How to Use New-MgGroupOwnerByRef to Add Microsoft 365 Group Owners?

Managing Microsoft 365 Groups efficiently means ensuring the right people have the right permissions—and assigning owners is a critical part of that process. Whether you're managing a single group or automating assignments across your organization, the New-MgGroupOwnerByRef cmdlet from Microsoft Graph PowerShell simplifies adding group owners using their unique identifiers.

In this blog, we’ll explore what this cmdlet does, why you should use it, and walk through practical examples—including how to add owners in bulk using a CSV file.

What is New-MgGroupOwnerByRef?

The New-MgGroupOwnerByRef cmdlet is part of the Microsoft Graph PowerShell SDK. It allows administrators to assign one or more users as owners of an existing Microsoft 365 Group by referencing the user’s object via the Microsoft Graph API.

Unlike traditional methods that require modifying the group object directly, this cmdlet works by creating a reference (via @odata.id) to the user you wish to add.

Why Use New-MgGroupOwnerByRef?

Assigning ownership through this method offers several benefits:

• API-native approach: Uses Microsoft Graph best practices.
• Automation-friendly: Perfect for scripts and bulk operations.
• Direct referencing: Avoids the need for additional lookups or user object fetches during the operation.
• Granular control: Adds only owners, keeping member assignment separate if needed.

Cmdlet Syntax

New-MgGroupOwnerByRef -GroupId <String> -BodyParameter <Hashtable>

• GroupId: The unique identifier (GUID) of the Microsoft 365 Group.
• BodyParameter: A hashtable containing the @odata.id that points to the user or directory object to be assigned as the group owner.

Usage Examples

Adding a Single Owner

$Owner = @{
    "@odata.id" = "https://graph.microsoft.com/v1.0/users/{UserId}"
}
                                        
New-MgGroupOwnerByRef -GroupId "5c67f5b3-b1c4-4c16-842d-11b453b6f270" -BodyParameter $Owner
                                        

Replace {UserId} with the actual Azure AD object ID of the user you want to assign as an owner.

Adding Multiple Owners

$Owners = @(
    @{
        "@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/2017e571-90fd-4671-96bb-360c678f4d23"
    }
    @{
        "@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/55bafc67-7ba0-4964-840a-53d480542ab8"
    }
)
                                        
foreach ($Owner in $Owners) {
    New-MgGroupOwnerByRef -GroupId "3a408d7b-d2d1-4ec6-812f-b9ad64187a13" -BodyParameter $Owner
}
                                        

This loop ensures that each directory object is added individually to the specified group.

Importing Owners from a CSV

Assume your CSV file Owners.csv contains a header UserId with user GUIDs:

UserId
2017e571-90fd-4671-96bb-360c678f4d23
55bafc67-7ba0-4964-840a-53d480542ab8


Now use the following script:
$OwnersFromCSV = Import-Csv -Path "C:\Path\To\Owners.csv"
foreach ($Owner in $OwnersFromCSV) {
    $OwnerHash = @{
        "@odata.id" = "https://graph.microsoft.com/v1.0/users/$($Owner.UserId)"
    }
    New-MgGroupOwnerByRef -GroupId "5c67f5b3-b1c4-4c16-842d-11b453b6f270" -BodyParameter $OwnerHash
}
                                        

This is a quick way to add multiple owners without hardcoding each ID.

Frequently Asked Questions

• Can I add users using their email addresses?

No. You must use the user’s Object ID or Directory Object ID. Use Get-MgUser to retrieve it.

• Will this command overwrite existing owners?

No. It adds new owners without affecting existing ones.

• Can I assign a group as the owner of another group?

No. Only users or directory objects can be group owners.

• How do I verify owners?

Use: Get-MgGroupOwner -GroupId

Use Cases

• Initial Group Setup: Automate owner assignment during group provisioning.
• Delegation: Assign team leads or department heads as owners of their respective groups.
• Bulk Ownership Update: Quickly assign owners to multiple groups using scripts or CSV imports.
• Compliance Audits: Ensure every group has a designated owner using reporting scripts.

Conclusion

The New-MgGroupOwnerByRef cmdlet is a powerful and flexible way to manage Microsoft 365 Group ownership. By referencing users directly through their unique identifiers, you gain precision and automation capabilities ideal for modern IT environments.

Whether you're adding one owner or hundreds, this cmdlet keeps your group governance efficient and consistent.