Related features:

Related Powershell Guides:

How to delete Microsoft Entra ID group members using Remove-MgGroupMemberByRef

Removing Microsoft Entra ID group members

Managing Microsoft Entra ID group memberships is crucial for maintaining proper access control and security within an organization. IT administrators often need to remove specific users or devices from groups to revoke access or enforce policy changes. While the Remove-MgGroupMemberByRef PowerShell command in Microsoft Graph allows admins to delete group members using direct references, it requires scripting expertise and manual execution.

For a more efficient and user-friendly approach, ManageEngine ADManager Plus, an identity governance and administration solution with comprehensive Microsoft Entra ID management and reporting capabilities, offers a no-code solution. With its intuitive interface and powerful management actions, administrators can seamlessly remove users from Microsoft Entra ID groups, enforce access policies, and maintain security without the complexity of PowerShell scripting.

  • ADManager Plus
  • PowerShell
 

Delete Microsoft Entra ID group members using ADManager Plus

  1. Log in to ADManager Plus.
  2. Navigate to Microsoft 365 > Management > Group Management.
  3. From Group Member Management, select Add/Remove Group Members using CSV.
  4. Choose your required Microsoft 365 Tenant from the drop-down.
  5. Import the groups or members that you want to modify using CSV Import.
  6. Click Import Group(s)/Member(s).
  7. On the Group(s)/Member(s) Data Imported from CSV file page, select the members that you want to remove and click Apply.
Delete Microsoft Entra ID group members using ADManager Plus reports.
 
 

View the supported LDAP headers that can be specified in the CSV file.

 
 

Import the CSV file containing the required data.

Get started

Delete members of Microsoft Entra ID groups using Microsoft Graph PowerShell

Prerequisites

Before running the Remove-MgGroupMemberByRef cmdlet, ensure the following requirements are met:

  • The Microsoft Graph PowerShell module is installed. If it’s not installed, use the following command:
    Install-Module Microsoft.Graph -Scope CurrentUser
  • Connect to Microsoft Graph PowerShell with the necessary permissions to manage group memberships:
    Connect-MgGraph -Scopes "GroupMember.ReadWrite.All"

Using the Remove-MgGroupMemberByRef cmdlet to remove Microsoft Entra ID group members

Use the Remove-MgGroupMemberByRef cmdlet in Microsoft Graph PowerShell to delete Microsoft Entra ID group members. The syntax is as follows:

Remove-MgGroupMemberByRef
-InputObject <IGroupsIdentity>
[-IfMatch <String>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-PassThru]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]

Example use case and script using the Remove-MgGroupMemberByRef cmdlet

Example: Delete members of a group

Use this Graph PowerShell command to remove members from a Microsoft Entra ID group.

Import-Module Microsoft.Graph.Groups
Remove-MgGroupMemberByRef -GroupId $groupId -DirectoryObjectId $directoryObjectId

Supported parameters

The table below lists key parameters that can be used with the Remove-MgGroupMemberByRef cmdlet to remove Microsoft Entra ID group members.

Parameters Description
-Confirm This you to confirm before running the cmdlet.
-DirectoryObjectId This is the unique identifier of the directory object.
-GroupId This is the unique identifier of a group.
-WhatIf This shows what would happen if the cmdlet was run.

Challenges of using Graph PowerShell scripts to delete Microsoft Entra ID group members

  • IT admins need to switch from Azure AD PowerShell to Graph PowerShell and this requires PowerShell scripting knowledge.
  • The Microsoft Graph API has throttling limits that can slow down bulk data retrieval.
  • Debugging errors can be challenging and time-consuming, requiring technical skills.
  • The lack of a user-friendly interface makes it difficult to use, especially for those new to scripting.

Highlights of using ADManager Plus to delete Microsoft Entra ID group members

  • ADManager Plus offers built-in management actions to help administrators perform various Microsoft 365 tasks.
  • Perform bulk management actions effortlessly without the need for any complicated scripts.
  • Create, delete, and manage Microsoft Entra ID groups without any complex powerShell scripts.
  • Automate repetitive tasks and configure approval-based workflows.
  • Monitor organizational changes with detailed reports for compliance and audits.

Easily manage Microsoft Entra ID groups in a few clicks using ADManager Plus

Try it now for free
 
  • Removing Microsoft Entra ID group members
  • Delete Microsoft Entra ID group members using ADManager Plus
  • Delete members of Microsoft Entra ID groups using Microsoft Graph PowerShell
  • Challenges of using Graph PowerShell scripts to delete Microsoft Entra ID group members
  • Highlights of using ADManager Plus to delete Microsoft Entra ID group members
The one-stop solution to Active Directory Management and Reporting
Highlights AD Management Active Directory Reports Exchange Management Popular products
Email Download Link