M365Corner
PowerShell

Using Get-MgGroupMember with Get-MgUser: Fetch Personal Details of Group Members

Managing Microsoft 365 groups often requires insight into the members and their details. While the Get-MgGroupMember cmdlet retrieves the members of a specified group, it only provides their User IDs by default. To fetch personal details such as Display Name, User Principal Name (UPN), and Email, you need to pair it with the Get-MgUser cmdlet. This article explains how to combine these cmdlets effectively, with special emphasis on the necessity of nesting them to retrieve detailed member information.

Usage Example

The following script retrieves the members of a specified group and fetches their personal details:


# Retrieve members of a specified group
$groupMembers = Get-MgGroupMember -GroupId "1cbe8c31-589d-453a-a1e5-045f7f00c967"
                                
# Initialize an array to store detailed user information
$userDetails = @()
                                
# Loop through each group member and retrieve additional properties
foreach ($member in $groupMembers) {
    $user = Get-MgUser -UserId $member.Id -Property "id, displayName, userPrincipalName"
    $userDetails += [PSCustomObject]@{
        Id                 = $user.Id
        DisplayName        = $user.DisplayName
        UserPrincipalName  = $user.UserPrincipalName
    }
}
                                
# Display the detailed user information
$userDetails | Select-Object Id, DisplayName, UserPrincipalName

Why Nesting Cmdlets is Necessary

By default, Get-MgGroupMember provides only the User IDs of group members, which are insufficient for fetching additional details such as Display Name and UPN. To retrieve these properties, the User ID must be passed to the Get-MgUser cmdlet. This pairing ensures you get complete and actionable user data.

Get-MgGroupMember fetches only User IDs Using Get-MgGroupMember With Get-MgUser fetches additional info like DisplayName, UserPrincipalName

How the Script Works

Here's how the script works:

  • Retrieve Group Members: The Get-MgGroupMember cmdlet fetches the list of members by their User IDs:
    • $groupMembers = Get-MgGroupMember -GroupId "Group-ID"
  • Fetch User Details Using Get-MgUser: Loop through the members and use the Get-MgUser cmdlet with each User ID to retrieve personal details:
    • foreach ($member in $groupMembers) {
    $user = Get-MgUser -UserId $member.Id -Property "id, displayName, userPrincipalName"
}
  • Combine Results: Store the retrieved details in an array or export them for further use:
    • $userDetails += [PSCustomObject]@{
    Id                 = $user.Id
    DisplayName        = $user.DisplayName
    UserPrincipalName  = $user.UserPrincipalName
}

Without this nesting, you won’t be able to fetch additional user properties.

Tips and Best Practices

  • Optimize with Selective Properties: Use the -Property parameter in Get-MgUser to retrieve only the fields you need, reducing the data payload:
    • -Property "id, displayName, userPrincipalName"
  • Export Results for Analysis: Save the retrieved user details to a CSV file for further analysis or reporting:
  • Handle Large Groups Efficiently: For groups with many members, consider using the -All parameter with Get-MgGroupMember to fetch all results:
    • $groupMembers = Get-MgGroupMember -GroupId "Group-ID" -All
  • Incorporate Error Handling: Add error handling to manage scenarios where user details cannot be retrieved:
    • try {
$user = Get-MgUser -UserId $member.Id
} catch {
    Write-Warning "Could not retrieve details for User ID: $($member.Id)"
}

Possible Errors & Solutions

Error Cause Solution
The specified object was not found in the directory. The Group ID or User ID is invalid or does not exist Verify the Group ID using the Get-MgGroup cmdlet: 
Get-MgGroup -Filter "displayName eq 'GroupName'"
cmdlet:
Insufficient privileges to complete the operation. Missing permissions like GroupMember.Read.All or User.Read.All. Assign the required permissions to the account running the script
No members found in the group. The group is empty or the user has no direct access. Confirm the group membership in Azure AD.
Request throttled due to too many API calls. Excessive requests when processing large groups Add a delay between requests or process members in batches.
Start-Sleep -Seconds 1

Use Cases

  • Generate Group Membership Reports: Create reports detailing group members' Display Names, UPNs, and Emails for internal tracking.
  • Audit Membership for Compliance: Ensure only authorized users are part of critical groups, such as administrative or security-sensitive roles.
  • Support Access Management:Retrieve group member details to manage permissions or send targeted communications.
  • Facilitate Organizational Restructuring: Export membership details for analysis during team reorganizations or migrations.

Conclusion

Pairing Get-MgGroupMember with Get-MgUser is essential for retrieving detailed information about group members in Microsoft 365. While Get-MgGroupMember provides only the User IDs, Get-MgUser enables you to fetch valuable properties such as Display Name, UPN, and Email. This method simplifies group management, aids in compliance reporting, and ensures a clear view of group memberships. Start using this approach today to enhance your administrative workflows!

Table of Contents

X

Table of Contents

© m365corner.com. All Rights Reserved. Design by HTML Codex