User $ownerId is already an owner of the group $groupId."
    } else {
        throw $_
    }
}

Conclusion

The New-MgGroupOwnerByRef cmdlet is an essential tool for Microsoft 365 administrators, enabling efficient management of group ownership. By understanding the prerequisites, syntax, and usage examples, you can leverage this cmdlet to streamline group management tasks. Always ensure to handle possible errors and implement best practices for a smooth administrative experience.

For further information, refer to the official Microsoft documentation.


Related Articles:

Using Get-MgDirectoryRole in Graph PowerShell
Using Get-MgUserLicenseDetail in Graph PowerShell
Using Find-GraphMgCommand in Graph PowerShell
Connect to Microsoft 365 Using PowerShell
How to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Using Powershell Graph Filter Query
Using Where-Object In Graph PowerShell
Using Expand Property In Graph PowerShell
Using Select Object In Graph PowerShell
Using -Contains Operator In Graph PowerShell
Add User to Multiple Microsoft 365 Groups Using Graph PowerShell
Get Microsoft 365 User Location Using Graph PowerShell
Import Microsoft 365 Groups from CSV File Using Graph PowerShell
Microsoft 365 Group User Import Using Graph PowerShell
Table of Contents

X

Table of Contents

© m365corner.com. All Rights Reserved. Design by HTML Codex