How to remove an Azure AD group owner using PowerShell scripts

Administrators use Azure Active Directory (AD) groups to manage users and their permissions collectively. When users change roles within an organization, privileged permissions like ownership of groups need to be changed. The cmdlet in the table below can be used to remove an owner from an Azure AD group. ADManager Plus, a unified Active Directory, Microsoft 365, Exchange, and Google Workspace management and reporting tool, can also be used to accomplish this task.

The following table is a comparison on how to remove an owner from an Azure AD Group using PowerShell scripts and ADManager Plus.

Azure PowerShell

Steps to remove an owner from an Azure AD group using PowerShell scripts:

  1. Note down the required parameters (ObjectId, OwnerId, InformationAction, InformationVariable, and other CommonParameters) for removing the group.
  2. Execute the following PowerShell script with the required parameters and their values.
 Copied
Remove-AzureADGroupOwner
-ObjectId <ObjectId>
-OwnerId <OwnerId>
[-InformationAction <ActionPreference>]
[-InformationVariable <Var>]
[<CommonParameters>]
Click to copy entire script

Where <ObjectId> refers to the ID of the group, <OwnerId> refers to the ID of the owner of the group, <ActionPreference> describes the way in which this cmdlet reacts to an information event, and <var> refers to the information variable.

ADManager Plus

Steps to remove an owner from an Azure AD group using ADManager Plus:

  1. Log in to ADManager Plus and navigate to Microsoft 365 tab > Management > Group Management.
  2. Under Bulk Group Modification, click Add / Remove Microsoft 365 Group Owners.
  3. Select the Remove Owner(s) radio button, and select the owners you wish to remove. Select the desired Microsoft 365 tenant from the Microsoft 365 Tenant drop-down list.
  4. Under Find Group(s) to Modify, select the group(s) for which you wish to remove owners. Click Find.
  5. Select the group(s) and click Apply.
How to remove an Azure AD group owner using PowerShell scripts
 

Limitations of using PowerShell scripts to remove an Azure AD group owner

  • Administrators must have sufficient permissions to modify memberships of Azure AD groups if they wish to use the above-mentioned PowerShell script. However, one wrong move from the administrator can affect the security posture of your organization.
  • Only technicians with PowerShell expertise can execute this command.
  • To identify the group owner(s) to be removed, admins will have to manually make note of the ObjectIds of the owner(s) and run the script(s) for removing each of these owners. Not targeting the correct owner(s) can lead to unintended changes.
  • PowerShell scripts are time-consuming and can affect productivity.

Benefits of using ADManager Plus:

  • ADManager Plus provides you with group modification templates that simplify the process of group modification in bulk. This can save a considerable amount of time and effort when dealing with a large number of groups and ownership changes.
  • ADManager Plus provides a user-friendly web-based interface that simplifies complex AD management tasks, including managing group ownership.
  • Management actions come built-in with ADManager Plus and can be performed at the click of a button.

ADManager Plus' automation feature allows the admins to schedule ownership changes at specific times and trigger the removal of the owner based on predefined conditions.

Hassle-free Azure AD group membership management

  Get 30-day free trial.
  • Embark on your script-free AD management, reporting, and automation journey with ADManager Plus.
  •  
  • By clicking 'Start your free trial now', you agree to processing of personal data according to the Privacy Policy.
  • Thanks
  • Your download should begin automatically in 15 seconds. If not, click here to download manually.

Related Powershell How-to Guides:

The one-stop solution toActive Directory Management and Reporting

Email Download Link