Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
Get-EntraUserGroup
Retrieves the list of groups a user belongs to.
Syntax
GetQuery (Default)
Get-EntraUserGroup
-UserId <String>
[-All]
[-Filter <String>]
[-Top <Int32>]
[-Property <String[]>]
[<CommonParameters>]
GetById
Get-EntraUserGroup
-UserId <String>
-GroupId <String>
[<CommonParameters>]
Append
Get-EntraUserGroup
-UserId <String>
-Property <String[]>
-AppendSelected
[-All]
[-Filter <String>]
[-Top <Int32>]
[<CommonParameters>]
Description
The Get-EntraUserGroup cmdlet retrieves a list of groups to which a user belongs.
Examples
Example 1: Get a list of groups to which a specific user belongs
Connect-Entra -Scopes 'GroupMember.Read.All', 'Group.Read.All', 'Directory.Read.All'
Get-EntraUserGroup -UserId 'SawyerM@contoso.com'
DisplayName Id MailNickname Description GroupTypes
----------- -- ------------ ----------- ----------
Contoso Marketing hhhhhhhh-3333-5555-3333-qqqqqqqqqqqq ContosoMarketing Contoso Marketing {Unified}
Mark 8 Project Team pppppppp-4444-0000-8888-yyyyyyyyyyyy Mark8ProjectTeam Mark 8 Project Team {Unified}
Leadership tttttttt-0000-3333-9999-mmmmmmmmmmmm Leadership Leadership {Unified}
Sales and Marketing qqqqqqqq-5555-0000-1111-hhhhhhhhhhhh SalesAndMarketing Sales and Marketing {Unified}
Retail aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Retail Retail {Unified}
This cmdlet retrieves a list of groups to which a specific user belongs.
Example 2: Get a list of groups to which a specific user belongs using the All parameter
Connect-Entra -Scopes 'GroupMember.Read.All', 'Group.Read.All', 'Directory.Read.All'
Get-EntraUserGroup -UserId 'SawyerM@contoso.com' -All
DisplayName Id MailNickname Description GroupTypes
----------- -- ------------ ----------- ----------
Contoso Marketing hhhhhhhh-3333-5555-3333-qqqqqqqqqqqq ContosoMarketing Contoso Marketing {Unified}
Mark 8 Project Team pppppppp-4444-0000-8888-yyyyyyyyyyyy Mark8ProjectTeam Mark 8 Project Team {Unified}
Leadership tttttttt-0000-3333-9999-mmmmmmmmmmmm Leadership Leadership {Unified}
Sales and Marketing qqqqqqqq-5555-0000-1111-hhhhhhhhhhhh SalesAndMarketing Sales and Marketing {Unified}
Retail aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Retail Retail {Unified}
This cmdlet retrieves a list of groups to which a specific user belongs using the All parameter.
Example 3: Get a group to which a specific user belongs
Connect-Entra -Scopes 'GroupMember.Read.All', 'Group.Read.All', 'Directory.Read.All'
Get-EntraUserGroup -UserId 'SawyerM@contoso.com' -Top 1
DisplayName Id MailNickname Description GroupTypes
----------- -- ------------ ----------- ----------
Contoso Marketing hhhhhhhh-3333-5555-3333-qqqqqqqqqqqq ContosoMarketing Contoso Marketing {Unified}
This cmdlet retrieves a group to which a specific user belongs. You can use -Limit as an alias for -Top.
Example 4: Get a list of groups to which a specific user belongs using the group ID parameter
Connect-Entra -Scopes 'GroupMember.Read.All', 'Group.Read.All', 'Directory.Read.All'
$group = Get-EntraGroup -Filter "DisplayName eq 'Contoso Marketing'"
Get-EntraUserGroup -UserId 'SawyerM@contoso.com' -GroupId $group.Id
DisplayName Id MailNickname Description GroupTypes
----------- -- ------------ ----------- ----------
Contoso Marketing hhhhhhhh-3333-5555-3333-qqqqqqqqqqqq ContosoMarketing Contoso Marketing {Unified}
This cmdlet retrieves a list of groups to which a specific user belongs using the group ID parameter.
-GroupIdparameter specifies the group ID.
Example 5: Get a list of groups to which a specific user belongs and select specific properties.
Connect-Entra -Scopes 'GroupMember.Read.All', 'Group.Read.All', 'Directory.Read.All'
Get-EntraUserGroup -UserId 'SawyerM@contoso.com' -Property id,displayName,mailNickName -Debug | Select-Object displayName,id,mailNickName
DisplayName Id MailNickname
----------- -- ------------
Contoso Marketing hhhhhhhh-3333-5555-3333-qqqqqqqqqqqq ContosoMarketing
Contoso Sales qqqqqqqq-5555-0000-1111-hhhhhhhhhhhh ContosoSales
Contoso Digital aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb ContosoDigital
This cmdlet returns specific properties in the list of groups to which a specific user belongs to.
Example 6: Get a list of groups to which a specific user belongs and append the selected properties
Connect-Entra -Scopes 'GroupMember.Read.All', 'Group.Read.All', 'Directory.Read.All'
Get-EntraUserGroup -UserId 'SawyerM@contoso.com' -Property AssignedLabels -AppendSelected | Select-Object id,displayName,createdDateTime,deletedDateTime,groupTypes,mailEnabled,mailNickname,securityEnabled,visibility,description,AssignedLabels
Id : hhhhhhhh-3333-5555-3333-qqqqqqqqqqqq
DisplayName : Contoso Marketing
CreatedDateTime : 22/08/2024 03:02:41
DeletedDateTime :
GroupTypes : {Unified}
MailEnabled : True
MailNickname : ContosoMarketing
SecurityEnabled : False
Visibility : Public
Description :
AssignedLabels : {TagA,TagB}
Id : qqqqqqqq-5555-0000-1111-hhhhhhhhhhhh
DisplayName : Contoso Sales
CreatedDateTime : 22/08/2024 06:18:23
DeletedDateTime :
GroupTypes : {Unified}
MailEnabled : True
MailNickname : ContosoSales
SecurityEnabled : False
Visibility : Public
Description : Description of Contoso Sales
AssignedLabels : {TagA,TagB}
Id : aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb
DisplayName : Contoso Digital
CreatedDateTime : 22/08/2024 06:20:00
DeletedDateTime :
GroupTypes : {Unified}
MailEnabled : True
MailNickname : ContosoDigital
SecurityEnabled : False
Visibility : Public
Description : Description of Contoso Digital
AssignedLabels : {TagA,TagB}
We only selected one property using the Property parameter, but the response has more properties since AppendSelected parameter appended default properties to the selected properties.
Parameters
-All
List all pages.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-AppendSelected
Specifies whether to append the selected properties.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Filter
Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-GroupId
The unique ID of the group.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | DirectoryObjectId |
Parameter sets
-Property
Specifies properties to be returned
Parameter properties
| Type: | System.String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Select |
Parameter sets
-Top
The maximum number of groups a user belongs to.
Parameter properties
| Type: | System.Int32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Limit |
Parameter sets
-UserId
Specifies the ID of a user's UserPrincipalName or UserId in Microsoft Entra ID.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | ObjectId, UPN, Identity, UserPrincipalName |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Outputs
System.Object
Related Links
Feedback
Was this page helpful?