How to Use Remove-MgGroupOwnerByRef to Remove Microsoft 365 Group Owners?

Managing Microsoft 365 Groups includes not just assigning the right owners but also removing outdated or incorrect ownership assignments. Whether an employee has changed roles or left the organization, it's essential to keep group ownership updated to avoid administrative gaps.

The Remove-MgGroupOwnerByRef cmdlet in Microsoft Graph PowerShell makes this task seamless. In this guide, you'll learn what it does, when to use it, and how to remove group owners—individually or in bulk.

What is Remove-MgGroupOwnerByRef?

Remove-MgGroupOwnerByRef is a Microsoft Graph PowerShell cmdlet that lets you remove an owner from a Microsoft 365 Group by referencing their directory object ID. This approach is part of the modern Graph API model, which uses RESTful references to modify group associations.

Why Use Remove-MgGroupOwnerByRef?

Using this cmdlet ensures:

• Clean group ownership when someone changes roles or leaves.
• Security by removing access rights tied to ownership.
• Automation-ready processes for IT admins managing large organizations.
• No GUI dependency, enabling PowerShell-first administrative workflows.

It’s especially useful in automation scripts, compliance routines, and role-based cleanups.

Cmdlet Syntax

Remove-MgGroupOwnerByRef -GroupId <String> -DirectoryObjectId <String> [-Confirm]

• GroupId: The GUID of the Microsoft 365 Group.
• DirectoryObjectId: The Azure AD Object ID of the user to be removed as an owner.
• -Confirm (optional): Prompts for confirmation before executing the removal.

Usage Examples

Removing a Single Owner

Remove-MgGroupOwnerByRef -GroupId "12345678-9abc-def0-1234-56789abcdef0" `-DirectoryObjectId "87654321-fedc-ba98-7654-3210fedcba98"

This command removes the specified user as an owner from the group.

Removing Multiple Owners

$GroupId = "12345678-9abc-def0-1234-56789abcdef0"
$Owners = @(
    "87654321-fedc-ba98-7654-3210fedcba98",
    "01234567-89ab-cdef-0123-456789abcdef"
)
foreach ($Owner in $Owners) {
    Remove-MgGroupOwnerByRef -GroupId $GroupId -DirectoryObjectId $Owner
}
                                            

Great for removing multiple users during access reviews or team transitions.

Importing Owners from a CSV

CSV Format

Ensure your CSV file (e.g., owners.csv) looks like this:

DirectoryObjectId
87654321-fedc-ba98-7654-3210fedcba98
01234567-89ab-cdef-0123-456789abcdef

PowerShell Script

$GroupId = "12345678-9abc-def0-1234-56789abcdef0"
$CsvData = Import-Csv -Path "C:\path\to\owners.csv"
                                            
foreach ($Owner in $CsvData) {
    Remove-MgGroupOwnerByRef -GroupId $GroupId -DirectoryObjectId $Owner.DirectoryObjectId
}
                                        

This is ideal for bulk de-provisioning and scheduled cleanups.

Frequently Asked Questions

• How do I get a user's DirectoryObjectId?

Use the following command: Get-MgUser -UserId "username@domain.com" | Select-Object Id

• Will removing the last owner cause issues?

Yes. Every group should ideally have at least one owner. If the last owner is removed, no one can manage the group unless reassigned.

• Can I remove owners using email or UPN?

No. The cmdlet requires the user's Directory Object ID (GUID), not email or UPN.

• How do I verify group owners before or after removal?

Run: Get-MgGroupOwner -GroupId

Use Cases

• Role changes: When a user moves to another department.
• Security cleanup: Removing ex-employees from sensitive group access.
• Compliance audits: Ensure only authorized individuals remain owners.
• Ownership rotation: For periodic reassignments in dynamic teams.

Conclusion

The Remove-MgGroupOwnerByRef cmdlet is a simple yet powerful tool for maintaining accurate ownership of Microsoft 365 Groups. With support for single, multiple, and CSV-based bulk operations, it offers flexibility and control to IT administrators managing group governance at scale.

If you’re running cleanup routines or building automated scripts for group management, this cmdlet should be a key part of your toolkit.