Related features:

Related Powershell Guides:

How to get Microsoft Entra ID users' group memberships using the Get-MgUserMemberOf cmdlet

Getting Microsoft Entra ID user group memberships

Knowing which groups a user is a member of is essential for access control, compliance, and troubleshooting. While Microsoft Graph PowerShell's Get-MgUserMemberOf cmdlet can help retrieve this information, it comes with the usual challenges of scripting—complex syntax, elevated permissions, and limited report formatting options.

Get-MgUserMemberOf cmdlet in Microsoft Graph PowerShell

Prerequisites

Before using the Get-MgUserMemberOf cmdlet:

  • Ensure Microsoft Graph PowerShell module is installed. If not, install it using this script:
    Install-Module Microsoft.Graph -Scope CurrentUser
  • Connect to Microsoft Graph PowerShell with the required permissions to view group memberships.
    Connect-MgGraph -Scopes "User.Read.All", "Group.Read.All"

Using the Get-MgUserMemberOf cmdlet

This cmdlet lists the groups that a specific user is a direct member of:

Get-MgUserMemberOf -UserId "john@zkyy.com"

Example use cases and scripts

Example 1: List group memberships for a single user

Get-MgUserMemberOf -UserId "jane@zkyy.com"

Example 2: Filter group memberships by type (e.g., Security)

Get-MgUserMemberOf -UserId "Ash@zkyy.com" | Where-Object {$_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.group"}

Example 3: Export group memberships to CSV

Get-MgUserMemberOf -UserId "Tessa@zkyy.com" | Select-Object Id, DisplayName | Export-Csv -Path "group-memberships.csv" -NoTypeInformation

Supported parameters

Parameters Description
-UserId This parameter is used to specify the unique identifier of the user to fetch group memberships.
-All This parameter retrieves all results.

Limitations of using Graph PowerShell scripts for Microsoft Entra ID reporting

  • Requires understanding of nested object properties and type filters.
  • No built-in filtering for group types such as Microsoft 365 and security groups, unless scripted manually.
  • Reports are plain-text unless manually formatted and exported.
  • No built-in scheduling or email alerts.
  • Not intuitive for help desk or non-technical users.

Why ADManager Plus is the better alternative for Microsoft Entra ID reporting

  • Generate comprehensive reports on Microsoft Entra ID users, groups, licenses, and more in a few clicks, eliminating the need for complex PowerShell scripts.
  • Filter reports based on various attributes and export data in multiple formats such as CSV, PDF, and HTML for easy sharing and documentation.
  • Identify risky Microsoft 365 objects and proactively mitigate associated risks.
  • Schedule reports to run automatically, ensuring continuous visibility and compliance without manual intervention.

Generate comprehensive Microsoft Entra ID reports with ADManager Plus

Try it now for free
 
  • Getting Microsoft Entra ID user group memberships
  • Get-MgUserMemberOf cmdlet in Microsoft Graph PowerShell
  • Limitations of using Graph PowerShell scripts for Entra ID reporting
  • Why ADManager Plus is the better alternative for Entra ID reporting
The one-stop solution to Active Directory Management and Reporting
Highlights AD Management Active Directory Reports Exchange Management Popular products
Email Download Link