0

My company uses Microsoft 365. When I go to admin.microsoft.com, I can see "Teams & groups > Active teams & groups" as navigation item.

Opening one of the groups in the side panel, I can see "Owners" and "Members" as distinct sublists within the "Membership" tab:

The "Owners" list of a group in Microsoft 365 admin center

The "Members" list of a group in Microsoft 365 admin center

I want to retrieve the member lists of all groups, alongside the information whether each member is an owner, using a PowerShell script, from my local PC. Ultimately, I want to export that to CSV, but for now I'm just print-lining to the host. This is my latest attempt:

Connect-MsolService $Groups = Get-MsolGroup -GroupType DistributionList foreach ($Group in $Groups) { $GroupName = $Group.DisplayName $Address = $Group.EmailAddress $GroupId = $Group.ObjectId $Group2 = Get-MsolGroup -ObjectId $GroupId $ManagedBy = $Group2.ManagedBy $GroupMembers = Get-MsolGroupMember -GroupObjectId $GroupId $Fields = $GroupName, $Address, $GroupId, $ManagedBy.EmailAddress + $GroupMembers.EmailAddress $Content = $Fields -join ',' $Content }

The result this gives me is this (notice how the 4th column that should be the $ManagedBy.EmailAddress is empty):

Foo,[email protected],085d1225-a545-e497-b37b-c6496da4fedd,,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected]

There are several things I changed from the original draft before arriving here:

First, I tried to use $GroupMembers.GroupMemberType to differentiate between "Owner" and "Member", but the possible values of this property are "User, ServicePrincipal, Contact, or Group", so it is User for members and owners alike, and clearly was not how to do it.

Next, I tried to access $Group.ManagedBy, hoping to identify at least one of the owners for a start. But the property was empty. Some Microsoft Community Hub post suggested this was because ManagedBy was only filled when the request was for a single object, hence the $Group2 query and the current form of the script. However, the $ManagedBy variable is still always empty, for all groups.

So how can I access the information whether a member is an owner, information that the online admin portal obviously has access to?

Additional info:

I also tried to use Get-ADGroup from the ActiveDirectory module after enabling RSAT, but this one never asks for or finds a way to connect to the online resource, and the only thing I could find was a supposed Connect-ADServer cmdlet which isn't recognized as a valid cmdlet on my machine (Get-ADGroup is, though). Not sure if all that is only meant to be used on the AD server or in the cloud shell.

What further complicates my situation is that according to the Microsoft Learn documentation of MSOnline it is deprecated, so it recommends "Azure AD Graph" (not sure if that's the same as the ActiveDirectory module), which according to itself is also already deprecated, hence that is referring to yet another thing, namely Microsoft Graph PowerShell SDK, which doesn't really look like cmdlets but rather like .NET libraries (but I might be wrong).

It also doesn't help that PowerShell ISE is also deprecated and everything is a horrible mess in outdated information with deprecation notes linking to also deprecated replacements. I am totally confused and don't even know anymore whether a fixed script using Get-MsolGroup would work for more than 3 months.

So, I started my quest with "How to get the member role" and have now been down a 10 hour rabbit hole ending up at "What module in which IDE can I even use that isn't deprecated in a few months?"

Improve this question
3
  • You're looking for Microsoft Graph PowerShell Module -- but honestly, its crap - its a bunch of autogenerated cmdlets based on autorest/swagger/openapi -- with no though put into them at all for the end-conumser of the module. IN some cases its as if the pipeline was never invented. You're almost better off just learning to use powershell (or something else) to read/write the API natively. I digress. The module can be installed from the gallery (Microsoft.Graph) powershellgallery.com/packages/Microsoft.Graph/2.12.0 Commented Jan 26, 2024 at 23:05
  • 1
    Okay, so the deprecation-redirect-cascade was leading the right way. But oh my god. After installing the module, PowerShell autocomplete has become useless, because for every prefix like Add-, Find-, Get- etc. there's now 50 -MgSomething suggestions. Ugh. You know what, before I figure out how to find the right union of permissions for the 60 cmdlets necessary to get the data, I might as well go through the groups panels in 365 online admin panel, and write down the owners by hand. Sadly I'm afraid that is faster, even for the 90 groups we have. Commented Jan 27, 2024 at 0:08
  • Those groups are all Microsoft 365 groups when you look in Entra? Commented Jan 27, 2024 at 5:20

2 Answers 2

Reset to default
0

I would install vscode on my machine, and use the graph module. For getting the owners you could something like this, how you get the members that's something I let you figure out yourself

# Install and import the Microsoft Graph PowerShell module Install-Module -Name Microsoft.Graph -Force -AllowClobber Import-Module Microsoft.Graph # Authenticate to Microsoft Graph (you will be prompted to sign in) Connect-MgGraph # Get all Microsoft 365 groups $groups = Get-MgGroup -Top 500 # You can adjust 'Top' based on your needs # Iterate through each group and display owners foreach ($group in $groups) { $groupId = $group.Id $owners = Get-MgGroupOwner -GroupId $groupId Write-Host "Owners of group '$($group.DisplayName)': $($owners.UserPrincipalName -join ', ')" } # Disconnect from Microsoft Graph Disconnect-MgGraph
Improve this answer
1
  • I had been using VS Code, too. Get-MgGroupOwner is not quite what I need, because it only has the Ids. I tried Get-MgGroupOwnerAsUser and that was better, Get-MgGroupMemberAsUser doesn't work though. I get the right number of objects, but all their properties except for their Ids are always null, even with -Property defined. Needs more try and error, or I'll forgo the PS approach and try my luck with the C# SDK. Commented Jan 28, 2024 at 20:17
0

Have you tried using the Microsoft Teams module

# Install the required module if not already installed Install-Module -Name MicrosoftTeams -Force -AllowClobber # Connect to Microsoft 365 Connect-MicrosoftTeams # Get all Microsoft 365 groups $groups = Get-Team # Loop through each group foreach ($group in $groups) { # Get group details $groupDetails = Get-TeamUser -GroupId $group.GroupId # Output group name Write-Host "Group: $($groupDetails.DisplayName)" # Loop through group members foreach ($member in $groupDetails) { $isOwner = if ($member.Role -eq "Owner") { "Owner" } else { "Member" } Write-Host " Member: $($member.User.DisplayName), Role: $isOwner" } # Add a separator for better readability Write-Host "-----------------------" } # Disconnect from Microsoft 365 Disconnect-MicrosoftTeams
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.