Related features:

Related Powershell Guides:

How to create new Microsoft Entra ID groups using New-MgGroup

Creating new Microsoft Entra ID groups

Creating Microsoft Entra ID groups is a fundamental task for IT admins managing user access, security, and collaboration within an organization. Whether setting up security groups, Microsoft 365 groups, or distribution lists, admins need an efficient way to create and configure them. While the New-MgGroup PowerShell command in Microsoft Graph allows admins to create groups with custom attributes, it lacks a user-friendly interface and and requires intensive scripting knowledge.

For a more efficient and user-friendly approach, ManageEngine ADManager Plus offers robust built-in management actions. Admins can quickly create and manage Microsoft Entra ID groups without writing complex PowerShell scripts. ADManager Plus even enables the creation of Microsoft Entra ID groups in bulk.

  • ADManager Plus
  • PowerShell
 

Create new Microsoft Entra ID groups using ADManager Plus

  1. Log in to ADManager Plus. Navigate to Microsoft 365 > Management > Group Management.
  2. Under Single Group Creation, select Microsoft 365 Group Creation.
  3. Select the Microsoft 365 Tenant from the drop-down menu.
  4. Select a template for group creation from the Selected Template list.
  5. There are three sections below: General, Group, and Exchange.
  6. Enter the required details such as Display Name and Primary SMTP Address. Add group members, select a group owner, and choose if you want to mail-enable the group.
  7. Click Apply once you have added the necessary details.
Create new Microsoft Entra ID groups using ADManager Plus' built-in management actions.
 
 

Select the desired Microsoft 365 tenant.

 
 

Create new templates for Microsoft Entra ID group creation.

 
 

Use the arrow buttons to navigate from one tab to another.

Get started

Create new Microsoft Entra ID groups using Microsoft Graph PowerShell

Prerequisites

Before running the New-MgGroup cmdlet, ensure the following requirements are met:

  • The Microsoft Graph PowerShell module is installed. If it’s not installed, use the following command:
    Install-Module Microsoft.Graph -Scope CurrentUser
  • Connect to Microsoft Graph PowerShell with the necessary permissions to read group details:
    Connect-MgGraph -Scopes "Group.Read.All"

Using the New-MgGroup cmdlet to create new Microsoft Entra ID groups

Use the New-MgGroup cmdlet in Microsoft Graph PowerShell to create new Microsoft Entra ID groups. The syntax is as follows:

New-MgGroup [-ResponseHeadersVariable <String>]
[-AcceptedSenders <IMicrosoftGraphDirectoryObject[]>]
[-AdditionalProperties <Hashtable>]
[-AllowExternalSenders]
[-AppRoleAssignments <IMicrosoftGraphAppRoleAssignment[]>]
[-AssignedLabels <IMicrosoftGraphAssignedLabel[]>]
[-AssignedLicenses <IMicrosoftGraphAssignedLicense[]>]
[-AutoSubscribeNewMembers]
[-Calendar <IMicrosoftGraphCalendar>]
[-CalendarView <IMicrosoftGraphEvent[]>]
[-Classification <String>]
[-Conversations <IMicrosoftGraphConversation[]>]
[-CreatedDateTime <DateTime>]
[-CreatedOnBehalfOf <IMicrosoftGraphDirectoryObject>]
[-DeletedDateTime <DateTime>]
[-Description <String>]
[-DisplayName <String>]
[-Drive <IMicrosoftGraphDrive>]
[-Drives <IMicrosoftGraphDrive[]>]
[-Events <IMicrosoftGraphEvent[]>]
[-ExpirationDateTime <DateTime>]
[-Extensions <IMicrosoftGraphExtension[]>]
[-GroupLifecyclePolicies <IMicrosoftGraphGroupLifecyclePolicy[]>]
[-GroupTypes <String[]>]
[-HasMembersWithLicenseErrors]
[-HideFromAddressLists]
[-HideFromOutlookClients]
[-Id <String>]
[-IsArchived]
[-IsAssignableToRole]
[-IsManagementRestricted]
[-IsSubscribedByMail]
[-LicenseProcessingState <IMicrosoftGraphLicenseProcessingState>]
[-Mail <String>]
[-MailEnabled]
[-MailNickname <String>]
[-MemberOf <IMicrosoftGraphDirectoryObject[]>]
[-Members <IMicrosoftGraphDirectoryObject[]>]
[-MembersWithLicenseErrors <IMicrosoftGraphDirectoryObject[]>]
[-MembershipRule <String>]
[-MembershipRuleProcessingState <String>]
[-OnPremisesDomainName <String>]
[-OnPremisesLastSyncDateTime <DateTime>]
[-OnPremisesNetBiosName <String>]
[-OnPremisesProvisioningErrors <IMicrosoftGraphOnPremisesProvisioningError[]>]
[-OnPremisesSamAccountName <String>]
[-OnPremisesSecurityIdentifier <String>]
[-OnPremisesSyncEnabled]
[-Onenote <IMicrosoftGraphOnenote>]
[-Owners <IMicrosoftGraphDirectoryObject[]>]
[-PermissionGrants <IMicrosoftGraphResourceSpecificPermissionGrant[]>]
[-Photo <IMicrosoftGraphProfilePhoto>]
[-Photos <IMicrosoftGraphProfilePhoto[]>]
[-Planner <IMicrosoftGraphPlannerGroup>]
[-PreferredDataLocation <String>]
[-PreferredLanguage <String>]
[-ProxyAddresses <String[]>]
[-RejectedSenders <IMicrosoftGraphDirectoryObject[]>]
[-RenewedDateTime <DateTime>]
[-SecurityEnabled]
[-SecurityIdentifier <String>]
[-ServiceProvisioningErrors <IMicrosoftGraphServiceProvisioningError[]>]
[-Settings <IMicrosoftGraphGroupSetting[]>]
[-Sites <IMicrosoftGraphSite[]>]
[-Team <IMicrosoftGraphTeam>]
[-Theme <String>]
[-Threads <IMicrosoftGraphConversationThread[]>]
[-TransitiveMemberOf <IMicrosoftGraphDirectoryObject[]>]
[-TransitiveMembers <IMicrosoftGraphDirectoryObject[]>]
[-UniqueName <String>]
[-UnseenCount <Int32>]
[-Visibility <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]

Example use case and script using the New-MgGroup cmdlet

Example: How to create a new Microsoft Entra ID group

New-MgGroup -DisplayName 'Test Group' -MailEnabled:$False -MailNickName 'testgroup' -SecurityEnabled

Supported parameters

The table below lists key parameters that can be used with the New-MgGroup cmdlet to efficiently create new Microsoft Entra ID groups.

Parameters Description
- AcceptedSenders This identifies the users or groups authorized to create posts or calendar events in the group.
-AdditionalProperties This specifies the additional parameters.
-AllowExternalSenders This specifies whether individuals outside the organization can send messages to the group.
-AppRoleAssignments This indicates the app roles assigned to a group for an app.
-AssignedLicenses This shows the licenses that are granted to the group.
-Confirm This prompts the a dmin for a confirmation before running the cmdlet.

Challenges of using Graph PowerShell scripts to create new Microsoft Entra ID groups

  • Assigning the right roles and permissions is challenging, as some commands require elevated privileges that may not be easily granted.
  • Microsoft enforces API rate limits, which can disrupt bulk operations and require retry logic to prevent failures.
  • Not all Microsoft Graph capabilities have dedicated PowerShell cmdlets, requiring manual API calls for certain operations.
  • Admins require extensive PowerShell skills to make the shift from Azure AD PowerShell to Microsoft Graph PowerShell.

Highlights of using ADManager Plus to create Microsoft Entra ID groups

  • Manage both on-premises Active Directory and Microsoft Entra ID from a single console.
  • Perform management actions effortlessly with an intuitive UI instead of running PowerShell scripts.
  • Easily perform various tasks in bulk using CSV imports and templates.
  • Automate routine tasks and set up-approval based workflows.
  • Track changes in your organization with detailed reports for compliance and auditing purposes.

Seamlessly create, update, and delete Microsoft Entra ID groups using ADManager Plus.

Try it now for free
 
  • Creating new Microsoft Entra ID groups
  • Create new Microsoft Entra ID groups using ADManager Plus
  • Create new Microsoft Entra ID groups using Microsoft Graph PowerShell
  • Challenges of using Graph PowerShell scripts to create Microsoft Entra ID groups
  • Highlights of using ADManager Plus to create Microsoft Entra ID groups
The one-stop solution to Active Directory Management and Reporting
Highlights AD Management Active Directory Reports Exchange Management Popular products
Email Download Link