Manage Microsoft 365 Group Owners Using PowerShell
We all know the power of Microsoft 365 groups for seamless collaboration. Since great power comes with great responsibility, monitoring group ownership changes is crucial for security. Here’s the thing: not knowing who owns a group can leave you powerless to delete it, even with your admin privilege!⚠️. As an administrator, you may need to manage Microsoft 365 group owners to control their access and permissions, such as in situations where the owner is no longer active, or the group needs to be restructured.
In this blog, we will guide you through the important PowerShell cmdlets to manage Microsoft 365 group ownership effectively. But before we start,
Here’s a breakdown of different levels of permission shared by both members and owners in a Microsoft 365 group.
| Permission | Group owner | Group member |
| 1. Add or remove members | ✅ | ❌ |
| 2. Delete conversation from the shared mailbox | ✅ | ❌ |
| 3. Change group settings | ✅ | ❌ |
| 4. Rename the group | ✅ | ❌ |
| 5. Update the description or picture | ✅ | ❌ |
| 6. Access everything in the group | ✅ | ✅ |
You can use both the PowerShell and the UI method to retrieve owner information for M365 groups. However, you can view & manage the owner of a group quickly and easily with PowerShell cmdlets.
- View & Manage Microsoft 365 Group Owners from the Admin Center
- Manage Microsoft 365 Group Ownership with PowerShell
let’s quickly run through the admin center approach to manage owners of groups in Office 365.
Step 1: Sign in to the Microsoft 365 admin center.
Step 2: Locate ‘Active teams & groups’ under ‘Teams & groups’ in the left navigation.
Step 3: You can see a list of all Microsoft 365 groups in your tenant there.
Step 4: Select the desired group for which you want to view ownership. A flyout page appears.
Step 5: Under the tab ‘Membership’, select ‘Owners’. This gives you the list of all owners with their email addresses.
Note: Here you can perform actions like adding and removing owners from the group. You are given two options for removing owners here. If you want to retain the user’s membership in the group but remove their administrative privileges, you can use the “Remove as owner” option. If you want to completely remove the user from the group, including their membership, you can use the “Remove from group” option.
You can also use the Exchange admin center to manage Microsoft 365 group owners. For this, navigate to the Exchange admin center -> Recipients -> Groups -> Owners.
Make sure to connect to the Exchange Online PowerShell and proceed with the following to manage Office 365 group owners using PowerShell. We will be covering the following operations:
- Get all owners of a Microsoft 365 group
- Export all Microsoft 365 group owners list into a CSV file
- Get all Microsoft 365 groups a user is an owner of
- Retrieve all Microsoft 365 groups without an owner
- Add an owner to a Microsoft 365 group
- Add an owner to bulk Microsoft 365 groups from CSV
- Add bulk owners to bulk Microsoft 365 groups
- Remove owners from an Office 365 group
- Remove an owner from multiple Office 365 groups
- Remove multiple owners from bulk Microsoft 365 groups
- Remove an owner from all Microsoft 365 groups
To get unified owners of a particular Microsoft 365 group, use the following cmdlet. Make sure to replace ‘Identity’ with your preferred group name/group email address.
Get-UnifiedGroupLinks -Identity "<GroupID>" -LinkType Owners | Select DisplayName, PrimarySmtpAddress
The above example gives a list of all owners with their email addresses in the Microsoft 365 group.
To export all owners for all Microsoft groups into a CSV file, run the following PowerShell script. Make sure to replace the file path in the script with your preferred location.
$GroupDetailsArray = @()
$Groups = Get-UnifiedGroup -ResultSize Unlimited | Sort-Object DisplayName
foreach ($Group in $Groups) {
$GroupName = $Group.DisplayName
$GroupEmailAddress = $Group.PrimarySmtpAddress
$Owners = Get-UnifiedGroupLinks -Identity $Group.Identity -LinkType Owners
$OwnerEmails = $Owners.PrimarySmtpAddress -join ','
$OwnerNames = $Owners.DisplayName -join ','
$GroupDetails = @{
"Group Email Address" = $GroupEmailAddress
"Group Name" = $GroupName
"Owner Email Addresses" = $OwnerEmails
"Owner Names" = $OwnerNames
}
$GroupDetailsArray += New-Object PSObject -Property $GroupDetails
Write-Progress -Activity "Retrieving group details" -Status "Processing $GroupName..."
}
# Export the array to a CSV file
$GroupDetailsArray | Export-Csv -Path "<filepath>" -NoTypeInformation
Output:
The generated CSV file contains attributes like group name, group email, owner name, and owner email.
To list all groups a user is an owner of, follow the script below. Make sure to replace the <UPN> with the user’s principal name you need to check.
$User = “<UPN>”
$Groups = Get-UnifiedGroup -ResultSize Unlimited
$UserGroups = @()
foreach ($Group in $Groups) {
$Owners = Get-UnifiedGroupLinks -Identity $Group.Identity -LinkType Owners
if ($Owners.PrimarySmtpAddress -contains $User) {
$UserGroups += $Group
}
}
$UserGroups | Select DisplayName, PrimarySmtpAddress
Managing ownerless Office 365 groups is crucial for maintaining data security. Without an owner, these groups lack oversight for membership management which can lead to potential risks such as unauthorized access and breaches. Admins need to actively identify ownerless groups to assign new owners promptly, preventing disruptions like storage quota limitations that can render groups read-only.
To retrieve all ownerless Office 365 groups, use the following cmdlet.
Get-UnifiedGroup -ResultSize Unlimited | Where-Object {-Not $_.ManagedBy}
Use the following cmdlet to add an owner to an Office 365 group using PowerShell.
Add-UnifiedGroupLinks -Identity "<GroupID>" -LinkType "Owners" -Links "<UPN>"
In the above example, the user gets added to the group as an owner.
To add an owner to bulk Microsoft 365 groups, first, you must add them as a member to all the groups and then convert them to owners. Create a CSV file containing multiple M365 groups and run the script below.
$Upn=<UserUPN>
Import-CSV "<filepath of Microsoft groups list>" | foreach {
$GroupName=$_.GroupName
Write-Progress -Activity "Adding owner to $GroupName "
Add-UnifiedGroupLinks -Identity $_.GroupName -LinkType Members -Links $Upn
Add-UnifiedGroupLinks -Identity $_.GroupName -LinkType Owners –Links $Upn
If($?)
{
Write-Host $GroupName Successfully added -ForegroundColor Green
}
Else
{
Write-Host $GroupName - Error occurred –ForegroundColor Red
}
}
The input file should be like this
To add multiple owners to multiple Microsoft 365 groups, use the script below.
$OwnerNames=Import-CSV "<file path of list of owners to be added>"
Import-CSV "<file path of list of Microsoft 365 groups" | foreach {
$GroupName=$_.GroupName
Foreach($OwnerName in $OwnerNames.OwnerName)
{
Write-Progress -Activity "Adding $OwnerName to $GroupName… "
Add-UnifiedGroupLinks -Identity $_.GroupName -LinkType Members -Links $OwnerName
Add-UnifiedGroupLinks -Identity $_.GroupName -LinkType Owners –Links $OwnerName
If($?)
{
Write-Host $OwnerName successfully added to $GroupName -ForegroundColor Green
}
Else
{
Write-Host Error occurred while adding $OwnerName to $GroupName –ForegroundColor Red
}
}
}
The first path in the script points to the CSV file containing a list of owner names, while the second path points to the CSV file containing group names/group email addresses.
To remove owners from a particular Microsoft 365 group, run the following cmdlet.
Remove-UnifiedGroupLinks -Identity "<GroupID>" -LinkType Owners -Links <UPN>
The above example removes the owner from the group. To remove multiple owners from a group at once, you can enter their names separated by commas. They are removed as group owners but remain as members of the group. This case applies to all removing scenarios listed below.
To remove an owner from bulk Microsoft 365 groups, use the following script.
$Upn=<UserUPN>
Import-CSV "<filepath>" | foreach {
$GroupName=$_.GroupName
Write-Progress -Activity "Removing owner from $GroupName "
Remove-UnifiedGroupLinks -Identity $_.GroupName -LinkType Members -Links $Upn
Remove-UnifiedGroupLinks -Identity $_.GroupName -LinkType Owners -Links $Upn
If($?)
{
Write-Host $GroupName Successfully removed -ForegroundColor Green
}
Else
{
Write-Host $GroupName - Error occurred –ForegroundColor Red
}
}
Note that using the above script to remove owners from the group will remove them as members too.
To remove bulk owners from bulk Microsoft 365 groups, utilize the script below.
$OwnerNames=Import-CSV "<filepath of list of owners>" Import-CSV "<filepath of list of groups>" | foreach { $GroupName=$_.GroupName Foreach($OwnerName in $OwnerNames.OwnerName) { Write-Progress -Activity "Removing $OwnerName from $GroupName… " Remove-UnifiedGroupLinks -Identity $_.GroupName -LinkType Members -Links $OwnerName Remove-UnifiedGroupLinks -Identity $_.GroupName -LinkType Owners -Links $OwnerName If($?) { Write-Host $OwnerName successfully removed from $GroupName -ForegroundColor Green } Else { Write-Host Error occurred while adding $OwnerName to $GroupName –ForegroundColor Red } } }
To remove an owner from all Microsoft 365 groups, use the following cmdlet. However, be aware that if you attempt to remove an owner who is the sole owner of a group, it will result in the following error.
“You can’t remove the owner from this group because the person you’re removing is currently the only owner. You need to promote another member to owner before you proceed.”
You may need to add another member as owner before proceeding.
Get-UnifiedGroup -ResultSize Unlimited | %{Remove-UnifiedGroupLinks -Identity $_.identity -LinkType Owners -Links <UPN> -Confirm:$false}
The above example will remove the user from all the Microsoft 365 groups he is an owner of. To remove multiple owners from every Microsoft 365 group, you’ll need to provide their email addresses as comma-separated values.
Level up your Microsoft 365 group ownership management game with these powerful PowerShell cmdlets. Go deep to totally own your group management with the all-in-one Microsoft 365 group report! 🚀 Thanks for reading. If you have any further queries or specific requirements, reach out to us in the comment section.
PowerShell scripts are a powerful tool for IT admins, but they can be complex and time-consuming to write and maintain. AdminDroid offers a user-friendly alternative to these scripts, streamlining Microsoft 365 group reporting. With AdminDroid, admins can effortlessly monitor ownership, membership, changes, and everything you want to know about your Microsoft 365 groups.
AdminDroid provides a comprehensive range of complimentary Microsoft 365 group reports, empowering efficient tracking of group activities within your organization. With its in-depth M365 group auditing reports, AdminDroid empowers admins to track a wide range of group activities, including membership changes, property changes, ownership & membership changes, license modifications, and even identify deleted groups efficiently.
Insights on Group dynamics provided by AdminDroid include:
- All groups report
- Group membership report
- Nested groups report
- Distribution groups and membership report
- Mail-enabled groups and security groups
- Cloud groups and synced groups
- Empty groups and groups size by member count
Group Membership:
- Office 365 Group User Members
- Distribution Group Members
- Nested Distribution Group Members
- Groups with Contacts as Members
- Office 365 Group Hidden Membership
Group Types:
- Security Groups
- Distribution Groups
- Mail Enabled Groups
- Synced Groups
- Cloud Groups
- Dynamic Distribution Groups, and more.
Moreover, for even deeper insights and robust management of your Microsoft 365 environment, the free Azure AD auditing tool helps you gain unparalleled visibility into user activities, group dynamics, and system changes. It tracks various activities, from user logins to application usage, ensuring you stay informed about every aspect of your Microsoft 365. Furthermore, with the Azure AD reporting tool, you can visualize essential metrics such as user summaries, group information, and subscription details.
Elevate your management capabilities to the next level with AdminDroid’s comprehensive Azure AD management tool. With over 1800 pre-built reports and 30+ dashboards covering all Microsoft 365 services, AdminDroid offers a premium edition free for 15 days!Experience advanced features including alerting, quick scheduling, delegation, and advanced filtering. Empower your organization by downloading AdminDroid today and discover how it can streamline your Microsoft 365 reporting and auditing processes.
