How to Use Remove-MgGroupMemberByRef to Remove Microsoft 365 Group Members?

Managing Microsoft 365 Groups often involves not just adding members, but also removing them when they leave a department, switch roles, or exit the organization. That’s where the Remove-MgGroupMemberByRef cmdlet from the Microsoft Graph PowerShell module comes in handy.

In this guide, we’ll walk through what this cmdlet does, why you’d use it, and how to use it to remove group members—whether you're removing one user or performing a bulk cleanup using a CSV file.

What is Remove-MgGroupMemberByRef?

The Remove-MgGroupMemberByRef cmdlet is part of the Microsoft Graph PowerShell SDK. It is used to remove a member from a Microsoft 365 Group by referencing their directory object ID.

Unlike traditional cmdlets that might work with email addresses or usernames, this one operates on GUIDs—ensuring precision when performing member removals.

Why Use Remove-MgGroupMemberByRef?

You might want to use this cmdlet in scenarios such as:

• Removing inactive or disabled users from security or M365 groups.
• Automating member clean-up tasks across departments or groups.
• Performing bulk removals for users that no longer meet access requirements.
• Ensuring audit-compliant identity lifecycle management in your organization.

This cmdlet is especially useful when you already have users’ DirectoryObjectId values (e.g., from an audit report or a provisioning system).

Cmdlet Syntax

Remove-MgGroupMemberByRef -GroupId  -DirectoryObjectId 

Parameters:

• -GroupId: The GUID of the Microsoft 365 group you want to remove the member from.
• -DirectoryObjectId: The GUID of the user (member) to be removed.

Usage Examples

Single Removal

If you want to remove a single user from a group:

Remove-MgGroupMemberByRef -GroupId "12345678-9abc-def0-1234-56789abcdef0" `

 -DirectoryObjectId "87654321-fedc-ba98-7654-3210fedcba98"

Multiple Member Removals

You can loop through a list of user IDs:

$GroupId = "12345678-9abc-def0-1234-56789abcdef0"
$Members = @(
    "87654321-fedc-ba98-7654-3210fedcba98",
    "01234567-89ab-cdef-0123-456789abcdef"
)
                                
foreach ($Member in $Members) {
    Remove-MgGroupMemberByRef -GroupId $GroupId -DirectoryObjectId $Member
}
                            

Bulk Removal by Reading Data from a CSV File

Perfect for large-scale removals using a CSV file:

$GroupId = "12345678-9abc-def0-1234-56789abcdef0"
$CsvData = Import-Csv -Path "C:\path\to\members.csv"
                                
foreach ($Member in $CsvData) {
    Remove-MgGroupMemberByRef -GroupId $GroupId -DirectoryObjectId $Member.DirectoryObjectId
}
                            

Sample CSV Format

DirectoryObjectId
87654321-fedc-ba98-7654-3210fedcba98
01234567-89ab-cdef-0123-456789abcdef

Frequently Asked Questions

Can I use email addresses instead of DirectoryObjectId?

No. This cmdlet specifically requires the DirectoryObjectId (GUID) of the user. You can fetch it using:

(Get-MgUser -UserPrincipalName "user@domain.com").Id

Will this work for removing members from Microsoft Teams?

Yes! Microsoft Teams are backed by Microsoft 365 Groups. Removing a member from the group removes them from the associated Team as well.

What permission do I need to run this?

You need Group.ReadWrite.All permission when connecting via Connect-MgGraph. Admin consent is required.

Use Cases

Here are some real-world use cases where Remove-MgGroupMemberByRef is incredibly useful:

• Security Cleanup: Remove users who no longer require access to sensitive groups.
• Automated Housekeeping: Scheduled scripts to remove disabled accounts from all groups.
• User Offboarding: Automatically remove users from all group memberships as part of offboarding workflows.
• Departmental Changes: Remove users when they transfer to a new department or project.

Conclusion

The Remove-MgGroupMemberByRef cmdlet offers a precise, scalable, and script-friendly way to manage group membership removals in Microsoft 365. Whether you're working with one user or a thousand, this cmdlet has you covered.

By incorporating this into your automation workflows, you can streamline group management and maintain a secure and clean M365 environment.