The Get-MgGroup cmdlet is an easy way to get and manage your Microsoft 365 groups. It allows you to get all or specific groups with their properties. The Get-MgGroup cmdlet is part of the Microsoft Graph SDK for PowerShell, which allows you to manage all Microsoft Services through a single endpoint.
In this article
In this article, we will look at how you can use the Get-MgGroup cmdlet to find and retrieve group information from Microsoft Entra.
Requirements
Before you can use the Get-MgGroup cmdlet, you need to make sure that you have installed the Microsoft Graph PowerShell module. You can read the full guide here, or use the command below to quickly install it:
Install-Module Microsoft.Graph -Force
Also, you will need to connect to Microsoft Graph with the correct scopes. To get group information, we only need the Group.Read.All scope. Read more on connecting to Microsoft Graph and using the scopes in this article.
Connect-MgGraph -Scopes 'Group.Read.All'
Getting Groups
The Get-MgGroup cmdlet allows you to find and extract group information from Microsoft Entra. There are a couple of parameters that we can use to find or filter the users:
- GroupId – Return specific group based on UPN or ObjectID
- Filter – Retrieve multiple objects based on an oDate v3 query
- Search – Get all groups that match the searchString
- All – Return all results (by default the first 100 items are returned)
- Top – Return n number of results
Good to know is that the cmdlet only returns the first 100 results by default. So make sure that you use the -All parameter to get all the results when needed.
Get Group by ID
When it comes to retrieving objects with Microsoft Graph, we often need to use the ID of the object to get it. With users, we can use the UserPrincipalName instead of the ID, but with Groups we don’t have that luxury. The GroupID parameter only accepts the actual ID.
So to get a group based on the ID, you can do the following:
Get-MgGroup -GroupId "ded414a7-89fa-4cd1-aa91-34c7d4757a4f"
Get MgGroup by Name
A more common approach is to get the group by name. But the Get-MgGroup cmdlet doesn’t have a parameter for the group name. This means that we will have to use the -Filter parameter to find the group, based on the full name or a part of it.
For the filter, we can use the following operators to get the groups:
| Operator | Description | Example |
|---|---|---|
| eq | Equals to | DisplayName eq ‘M365_E5’ |
| and | And | |
| or | Or | DisplayName eq ‘M365_E3’or DisplayName eq ‘M365_E5’ |
| startswith | String starts with | startswith(DisplayName,’M365_E3′) |
To get a group with the name “M365_E5” you should use the eq operator and filter on the display name:
Get-MgGroup -Filter "DisplayName eq 'M365_E5'"
If you don’t know the exact name, then the startswith operator is also a good option. This will get all the groups where the name starts with the given string:
Get-MgGroup -Filter "startswith(DisplayName,'M365')"
Get Dynamic Groups
One of the more difficult filters to get a grasp on, is for example to filter on the GroupTypes. Let’s say you want to get all dynamics groups from Microsoft Entra. A normal filter won’t work, because the property GroupTypes is an object.
However, we can still filter on it, using an OData filter like this:
Get-MgGroup -Filter "GroupTypes/any(x:x eq 'DynamicMembership')"
Using Advanced Filters
As you have seen above, the filter parameter is pretty limited by default. It’s however possible to use more advanced filters in the Microsoft Graph module. These advanced queries are only available for Microsoft Entra ID objects (directory objects).
To use the advanced filter, we will need to add two parameters when using the -Filter. We need to set the ConsistencyLevel to Eventual and add a Count variable. When you add these two parameters, then you can use the search operators below as well.
| Operator | Description | Example |
|---|---|---|
| ne | Not equal to | DisplayName ne ‘M365_E5’ |
| not | and Not | |
| endsWith | String ends with | endsWith(DisplayName,’E3′) |
You can find more information about the advanced query capabilities here in the Microsoft documentation.
Getting All Groups Created Last Year
With the advanced queries enabled, we can for example get all the groups that are created last year. To do this, we will filter the groups on the Created Date Time and calculate the date by subtracting one year from the current date.
Note that we have added the parameters –ConsistencyLevel eventual and -CountVariable Count to the cmdlet as well:
Get-MgGroup -Filter "CreatedDateTime ge $((Get-Date).AddYears(-1).ToString("s"))Z" -ConsistencyLevel eventual -CountVariable Count
We can now also combine this with other operators, to get for example all the groups that are created last year and where the name starts with “M365” :
Get-MgGroup -Filter "CreatedDateTime ge $((Get-Date).AddYears(-1).ToString("s"))Z and startsWith(Displayname,'M365')" -ConsistencyLevel eventual -CountVariable Count
Using Search to Find Groups
Besides the filter parameter, we can also use the -Search parameter to find groups. The parameter requires a property that you want to search on and a value. You will also need to set the -consistencylevel to eventual.
The advantage of the -search parameter is that it allows us to search on any part of the value. So for example, if want to search on a part of the name we can use :
Get-MgGroup -Search 'DisplayName:365' -ConsistencyLevel eventual
An advantage of search is that you can use it on pretty much all the properties that are returned by the cmdlet. So we can even search on the description for example:
Get-MgGroup -Search 'Description:365' -ConsistencyLevel eventual
Wrapping Up
Getting Microsoft 365 group information is pretty straightforward with the Get-MgGroup cmdlet. Make sure that you also take a look at the new Microsoft Entra PowerShell module, which makes working with Microsoft Graph a bit easier.
Hope you liked this article, if you have any questions, just drop a comment below.
Enjoying the article but hate the ads? Join the Insiders for a clean, ad-free experience ($1), or go Elite ($3) to get priority answers and more.
Join LazyAdmin