‘Deep Dive’ into Office 365 PowerShell cmdlets: Groups

As powerful as Office 365 is, it can be made even more powerful with simple PowerShell cmdlets that can streamline your work and make your life easier. In today’s “Deep Dive,” we look at working with Office 365 groups.

In our previous Office 365 Deep Dive, we provided a PowerShell script that you can use to collect the health status of groups that sync from On-Premises Active Directory. The PowerShell script that we explained in the earlier part uses the Get-MsolGroup PowerShell cmdlet that helps you check health status of groups by checking two important properties: ValidationStatus and DirSyncProvisioningErrors. If script doesn’t find “Healthy” value in the “ValidationStatus” property, it reports the Group name and its current status in the CSV file generated by the script.

Let’s take a look at some of the examples of using the Get-MsolGroup PowerShell cmdlet.

Displaying groups that start with a specific name

In case you need to retrieve a list of groups that start only with a specific word, you should use this PowerShell command:

Get-MsolGroup | Where-Object {$_.DisplayName –like “*Test*”} | Export-CSV C:\Temp\TestGroups.CSV

This command searches for “Test” word in each group and then stores the output in C:\Temp\TestGroups.CSV file.

Exporting security groups by group type

If you need to export a list of groups by their group type, execute this PowerShell command:

$SecGroups = Get-MsolGroup –GroupType “Security” | Export-CSV C:\Temp\SecurityGroups.CSV

This command exports all security groups from an Office 365 tenant and saves the output in C:\Temp\SecurityGroups.CSV file.

Checking members of specific groups

If you want to check members of a specific group, use these commands:

$SecGroups = Get-MsolGroup –GroupType “Security”
Get-MsolGroupMember –GroupObjectID $SecGroups, ObjectID

The first command stores the output of all Security Groups in $SecGroups variable and then next command displays the members of groups reported in the $SecGroups variable. In case you need to export the output to a CSV file, simply add “Export-CSV” cmdlet as shown in the command below:

Get-MsolGroupMember –GroupObjectID $SecGroups, ObjectID | Export-CSV C:\Temp\SecurityGroupMembers.CSV

Adding and removing members from Office 365 groups

It is important to note that you don’t add and remove members from Office 365 groups frequently. While Office 365 Admin Center offers an intuitive portal to add and remove members from Office 365 groups, it is worth looking at the PowerShell cmdlets that you can also use to add and remove members from groups. When performing a bulk add or remove operation, it is always easy to do using PowerShell cmdlets.

The “Add-MsolGroupMember” PowerShell cmdlet is used to add members to Office 365 groups and “Remove-MsolGroupMember” Powershell cmdlet to remove members from Office 365 groups. Let’s take a look at some of the examples.

To add a member to an Office 365 group, execute this command:

Add-MsolGroupMember –GroupObjectID <Group ID> -GroupMemberType User –GroupMemberObjectID <User Object ID&gt

Note that you need to specify the Object ID of both group and member. In other words, Add-MsolGroupMember does not support specifying the name of the group or member. However, when performing a bulk add operation, it is easy to do using Add-MsolGroupMember PowerShell cmdlet. For example, if you want to add users that end with “TechGenix.com” domain in their UPN to a group named “All Security Users,” execute these PowerShell commands:

$GetGroup = Get-MsolGroup | Where {$_.DisplayName –eq “All Security Users”}
$TechGenixUsers = Get-MsolUser | Select UserPrincipalName, ObjectID | Where {$_.UserPrincipalName –like “*TechGenix.com*”}
$TechGenixUsers | ForEach {Add-MsolGroupMember –GroupObjectID $GetGroup.ObjectID –GroupMemberType “User” –GroupMemberObjectID $_.ObjectID}

As you can see in the above commands, the first gets “All Security Users” group and stores its properties and values in the $GetGroup variable. The second command gets all the users from the Office 365 tenant, but filters only users that have “TechGenix.com” domain in their User Principal Name. Finally, the third command performs the add operation using the Add-MsolGroupMember PowerShell command. It traverses through each user, gets the Object ID of the user, and then adds the user to the specified Office 365 group.

When it comes to removing a member from an Office 365 group, you should use Remove-MsolGroupMember PowerShell cmdlet and, similar to Add-MsolGroupMember, you will need to specify Object IDs of both group and member. For example, to remove a single member from a specified Office 365 group, run the following commands:

$ThisGroupID = Get-MsolGroup –SearchString “All Security Users”
$ThisUserID = Get-MsolUser –UserPrincipalName “[email protected]”
Remove-MsolGroupMember –GroupObjectID $ThisGroupID –GroupMemberType User –GroupMemberObjectID $ThisUserID

In the commands above, we retrieved Object IDs of both group and member by using Get-MsolGroup and Get-MsolUser PowerShell cmdlets, and then stored the Object IDs in $ThisGroupID and $ThisUserID variables, respectively. The third command removes the member from the group.

Coming attractions

In this part, we provided some more examples of Get-MsolGroup PowerShell cmdlet. We also explained how you can add and remove members from Office 365 Groups by using Add-MsolGroupMember and Remove-MsolGroupMember PowerShell cmdlets.

In the next and subsequent parts our Deep Dive series, we will give you Office 365 PowerShell cmdlets that you can use to manage other aspects of an Office 365 tenant. We will also offer some more examples of using Get-MsolGroup PowerShell cmdlet and then move on to using Add-MsolGroupMember and Remove-MsolGroupMember PowerShell cmdlets to add and remove members to the groups in an Office 365 tenant.