How to get Microsoft Entra ID group members using Get-MgGroupMember

Getting Microsoft Entra ID group members

Keeping an eye on group memberships in Microsoft Entra ID is essential for ensuring that the right users and devices have the appropriate permissions to resources. IT teams often need to retrieve group members to audit permissions, enforce access control, or manage access rights within the organization. Microsoft Graph PowerShell commands like Get-MgGroupMember allow administrators to list group members, but this process requires complex scripts and manual effort.

On the other hand, ManageEngine ADManager Plus offers a streamlined, script-free solution for retrieving and managing group memberships. With several built-in reports and management actions, you can easily view, modify, and track Microsoft Entra ID group members without the need for scripting.

ADManager Plus
PowerShell

Get the Microsoft Entra ID group members' list using ADManager Plus

Log in to ADManager Plus.
Navigate to Microsoft 365 > Reports > Group Reports.
From General Group Reports, select Group Members.
Choose your required Microsoft 365 Tenant from the drop-down.
Select domains or groups to further filter the report using the Filter By drop-down.
Click Generate Now.

Get Microsoft Entra ID group members using ADManager Plus reports.

Filter the report based on domains and groups.

Schedule automatic report generation and export to various formats.

Filter the report further according to the requirement.

Get started

Get members of Microsoft Entra ID groups using Microsoft Graph PowerShell

Prerequisites

Before running the Get-MgGroupMember cmdlet, ensure the following requirements are met:

The Microsoft Graph PowerShell module is installed. If it’s not installed, use the following command:
Install-Module Microsoft.Graph -Scope CurrentUser
Connect to Microsoft Graph PowerShell with the required permissions to retrieve Microsoft Entra ID group members:
Connect-MgGraph -Scopes "GroupMember.Read.All", "Group.Read.All"

Using the Get-MgGroupMember cmdlet to get Microsoft Entra ID group members

Use the Get-MgGroupMember cmdlet in Microsoft Graph PowerShell to get a list of Microsoft Entra ID group members. The syntax is as follows:


                                    Get-MgGroupMember 

                                    -GroupId <String> 

                                    [-ExpandProperty <String[]>] 

                                    [-Filter <String>] 

                                    [-Property <String[]>] 

                                    [-Search <String>] 

                                    [-Skip <Int32>] 

                                    [-Sort <String[]>] 

                                    [-Top <Int32>] 

                                    [-ConsistencyLevel <String>] 

                                    [-ResponseHeadersVariable <String>] 

                                    [-Headers <IDictionary>] 

                                    [-PageSize <Int32>] 

                                    [-All] 

                                    [-CountVariable <String>] 

                                    [-ProgressAction <ActionPreference>] 

                                    [<CommonParameters>]

Example use case and script using the Get-MgGroupMember cmdlet

Example: Get members of a group


                                    Get-MgGroupMember -GroupId "your-group-id"

Supported parameters

The table below lists key parameters that can be used with the Get-MgGroupMember cmdlet to get Microsoft Entra ID group members.

Parameters	Description
-All	This lists all pages.
-ConsistencyLevel	This shows the requested consistency level.
-CountVariable	This indicates the count of the total number of items in a collection. By default, this variable will be set in the global scope.
-Filter	This filters the items by property values.
-GroupID	This is the unique identifier of a group.

Note: Microsoft has announced the deprecation of Azure AD PowerShell and its transition to Microsoft Graph PowerShell.

Challenges of using Graph PowerShell scripts to retrieve Microsoft Entra ID group members

Formatting and exporting data for reporting and auditing often require additional scripting efforts, increasing complexity.
The lack of a graphical user interface makes it less accessible, especially for those unfamiliar with PowerShell scripting.
IT administrators must transition from Azure AD PowerShell and develop proficiency in PowerShell scripting to effectively use Microsoft Graph PowerShell.
Limited built-in error handling can make troubleshooting issues more difficult, often requiring manual intervention to diagnose and resolve failures.

Highlights of using ADManager Plus to get Microsoft Entra ID group members

ADManager Plus offers over 200 preconfigured reports that help administrators get detailed insights about their Microsoft Entra ID environment.
Schedule these reports to be generated automatically at periodic intervals.
Export them into various formats, such as PDF, XLS, CSV, and HTML, for reporting and auditing purposes.
Customize the data generated according to your needs by filtering the reports.
Perform bulk management actions effortlessly without the need for any complicated scripts.

Get the list of Microsoft Entra ID group members effortlessly with ADManager Plus

Try it now for free

Getting Microsoft Entra ID group members
Get the Microsoft Entra ID group members' list using ADManager Plus
Get members of Microsoft Entra ID groups using Microsoft Graph PowerShell
Challenges of using Graph PowerShell scripts to retrieve Microsoft Entra ID group members
Highlights of using ADManager Plus to get Microsoft Entra ID group members

Related features:

Related Powershell Guides: