m365Corner




M365 Blogs

Ultimate Guide for Using Get-MgGroupOwner Cmdlet

Managing group ownership in Microsoft 365 is a key responsibility for administrators. Group owners play a pivotal role in maintaining the group’s functionality and security, as they manage memberships, configure settings, and oversee group access to resources like Teams, SharePoint, and Planner.

The Get-MgGroupOwner cmdlet, part of the Microsoft Graph PowerShell module, provides administrators with a powerful tool to retrieve group ownership details programmatically. This guide will take you through its usage, with practical examples and best practices to make your work easier.

Who Are Microsoft 365 Group Owners?

In Microsoft 365, group owners are designated members with elevated permissions to manage the group. Their responsibilities include:

  • Adding or removing group members.
  • Managing group settings and policies.
  • Ensuring that the group remains active and secure.

By designating owners, organizations ensure that every group has accountable individuals who oversee its operations and access.

Why Use Get-MgGroupOwner?

The Get-MgGroupOwner cmdlet allows administrators to retrieve the owners of any Microsoft 365 group. While the Admin Center enables manual checks, Get-MgGroupOwner offers a faster, more efficient way to:

  • Audit group ownership across multiple groups.
  • Identify missing or incorrect owner assignments.
  • Automate group ownership management tasks.

Setting Up Microsoft Graph PowerShell

Before using Get-MgGroupOwner, set up the Microsoft Graph PowerShell module:

  1. Install the Module: 
    2. Install-Module Microsoft.Graph -Scope CurrentUser
  2. Connect to Microsoft Graph: 
    3. Connect-MgGraph
  3. Disconnect After Use: 
    4. Disconnect-MgGraph

Exploring the Get-MgGroupOwner Cmdlet

The Get-MgGroupOwner cmdlet retrieves the owners of a specified Microsoft 365 group.

Cmdlet Syntax

Get-MgGroupOwner [-GroupId <String>] [-Filter <String>] [-All <Boolean>] [<CommonParameters>]

Usage Examples

  1. Retrieve Owners by Group ID:

    2. The -GroupId parameter is required to specify the group for which you want to retrieve ownership details.

    Get-MgGroupOwner -GroupId "1e141d1d-71c0-4f24-8ed2-2ce3a63c28d5"
  2. Interactive Group ID Prompt:

    3. If you omit the -GroupId parameter, PowerShell will prompt you to enter it interactively:

    Get-MgGroupOwner
  3. Get-MgGroupOwner Returns Only Owner IDs by Default

    4. The Get-MgGroupOwner cmdlet, by default, provides only the IDs of group owners. 

    Get-MgGroupOwner -GroupId "1e141d1d-71c0-4f24-8ed2-2ce3a63c28d5"
  4. Use Get-MgUser with Get-MgGroupOwner to Get Detailed User Information

    5. To fetch detailed information such as DisplayName, UPN, and Mail, combine Get-MgGroupOwner with Get-MgUser:

    # Retrieve owners of the specified group  
$groupOwners = Get-MgGroupOwner -GroupId "1e141d1d-71c0-4f24-8ed2-2ce3a63c28d5"  
                                    
# Initialize an array to store detailed user information  
$userDetails = @()  
                                    
# Loop through each group owner and retrieve additional properties  
foreach ($member in $groupOwners) {  
        $user = Get-MgUser -UserId $member.Id -Property "id, displayName, userPrincipalName"  
        $userDetails += [PSCustomObject]@{  
                Id                 = $user.Id  
                DisplayName        = $user.DisplayName  
                UserPrincipalName  = $user.UserPrincipalName  
        }  
}  
                                    
# Display the detailed user information  
$userDetails | Select-Object Id, DisplayName, UserPrincipalName

Best Practices for Using Get-MgGroupOwner

  • Audit Regularly: Regularly audit group ownership to ensure that groups have the appropriate number of owners and that ownership is correctly assigned.
  • Combine Cmdlets for Advanced Reporting Combine Get-MgGroupOwner with cmdlets like Get-MgGroup or Get-MgUser to generate comprehensive reports.
  • Limit Scope for Efficiency: Use the -Filter or -All parameters to retrieve only the data you need, minimizing resource usage.
  • Secure Your Session: Always disconnect from Microsoft Graph when tasks are completed to maintain security.

Conclusion

The Get-MgGroupOwner cmdlet is an invaluable tool for Microsoft 365 administrators, enabling efficient and detailed management of group ownership. Whether you’re auditing ownership assignments, fetching detailed owner information, or automating group management workflows, this cmdlet provides the flexibility and power you need.

By mastering Get-MgGroupOwner and integrating it with other Microsoft Graph PowerShell cmdlets, you can streamline your administrative tasks and enhance your organization’s productivity.

Did You Know? Managing Microsoft 365 applications is even easier with automation. Try our Graph PowerShell scripts to automate tasks like generating reports, cleaning up inactive Teams, or assigning licenses efficiently.

Ready to get the most out of Microsoft 365 tools? Explore our free Microsoft 365 administration tools to simplify your administrative tasks and boost productivity.

© M365Corner. All Rights Reserved.