M365 Blogs

Ultimate Guide for Using New-MgGroupOwnerByRef Cmdlet

The New-MgGroupOwnerByRef cmdlet is a powerful Microsoft Graph PowerShell command that allows administrators to assign owners to Microsoft 365 groups efficiently. By using this cmdlet, IT admins can streamline group management, ensure appropriate delegation, and enhance security by designating multiple owners. In this guide, we’ll explore its functionality, syntax, and best practices for usage.

Who are Group Owners?

In Microsoft 365, Group Owners are designated users responsible for managing group membership, permissions, and settings. Owners have elevated privileges over standard members, including the ability to add or remove users and update group information. They serve as administrators for the group, ensuring smooth collaboration and access control.

A Microsoft 365 group can have multiple owners, providing redundancy and ensuring that group management responsibilities do not fall on a single user. This is particularly important for business continuity and effective delegation.

Why Use New-MgGroupOwnerByRef?

The New-MgGroupOwnerByRef cmdlet is a Microsoft Graph PowerShell command that allows administrators to assign one or more owners to a Microsoft 365 group efficiently. It provides a streamlined way to:

Automate group ownership assignments.
Assign multiple owners in bulk.
Ensure proper governance by designating backup owners.
Enhance security by clearly defining group managers.

By leveraging New-MgGroupOwnerByRef, administrators can simplify the process of group ownership assignment without manually navigating through the Microsoft 365 admin center.

Setting Up Microsoft Graph PowerShell

Before using the New-MgGroupOwnerByRef cmdlet, you need to set up Microsoft Graph PowerShell. Follow these steps:

Install the Module

Ensure you have the Microsoft Graph PowerShell module installed. Run the following command:

Install-Module Microsoft.Graph -Scope CurrentUser

Connect to Microsoft Graph

This installs the module for the current user without requiring administrative privileges.

Connect-MgGraph -Scopes "Group.ReadWrite.All"

This grants access to read and write group-related data, allowing you to manage group owners.

Disconnect After Use

After executing your commands, always disconnect from Microsoft Graph to maintain security:

Disconnect-MgGraph

Exploring the New-MgGroupOwnerByRef Cmdlet

Syntax

The basic syntax of New-MgGroupOwnerByRef is:

New-MgGroupOwnerByRef -GroupId <GroupId> -BodyParameter <Hashtable>

-GroupId: Specifies the ID of the Microsoft 365 group.
-BodyParameter: Defines the owner(s) to be added, formatted as a hashtable with the @odata.id property referencing the user's directory object ID.

Practical Examples of New-MgGroupOwnerByRef

Adding a Single Owner

To assign a single owner to a Microsoft 365 group, use the following script:
$Owner = @{
"@odata.id" = "https://graph.microsoft.com/v1.0/users/{UserId}"
}
                                
New-MgGroupOwnerByRef -GroupId "5c67f5b3-b1c4-4c16-842d-11b453b6f270" -BodyParameter
$Owner

Replace {UserId} with the actual user's object ID to be assigned as the owner.

Adding Multiple Owners

To assign multiple owners, use an array of hashtables and loop through them:

$Owners = @(
@{
"@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/2017e571-90fd-4671-96bb-
360c678f4d23"
}
                                
@{
"@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/55bafc67-7ba0-4964-840a-
53d480542ab8"
}
)
                                
foreach ($Owner in $Owners) {
New-MgGroupOwnerByRef -GroupId "3a408d7b-d2d1-4ec6-812f-b9ad64187a13" -BodyParameter
$Owner
}

This method allows you to efficiently assign multiple owners to a group in one go.

Best Practices for Using New-MgGroupOwnerByRef

Verify Permissions:Ensure you have Group.ReadWrite.All permission before running the cmdlet.
Use Object IDs:Always use user object IDs instead of email addresses to avoid errors.
Bulk Assignments:When adding multiple owners, use a loop to streamline the process.
Regular Audits:Periodically check and update group ownership to maintain security and compliance.

New-MgGroupOwnerByRef Vs New-MgGroupOwner

	New-MgGroupOwnerByRef	New-MgGroupOwner
Purpose	Adds owners by reference.	Directly assigns a user as an owner
Required Permissions	Group.ReadWrite.All	Group.ReadWrite.All
Input Format	Uses @odata.id URL	Uses User ID directly
Use Case	Ideal for bulk assignments	Ideal for quick individual assignments
Flexibility	Can assign multiple owners in a loop	Requires multiple separate calls
Removal Process	Requires `Remove-MgGroupOwnerByRef`	Requires `Remove-MgGroupOwner`

Conclusion

The New-MgGroupOwnerByRef cmdlet is a powerful tool for managing Microsoft 365 group ownership. It allows administrators to efficiently assign ownership to individuals or multiple users, ensuring that group management responsibilities are properly delegated.

By following the best practices, understanding the differences between owners and members, and using Microsoft Graph PowerShell efficiently, you can simplify your group's administration and improve collaboration across your organization.

Start using New-MgGroupOwnerByRef today to take control of your Microsoft 365 groups with ease!

Need more Microsoft Graph PowerShell insights? Stay tuned for more guides on managing M365 efficiently!

Did You Know? Managing Microsoft 365 applications is even easier with automation. Try our Graph PowerShell scripts to automate tasks like generating reports, cleaning up inactive Teams, or assigning licenses efficiently.

Ready to get the most out of Microsoft 365 tools? Explore our free Microsoft 365 administration tools to simplify your administrative tasks and boost productivity.