Get Office 365 group (unified group) and Azure AD Group owner details or generate a report

This post discusses how can we see who is the owner of the office 365 group (Unified Group) or Azure AD group

We can see this information either using the Azure AD PowerShell module or using the Exchange
Online PowerShell module In this post I will cover the method using AzureAD PowerShell method

Connect to AzureAD.

PS:5 >Connect-AzureAD
Now get the group, we can use the search string option, search string option supports short string and full email address as well as showing in the example below.

PS:5 >Get-AzureADGroup -SearchString "Test"

ObjectId                             DisplayName Description
--------                             ----------- -----------
5e3c1eaf-27d2-4c2a-a5a1-9f282c3c93ea Test        Test
5e1d3557-0a43-4db1-8f84-e82942377524 test5       all team members

PS:10 >Get-AzureADGroup -SearchString "Test@Brocode.gq"

ObjectId                             DisplayName Description
--------                             ----------- -----------
5e3c1eaf-27d2-4c2a-a5a1-9f282c3c93ea Test        Test

Now once we have the object ID we can get the owner details using below CMD.

[C:\]
PS:6 >Get-AzureADGroupOwner -ObjectId 5e3c1eaf-27d2-4c2a-a5a1-9f282c3c93ea

ObjectId                             DisplayName    UserPrincipalName             UserType
--------                             -----------    -----------------             --------
6456ac07-efa9-424f-b5d8-d22b536ab048 Admin          Admin@Brocode.onmicrosoft.com Member
0aaf7760-210c-42fb-8e44-6ee587e2153d Prateek Nayyar nayyar.prateek@Brocode.gq     Member
To short this full exercise we can combine them using something like this.

PS:13 >Get-AzureADGroupOwner -ObjectId $(Get-AzureADGroup -SearchString "Test@Brocode.gq").ObjectID
ObjectId                             DisplayName    UserPrincipalName             UserType
--------                             -----------    -----------------             --------
6456ac07-efa9-424f-b5d8-d22b536ab048 Admin          Admin@Brocode.onmicrosoft.com Member
0aaf7760-210c-42fb-8e44-6ee587e2153d Prateek Nayyar nayyar.prateek@Brocode.gq     Member

Or to make it easier, create a function and add to your function kitty to call it any time.

PS:14 >function GetO365GroupOwner ($O365Group) {Get-AzureADGroupOwner -ObjectId $(Get-AzureADGroup -SearchString $O365Group).ObjectID}
PS:15 >GetO365GroupOwner -O365Group test@brocode.gq

ObjectId                             DisplayName    UserPrincipalName             UserType
--------                             -----------    -----------------             --------
6456ac07-efa9-424f-b5d8-d22b536ab048 Admin          Admin@Brocode.onmicrosoft.com Member
0aaf7760-210c-42fb-8e44-6ee587e2153d Prateek Nayyar nayyar.prateek@Brocode.gq     Member

Further to get the owner of multiple groups or all groups you can loop them tough this CMD.

Below script gets all the groups which are mail-enabled, to target the o365 group you just need the mail-enabled or likewise if you don't need the mail-enabled and need the security group only you can skip the mail-enabled.
$Groups = Get-AzureADGroup -All $true
$groups = $Groups | ? {$_.mailenabled -ne $false}
$report= @()
foreach ($group in $Groups) { 
Write-host "Processting Group: $($group.DisplayName)"
$owners = Get-AzureADGroupOwner -ObjectId $group.objectID
$data = $owners | Select @{n="GroupName";E={$group.DisplayName}}, `
@{n="GroupEmailAddress";E={$group.mail}}, `
@{n="OwnerDisplayName";E={$_.DisplayName}}, `
 @{n="OwnerEmailAddress";E={$_.UserPrincipalName}}                     
$report+=$data
}
$report | Export-csv "O365Group-Owner-Details.csv" -notype

Comments