Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
Get-EntraGroupMember
Gets a member of a group.
Syntax
Default (Default)
Get-EntraGroupMember
-GroupId <String>
[-All]
[-Top <Int32>]
[-Property <String[]>]
[<CommonParameters>]
Description
The Get-EntraGroupMember cmdlet gets a member of a group in Microsoft Entra ID. Specify the GroupId parameter to get a member of a group.
In delegated scenarios, the signed-in user must have a supported Microsoft Entra role or a custom role with one of the following permissions: microsoft.directory/groups/members/read, microsoft.directory/groups/members/limitedRead, or microsoft.directory/groups/hiddenMembers/read (for hidden members). The following least privileged roles support this operation:
- Group owners
- "Member" users
- "Guest" users (with limited read permissions)
- Directory Readers
- Directory Writers
- Groups Administrator
- User Administrator (includes hidden members)
- Exchange Administrator (includes hidden members)
- SharePoint Administrator (includes hidden members)
- Intune Administrator (includes hidden members)
- Teams Administrator (includes hidden members)
- Viva Engage Administrator (includes hidden members)
To list members of a hidden group, the Member.Read.Hidden permission is also required.
Examples
Example 1: Retrieve and Select Group Member Properties
Connect-Entra -Scopes 'GroupMember.Read.All'
$group = Get-EntraGroup -Filter "DisplayName eq 'Sales and Marketing'"
Get-EntraGroup -GroupId $group.Id | Get-EntraGroupMember | Select-Object Id, DisplayName, '@odata.type'
Id DisplayName @odata.type
------------------------------------ ----------------- -------------------------------
dddddddd-3333-4444-5555-eeeeeeeeeeee Sawyer Miller #microsoft.graph.user
eeeeeeee-4444-5555-6666-ffffffffffff Alex Wilber #microsoft.graph.user
aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb My Application #microsoft.graph.servicePrincipal
cccccccc-8888-9999-0000-dddddddddddd Contoso Group #microsoft.graph.group
This example retrieves the members of a specified group by its GroupId and selects only the Id, DisplayName and @odata.type properties for each member.
-GroupIdspecifies the ID of a group.
Example 2: Get two group member
Connect-Entra -Scopes 'GroupMember.Read.All'
$group = Get-EntraGroup -Filter "DisplayName eq 'Sales and Marketing'"
Get-EntraGroupMember -GroupId $group.Id -Top 2 | Select-Object Id, DisplayName, '@odata.type'
Id DisplayName @odata.type
------------------------------------ ----------------- -------------------------------
dddddddd-3333-4444-5555-eeeeeeeeeeee Sawyer Miller #microsoft.graph.user
aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb My Application #microsoft.graph.servicePrincipal
This example demonstrates how to retrieve top two groups from Microsoft Entra ID. You can use -Limit as an alias for -Top.
-GroupIdspecifies the ID of a group.
Example 3: Get all members within a group by group ID
Connect-Entra -Scopes 'GroupMember.Read.All'
$group = Get-EntraGroup -Filter "DisplayName eq 'Sales and Marketing'"
Get-EntraGroupMember -GroupId $group.Id -All | Select-Object Id, DisplayName, '@odata.type'
Id DisplayName @odata.type
------------------------------------ ----------------- -------------------------------
dddddddd-3333-4444-5555-eeeeeeeeeeee Sawyer Miller #microsoft.graph.user
eeeeeeee-4444-5555-6666-ffffffffffff Alex Wilber #microsoft.graph.user
aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb My Application #microsoft.graph.servicePrincipal
cccccccc-8888-9999-0000-dddddddddddd Contoso Group #microsoft.graph.group
This example retrieves all members within a group by group ID.
-GroupIdspecifies the ID of a group.
Example 4: Get a group member by ID
Connect-Entra -Scopes 'GroupMember.Read.All'
$group = Get-EntraGroup -Filter "DisplayName eq 'Sales and Marketing'"
Get-EntraGroupMember -GroupId $group.Id | Select-Object Id, DisplayName, '@odata.type'
Id DisplayName @odata.type
------------------------------------ ----------------- -------------------------------
dddddddd-3333-4444-5555-eeeeeeeeeeee Sawyer Miller #microsoft.graph.user
eeeeeeee-4444-5555-6666-ffffffffffff Alex Wilber #microsoft.graph.user
aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb My Application #microsoft.graph.servicePrincipal
cccccccc-8888-9999-0000-dddddddddddd Contoso Group #microsoft.graph.group
This example demonstrates how to retrieve group member by ID.
-GroupIdSpecifies the ID of a group.
Parameters
-All
List all pages.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-GroupId
Specifies the ID of a group in Microsoft Entra ID.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | ObjectId |
Parameter sets
-Property
Specifies properties to be returned
Parameter properties
| Type: | System.String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Select |
Parameter sets
-Top
Specifies the maximum number of records to return.
Parameter properties
| Type: | System.Int32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Limit |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Related Links
Feedback
Was this page helpful?