Related features:

Related Powershell Guides:

How to delete Microsoft Entra ID group owners using Remove-MgGroupOwnerByRef

Removing Microsoft Entra ID group owners

Managing Microsoft Entra ID group ownership is vital for maintaining proper administrative control and ensuring accountability. IT administrators often need to remove group owners to reflect organizational changes, enforce governance policies, or reassign responsibilities. While the Remove-MgGroupOwnerByRef PowerShell command in Microsoft Graph allows admins to remove owners using direct references, it requires scripting expertise and manual execution.

ManageEngine ADManager Plus is an identity governance and administration solution with comprehensive Microsoft Entra ID management and reporting capabilities. It offers powerful management actions to help administrators seamlessly remove Microsoft Entra ID owners in bulk without any scripting.

  • ADManager Plus
  • PowerShell
 

Remove Microsoft Entra ID group owners using ADManager Plus

  1. Log in to ADManager Plus.
  2. Navigate to Microsoft 365 > Management > Group Management.
  3. From Bulk Group Modification, select Add/Remove Microsoft 365 Group Owners.
    Note: You can also remove owners from distribution, security, mail-enabled security, or dynamic distribution groups if needed.
  4. Select the Remove Owner(s) radio button, and then select which owner you want to remove.
  5. Choose your required Microsoft 365 Tenant from the drop-down.
  6. Select the required groups or import them using CSV Import. This is an optional step if you have chosen to select groups manually, and you can skip it.
  7. Click Import Group(s).
  8. On the resulting page, select the owners you want to remove and click Apply.
Delete Microsoft Entra ID group owners using ADManager Plus reports.
 
 

Choose to remove group owners from the radio button options.

 
 

Import the CSV file containing the required data or select groups manually.

Get started

Remove owners of Microsoft Entra ID groups using Microsoft Graph PowerShell

Prerequisites

Before running the Remove-MgGroupOwnerByRef cmdlet, ensure the following requirements are met:

  • The Microsoft Graph PowerShell module is installed. If it’s not installed, use the following command:
    Install-Module Microsoft.Graph -Scope CurrentUser
  • Connect to Microsoft Graph PowerShell with the necessary permissions to manage group memberships:
    Connect-MgGraph -Scopes "Group.ReadWrite.All"

Using the Remove-MgGroupOwnerByRef cmdlet to remove Microsoft Entra ID group owners

Use the Remove-MgGroupOwnerByRef cmdlet in Microsoft Graph PowerShell to delete Microsoft Entra ID group owners. The syntax is as follows:

Remove-MgGroupOwnerByRef
-InputObject <IGroupsIdentity>
[-IfMatch <String>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-PassThru]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]

Example use case and script using the Remove-MgGroupOwnerByRef cmdlet

Example: Delete the owner of a group

Use this Graph PowerShell command to remove the owner of a Microsoft Entra ID group.

Import-Module Microsoft.Graph.Groups
Remove-MgGroupOwnerByRef -GroupId $groupId -DirectoryObjectId $directoryObjectId

Supported parameters

The table below lists key parameters that can be used with the Remove-MgGroupOwnerByRef cmdlet to remove owners of Microsoft Entra ID groups.

Parameters Description
-Confirm This is to confirm before running the cmdlet.
-DirectoryObjectId This is the unique identifier of the directory object.
-GroupID This is the unique identifier of a group.
-WhatIf This shows what would happen if the cmdlet was run.

Challenges of using Graph PowerShell scripts to remove owners of Microsoft Entra ID groups

  • IT admins must transition from Azure AD PowerShell to Graph PowerShell, which requires scripting expertise.
  • Microsoft Graph API’s throttling limits can slow down bulk data retrieval.
  • Debugging errors can be complex and time-consuming, demanding strong technical skills.
  • Without a user-friendly interface, it can be challenging to use, especially for those unfamiliar with scripting.

Highlights of using ADManager Plus to remove Microsoft Entra ID group owners

  • Effortlessly create, modify, and manage Microsoft 365 users; assign licenses in bulk; and automate provisioning without complex PowerShell scripting.
  • Easily create, modify, and delete Microsoft Entra ID groups while managing group owners and memberships through an intuitive interface.
  • Perform bulk user and group modifications, such as removing group owners and modifying memberships, without writing scripts.
  • Automate repetitive Microsoft 365 and Microsoft Entra ID group management tasks with customizable workflows, ensuring accuracy and compliance.
  • Generate prebuilt reports on Microsoft 365 users, licenses, Microsoft Entra ID groups, and ownership details, ensuring visibility and regulatory compliance.

Assign and remove Microsoft Entra ID group members and owners using ADManager Plus

Try it now for free
 
  • Removing Microsoft Entra ID group owners
  • Remove Microsoft Entra ID group owners using ADManager Plus
  • Remove owners of Microsoft Entra ID groups using Microsoft Graph PowerShell
  • Challenges of using Graph PowerShell scripts to remove Microsoft Entra ID group owners
  • Highlights of using ADManager Plus to remove Microsoft Entra ID group owners
The one-stop solution to Active Directory Management and Reporting
Highlights AD Management Active Directory Reports Exchange Management Popular products
Email Download Link