m365Corner
M365 Glossary

Get-MgDirectoryDeletedItemAsGroup

What is Get-MgDirectoryDeletedItemAsGroup?

The Get-MgDirectoryDeletedItemAsGroup cmdlet in Microsoft Graph PowerShell is used to retrieve deleted Microsoft 365 groups from the Azure AD recycle bin. When a Microsoft 365 group is deleted, it is not permanently removed immediately. Instead, it is stored temporarily in the Deleted Items container, allowing administrators to review or restore it if necessary.

This cmdlet allows administrators to query and retrieve information about these deleted groups using the DirectoryObjectId, which uniquely identifies the deleted group in the directory.

The cmdlet is particularly useful for administrators who need to audit deleted groups, verify group deletion events, or recover important group-related resources before permanent removal.

🚀 Community Edition Released!

Try the M365Corner Microsoft 365 Reporting Tool — your DIY pack with 20+ out-of-the-box M365 reports for Users, Groups, and Teams.

Why Use Get-MgDirectoryDeletedItemAsGroup?

Administrators can use the Get-MgDirectoryDeletedItemAsGroup cmdlet for several operational and troubleshooting scenarios.

  1. Recover Deleted Groups

    2. Before restoring a group, administrators can verify the deleted group’s details using this cmdlet.

  2. Audit Deleted Group Objects

    3. The cmdlet helps administrators review deleted group objects for auditing and compliance purposes.

  3. Troubleshoot Group Deletion Issues

    4. If a Microsoft 365 group was accidentally deleted, administrators can identify the group object from the deleted directory items.

  4. Validate Deletion Before Permanent Removal

    5. Deleted groups remain in the directory recycle bin for a limited time. This cmdlet helps confirm the group details before permanent deletion.


Prerequisites

Before using the Get-MgDirectoryDeletedItemAsGroup cmdlet, ensure the following requirements are met.

  1. Microsoft Graph PowerShell Module Installed

    2. Install the Microsoft Graph PowerShell module if it is not already installed.

    Install-Module Microsoft.Graph -Scope CurrentUser
  2. Connect to Microsoft Graph

    3. Connect to Microsoft Graph with the required permissions.

    Connect-MgGraph -Scopes "Directory.Read.All"
  3. Administrator Permissions

    4. You must have sufficient privileges such as:

    • Global Administrator
    • Groups Administrator
    • Directory Reader

The following Microsoft Graph permissions are required to retrieve deleted groups.


Graph API Permissions Required

Delegated Permissions

Permission Description
Directory.Read.All Allows reading directory data including deleted objects
Group.Read.All Allows reading group information

Application Permissions

Permission Description
Directory.Read.All Allows applications to read directory objects
Group.Read.All Allows applications to read group data

Admin consent may be required depending on the permission model used.


How to Use Get-MgDirectoryDeletedItemAsGroup?

The basic syntax of the cmdlet is shown below.

Get-MgDirectoryDeletedItemAsGroup -DirectoryObjectId <directory-object-id>

The DirectoryObjectId parameter specifies the unique identifier of the deleted group in Azure AD.


Get-MgDirectoryDeletedItemAsGroup Examples

Below are practical examples demonstrating how administrators can use this cmdlet.


Executing Get-MgDirectoryDeletedItemAsGroup Without Passing DirectoryObjectId

In this example, the cmdlet is executed without specifying a DirectoryObjectId.

Get-MgDirectoryDeletedItemAsGroup

This command attempts to retrieve deleted group objects but typically requires a DirectoryObjectId to return a specific group. Administrators may use this command while testing scripts or troubleshooting command behavior.


Executing Get-MgDirectoryDeletedItemAsGroup By Passing DirectoryObjectId

This example retrieves a specific deleted group using its directory object ID.

Get-MgDirectoryDeletedItemAsGroup -DirectoryObjectId 08b133c9-2515-4956-a4fa-1c98495fbd6d

The cmdlet returns details of the deleted group, such as:

  • Display name
  • Group ID
  • Description
  • Group type
  • Creation details

This helps administrators confirm the group before restoring or permanently deleting it.


Exporting Get-DirectoryDeletedItemsAsGroup Results to CSV

Administrators can export deleted group information to a CSV file for auditing or reporting purposes.

Get-MgDirectoryDeletedItemAsGroup | Export-Csv "d:/deletedgroups.csv" -NoTypeInformation

This command exports the retrieved deleted group data to a CSV file, allowing administrators to analyze or archive the information for future reference.

Conclusion

The Get-MgDirectoryDeletedItemAsGroup cmdlet is a useful Microsoft Graph PowerShell command for retrieving deleted Microsoft 365 groups from the directory recycle bin. It enables administrators to inspect deleted group objects before restoring them or allowing them to be permanently removed.

By incorporating this cmdlet into administrative workflows or automation scripts, organizations can improve group management visibility, audit deleted objects, and prevent accidental data loss within Microsoft 365 environments.

Did You Know? Managing Microsoft 365 applications is even easier with automation. Try our Graph PowerShell scripts to automate tasks like generating reports, cleaning up inactive Teams, or assigning licenses efficiently.

Ready to get the most out of Microsoft 365 tools? Explore our free Microsoft 365 administration tools to simplify your administrative tasks and boost productivity.

© Created and Maintained by LEARNIT WELL SOLUTIONS. All Rights Reserved.