Deep Dive Into Office 365 PowerShell Cmdlets (Part 10)

If you would like to read the other parts in this article series please go to:

In Part 9 of this article series, we provided a PowerShell script that you can use to collect health status of groups that sync from On-Premises Active Directory. PowerShell script that we explained in the earlier part uses Get-MsolGroup PowerShell cmdlet that helps you check health status of Groups by checking two important properties ValidationStatus and DirSyncProvisioningErrors properties. If script doesn’t find “Healthy” value in the “ValidationStatus” property, it reports the Group name and its current status in the CSV file generated by the script.

In part 10 of this article series, we will explain some more examples of using Get-MsolGroup PowerShell cmdlet and then move on to using Add-MsolGroupMember and Remove-MsolGroupMember PowerShell cmdlets to add and remove members to the groups in an Office 365 Tenant. Let’s take a look at some of the examples of using Get-MsolGroup PowerShell cmdlet.

Command 1: Displaying Groups that start with a specific name

In case you need to retrieve a list of groups that start only with a specific word, you will use below PowerShell command.

  • Get-MsolGroup | Where-Object {$_.DisplayName –like “*Test*”} | Export-CSV C:\Temp\TestGroups.CSV

Above command searches for “Test” word in each group and then store the output in C:\Temp\TestGroups.CSV file.

Command 2: Exporting Security Groups by Group Type

In case you need to export a list of groups by their group type, you will execute below PowerShell command:

  • $SecGroups = Get-MsolGroup –GroupType “Security” | Export-CSV C:\Temp\SecurityGroups.CSV

Above command exports all security groups from an Office 365 Tenant and saves output in C:\Temp\SecurityGroups.CSV file.

Command 3: Checking Members of Specific Groups

If you wanted to check members of a specific group, execute below PowerShell commands:

  • $SecGroups = Get-MsolGroup –GroupType “Security”
  • Get-MsolGroupMember –GroupObjectID $SecGroups, ObjectID

As you can see in the commands above, the first PowerShell command stores the output of all Security Groups in $SecGroups variable and then next command displays the members of groups reported in the $SecGroups variable. In case you need to export output to a CSV file, simply add “Export-CSV” cmdlet as shown in the command below:

•Get-MsolGroupMember –GroupObjectID $SecGroups, ObjectID | Export-CSV C:\Temp\SecurityGroupMembers.CSV

Adding and Removing members from Office 365 Groups

It is important to note that you don’t add and remove members from Office 365 groups frequently. While Office 365 Admin center offers an intuitive portal to add and remove members from Office 365 groups, but it is worth looking at the PowerShell cmdlets that you can use to add and remove members from Office 365 Groups. When performing a bulk add or remove operation, it is always easy to do using PowerShell cmdlets.

The “Add-MsolGroupMember” PowerShell cmdlet is used to add members to Office 365 groups and “Remove-MsolGroupMember” Powershell cmdlet to remove members from Office 365 groups. Let’s take a look at some of the examples.

To add a member to an Office 365 group, you will execute below command:

  • Add-MsolGroupMember –GroupObjectID <Group ID> -GroupMemberType User –GroupMemberObjectID <User Object ID>

Note that you need to specify Object ID of both Group and member. In other words, Add-MsolGroupMember does not support specifying name of the group or member. However, when performing a bulk add operation, it is easy to do using Add-MsolGroupMember PowerShell cmdlet. For example, if you want to add users that end with “TechGenix.com” domain in their UPN to a group named “All Security Users”, you will execute below PowerShell commands:

  • $GetGroup = Get-MsolGroup | Where {$_.DisplayName –eq “All Security Users”}
  • $TechGenixUsers = Get-MsolUser | Select UserPrincipalName, ObjectID | Where {$_.UserPrincipalName –like “*TechGenix.com*”}
  • $TechGenixUsers | ForEach {Add-MsolGroupMember –GroupObjectID $GetGroup.ObjectID –GroupMemberType “User” –GroupMemberObjectID $_.ObjectID}

As you can see in the commands above, the first command gets “All Security Users” group and store its properties and values in the $GetGroup variable. Next PowerShell command gets all the users from the Office 365 Tenant, but filters only users that have “TechGenix.com” domain in their User Principal Name. Finally, third command performs the add operation using Add-MsolGroupMember PowerShell command. Final command traverses through each user, gets Object ID of the user and then add the user to the specified Office 365 group.

When it comes to remove a member from an Office 365 Group, you will use Remove-MsolGroupMember PowerShell cmdlet and similar to Add-MsolGroupMember, you will need to specify Object IDs of both Group and member. For example, to remove a single member from a specified Office 365 group, run the following commands:

  • $ThisGroupID = Get-MsolGroup –SearchString “All Security Users”
  • $ThisUserID = Get-MsolUser –UserPrincipalName “[email protected]
  • Remove-MsolGroupMember –GroupObjectID $ThisGroupID –GroupMemberType User –GroupMemberObjectID $ThisUserID

As you noticed in the commands above, we retrieved Object IDs of both Group and Member by using Get-MsolGroup and Get-MsolUser PowerShell cmdlets and then stored the Object IDs in $ThisGroupID and $ThisUserID variables respectively. Next command removes the member from the group.

Summary

In this part, we provided some more examples of Get-MsolGroup PowerShell cmdlet. We also explained how you can add and remove members from Office 365 Groups by using Add-MsolGroupMember and Remove-MsolGroupMember PowerShell cmdlets.
In next and subsequent parts of this article series, we will explain Office 365 PowerShell cmdlets that you can use to manage other aspects of an Office 365 Tenant.

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top