Deep Dive Into Office 365 PowerShell Cmdlets (Part 10)

by [Published on 26 April 2017 / Last Updated on 26 April 2017]

This is Part 10 of our “Deep Dive into Office 365 PowerShell Cmdlets” article series.


If you would like to read the other parts in this article series please go to:


In Part 9 of this article series, we provided a PowerShell script that you can use to collect health status of groups that sync from On-Premises Active Directory. PowerShell script that we explained in the earlier part uses Get-MsolGroup PowerShell cmdlet that helps you check health status of Groups by checking two important properties ValidationStatus and DirSyncProvisioningErrors properties. If script doesn’t find “Healthy” value in the “ValidationStatus” property, it reports the Group name and its current status in the CSV file generated by the script.

In part 10 of this article series, we will explain some more examples of using Get-MsolGroup PowerShell cmdlet and then move on to using Add-MsolGroupMember and Remove-MsolGroupMember PowerShell cmdlets to add and remove members to the groups in an Office 365 Tenant. Let’s take a look at some of the examples of using Get-MsolGroup PowerShell cmdlet.


Command 1: Displaying Groups that start with a specific name

In case you need to retrieve a list of groups that start only with a specific word, you will use below PowerShell command.

  • Get-MsolGroup | Where-Object {$_.DisplayName –like “*Test*”} | Export-CSV C:\Temp\TestGroups.CSV


Above command searches for “Test” word in each group and then store the output in C:\Temp\TestGroups.CSV file.


Command 2: Exporting Security Groups by Group Type

In case you need to export a list of groups by their group type, you will execute below PowerShell command:

  • $SecGroups = Get-MsolGroup –GroupType “Security” | Export-CSV C:\Temp\SecurityGroups.CSV


Above command exports all security groups from an Office 365 Tenant and saves output in C:\Temp\SecurityGroups.CSV file.


Command 3: Checking Members of Specific Groups

If you wanted to check members of a specific group, execute below PowerShell commands:

  • $SecGroups = Get-MsolGroup –GroupType “Security”
  • Get-MsolGroupMember –GroupObjectID $SecGroups, ObjectID


As you can see in the commands above, the first PowerShell command stores the output of all Security Groups in $SecGroups variable and then next command displays the members of groups reported in the $SecGroups variable. In case you need to export output to a CSV file, simply add “Export-CSV” cmdlet as shown in the command below:

•Get-MsolGroupMember –GroupObjectID $SecGroups, ObjectID | Export-CSV C:\Temp\SecurityGroupMembers.CSV


Adding and Removing members from Office 365 Groups

It is important to note that you don’t add and remove members from Office 365 groups frequently. While Office 365 Admin center offers an intuitive portal to add and remove members from Office 365 groups, but it is worth looking at the PowerShell cmdlets that you can use to add and remove members from Office 365 Groups. When performing a bulk add or remove operation, it is always easy to do using PowerShell cmdlets.

The “Add-MsolGroupMember” PowerShell cmdlet is used to add members to Office 365 groups and “Remove-MsolGroupMember” Powershell cmdlet to remove members from Office 365 groups. Let’s take a look at some of the examples.

To add a member to an Office 365 group, you will execute below command:

  • Add-MsolGroupMember –GroupObjectID <Group ID> -GroupMemberType User –GroupMemberObjectID <User Object ID>


Note that you need to specify Object ID of both Group and member. In other words, Add-MsolGroupMember does not support specifying name of the group or member. However, when performing a bulk add operation, it is easy to do using Add-MsolGroupMember PowerShell cmdlet. For example, if you want to add users that end with “TechGenix.com” domain in their UPN to a group named “All Security Users”, you will execute below PowerShell commands:

  • $GetGroup = Get-MsolGroup | Where {$_.DisplayName –eq “All Security Users”}
  • $TechGenixUsers = Get-MsolUser | Select UserPrincipalName, ObjectID | Where {$_.UserPrincipalName –like “*TechGenix.com*”}
  • $TechGenixUsers | ForEach {Add-MsolGroupMember –GroupObjectID $GetGroup.ObjectID –GroupMemberType “User” –GroupMemberObjectID $_.ObjectID}


As you can see in the commands above, the first command gets “All Security Users” group and store its properties and values in the $GetGroup variable. Next PowerShell command gets all the users from the Office 365 Tenant, but filters only users that have “TechGenix.com” domain in their User Principal Name. Finally, third command performs the add operation using Add-MsolGroupMember PowerShell command. Final command traverses through each user, gets Object ID of the user and then add the user to the specified Office 365 group.

When it comes to remove a member from an Office 365 Group, you will use Remove-MsolGroupMember PowerShell cmdlet and similar to Add-MsolGroupMember, you will need to specify Object IDs of both Group and member. For example, to remove a single member from a specified Office 365 group, run the following commands:

  • $ThisGroupID = Get-MsolGroup –SearchString “All Security Users”
  • $ThisUserID = Get-MsolUser –UserPrincipalName “Nirmalks@TechGenix.com
  • Remove-MsolGroupMember –GroupObjectID $ThisGroupID –GroupMemberType User –GroupMemberObjectID $ThisUserID


As you noticed in the commands above, we retrieved Object IDs of both Group and Member by using Get-MsolGroup and Get-MsolUser PowerShell cmdlets and then stored the Object IDs in $ThisGroupID and $ThisUserID variables respectively. Next command removes the member from the group.


Summary

In this part, we provided some more examples of Get-MsolGroup PowerShell cmdlet. We also explained how you can add and remove members from Office 365 Groups by using Add-MsolGroupMember and Remove-MsolGroupMember PowerShell cmdlets.
In next and subsequent parts of this article series, we will explain Office 365 PowerShell cmdlets that you can use to manage other aspects of an Office 365 Tenant.

See Also


The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal Sharma is a MCSEx3, MCITP and was awarded the Microsoft MVP award in Directory Services and Windows Networking. He specializes in Microsoft Azure, Office 365, Directory Services, Failover Clusters, Hyper-V, PowerShell Scripting and System Center products. Nirmal has been involved with Microsoft Technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites and contributing to PowerShell-based Dynamic Packs for www.ITDynamicPacks.Net solutions.