Get-EntraGroup
Gets a group.
Syntax
GetQuery (Default)
Get-EntraGroup
[-Top <Int32>]
[-All]
[-Filter <String>]
[-Property <String[]>]
[-HasErrorsOnly]
[-HasLicenseErrorsOnly]
[<CommonParameters>]
GetVague
Get-EntraGroup
[-SearchString <String>]
[-All]
[-Property <String[]>]
[-HasErrorsOnly]
[-HasLicenseErrorsOnly]
[<CommonParameters>]
GetById
Get-EntraGroup
-GroupId <String>
[-All]
[-Property <String[]>]
[<CommonParameters>]
Append
Get-EntraGroup
-Property <String[]>
-AppendSelected
[-GroupId <String>]
[-Top <Int32>]
[-All]
[-Filter <String>]
[-SearchString <String>]
[-HasErrorsOnly]
[-HasLicenseErrorsOnly]
[<CommonParameters>]
Description
The Get-EntraGroup cmdlet gets a group in Microsoft Entra ID. Specify the ObjectId parameter to get a specific group.
You can filter results to show only groups with issues by using the HasErrorsOnly parameter to find groups with service provisioning errors, or the HasLicenseErrorsOnly parameter to find groups with license assignment errors. These filtering options help administrators identify groups that require attention.
Examples
Example 1: Get all groups
Connect-Entra -Scopes 'GroupMember.Read.All'
Get-EntraGroup
DisplayName Id MailNickname Description
----------- -- ------------ -----------
SimpleTestGrp aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb NickName
SimpleGroup bbbbbbbb-1111-2222-3333-cccccccccccc NickName
testGroupInAU10 cccccccc-2222-3333-4444-dddddddddddd testGroupInAU10 testGroupInAU10
My new group dddddddd-3333-4444-5555-eeeeeeeeeeee NotSet New created group
SimpleGroup eeeeeeee-4444-5555-6666-ffffffffffff NickName
This example demonstrates how to get all groups from Microsoft Entra ID.
Example 2: Get a specific group by using an GroupId
Connect-Entra -Scopes 'GroupMember.Read.All'
$group = Get-EntraGroup -Filter "DisplayName eq 'Azure Panda'"
Get-EntraGroup -GroupId $group.Id
DisplayName Id MailNickname Description GroupTypes
----------- -- ------------ ----------- ----------
Crimson Eagle pppppppp-4444-0000-8888-yyyyyyyyyyyy crimsoneaglegroup Crimson Eagle Group {Unified}
This example demonstrates how to retrieve specific group by providing ID.
Example 3: Retrieve Microsoft 365 (Unified) groups
Connect-Entra -Scopes 'GroupMember.Read.All'
Get-EntraGroup -Filter "groupTypes/any(g:g eq 'Unified')" -Top 4
DisplayName Id MailNickname GroupTypes
----------- -- ------------ ----------
Contoso Group hhhhhhhh-3333-5555-3333-qqqqqqqqqqqq contosogroup {Unified}
Crimson Eagle pppppppp-4444-0000-8888-yyyyyyyyyyyy crimsoneagle {Unified}
Bold Falcon tttttttt-0000-3333-9999-mmmmmmmmmmmm boldfalcon {Unified}
Misty Fox qqqqqqqq-5555-0000-1111-hhhhhhhhhhhh mistyfox {Unified}
This example retrieves Microsoft 365 (Unified) groups. You can use -Limit as an alias for -Top.
Example 4: Get a group by DisplayName
Connect-Entra -Scopes 'GroupMember.Read.All'
Get-EntraGroup -Filter "DisplayName eq 'Azure Panda'"
DisplayName Id MailNickname Description GroupTypes
----------- -- ------------ ----------- ----------
Azure Panda qqqqqqqq-5555-0000-1111-hhhhhhhhhhhh azurepanda Azure Panda {Unified}
In this example, we retrieve group using the Display Name.
Example 5: Get groups whose DisplayName starts with a search string
Connect-Entra -Scopes 'GroupMember.Read.All'
Get-EntraGroup -SearchString 'New'
DisplayName Id MailNickname Description GroupTypes
----------- -- ------------ ----------- ----------
New Sparkling Deer bbbbbbbb-5555-5555-0000-qqqqqqqqqqqq newsparklingdeer New Sparkling Deer Group {Unified}
New Golden Fox xxxxxxxx-8888-5555-9999-bbbbbbbbbbbb newgoldenfox New Golden Fox {DynamicMembership}
This example demonstrates how to retrieve groups that include the text new in their display names from Microsoft Entra ID.
Example 6: Listing ownerless groups
Connect-Entra -Scopes 'GroupMember.Read.All'
$allGroups = Get-EntraGroup -All
$groupsWithoutOwners = foreach ($group in $allGroups) {
$owners = Get-EntraGroupOwner -ObjectId $group.Id
if ($owners.Count -eq 0) {
$group
}
}
$groupsWithoutOwners | Format-Table DisplayName, Id, GroupTypes
DisplayName Id GroupTypes
----------- -- ----------
My new group aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb {}
HelpDesk admin group eeeeeeee-4444-5555-6666-ffffffffffff {}
This example demonstrates how to retrieve groups without owners. By identifying ownerless groups, IT admins can improve overall governance and operational efficiency.
Example 7: Listing empty groups
Connect-Entra -Scopes 'GroupMember.Read.All'
$allGroups = Get-EntraGroup -All
$groupsWithoutMembers = foreach ($group in $allGroups) {
$members = Get-EntraGroupMember -ObjectId $group.Id
if ($members.Count -eq 0) {
$group
}
}
$groupsWithoutMembers | Format-Table DisplayName, Id, GroupTypes
DisplayName Id GroupTypes
----------- -- ----------
My new group aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb {}
HelpDesk admin group eeeeeeee-4444-5555-6666-ffffffffffff {}
This example demonstrates how to retrieve groups without members. By identifying memberless groups, IT admins can identify and clean up unused or obsolete groups that no longer serve a purpose.
Example 8: Get groups with specific properties
Connect-Entra -Scopes 'GroupMember.Read.All'
Get-EntraGroup -Property Id,DisplayName, SecurityEnabled,Visibility,GroupTypes | Select-Object Id,DisplayName, SecurityEnabled,Visibility,GroupTypes | Format-Table -AutoSize
Id DisplayName SecurityEnabled Visibility GroupTypes
-- ----------- --------------- ---------- ----------
aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb SimpleGroup False Public {Unified}
eeeeeeee-4444-5555-6666-ffffffffffff My new group False Private {Unified}
bbbbbbbb-5555-5555-0000-qqqqqqqqqqqq HelpDesk admin group True {}
This example demonstrates how to return only a specific property of a group. You can use -Select alias or -Property.
Example 9: Get groups with specific properties and append the selected properties
Connect-Entra -Scopes 'GroupMember.Read.All'
Get-EntraGroup -GroupId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -Property IsSubscribedByMail -AppendSelected | Select-Object Id, DisplayName, MailEnabled, Visibility, IsSubscribedByMail | Format-Table -AutoSize
Id DisplayName MailEnabled Visibility IsSubscribedByMail
-- ----------- --------------- ---------- ----------
aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb SimpleGroup False Public False
This example demonstrates how to append a selected property to the default properties.
Example 10: Get groups that have errors
Connect-Entra -Scopes 'GroupMember.Read.All'
Get-EntraGroup -HasErrorsOnly
DisplayName Id MailNickname Description GroupTypes ServiceProvisioningErrors
----------- -- ------------ ----------- ---------- -------------------------
Problem Group aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb problemgroup Group with errors {Unified} {@{ErrorDetail=...}}
Error Test Group bbbbbbbb-1111-2222-3333-cccccccccccc errortestgroup Another problem group {} {@{ErrorDetail=...}}
This example demonstrates how to retrieve only groups that have service provisioning errors. The HasErrorsOnly parameter filters the results to show only groups with issues that need attention.
Example 11: Get groups that have license errors
Connect-Entra -Scopes 'GroupMember.Read.All'
Get-EntraGroup -HasLicenseErrorsOnly
DisplayName Id MailNickname Description GroupTypes
----------- -- ------------ ----------- ----------
License Issue Group cccccccc-2222-3333-4444-dddddddddddd licenseissuegroup Group with license errors {Unified}
Failed License Group dddddddd-3333-4444-5555-eeeeeeeeeeee failedlicensegroup License assignment failed {}
This example demonstrates how to retrieve only groups that have members with license errors. This is useful for identifying groups where license assignment has failed and needs administrative attention.
Example 12: Combine error filtering with search
Connect-Entra -Scopes 'GroupMember.Read.All'
Get-EntraGroup -SearchString 'Test' -HasErrorsOnly
DisplayName Id MailNickname Description GroupTypes ServiceProvisioningErrors
----------- -- ------------ ----------- ---------- -------------------------
Test Error Group bbbbbbbb-1111-2222-3333-cccccccccccc testerrorgroup Test group with errors {} {@{ErrorDetail=...}}
This example demonstrates how to combine the search functionality with error filtering to find specific groups that have both a particular name pattern and service provisioning errors.
Parameters
-All
List all pages.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-AppendSelected
Specifies whether to append the selected properties.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
Append
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Filter
Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
GetQuery
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
Append
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-GroupId
The unique identifier of a group in Microsoft Entra ID (GroupId)
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | ObjectId |
Parameter sets
GetById
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
Append
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-HasErrorsOnly
Returns only groups that have service provisioning errors.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
GetQuery
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
GetVague
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
Append
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-HasLicenseErrorsOnly
Returns only groups that have members with license errors.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
GetQuery
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
GetVague
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
Append
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Property
Specifies properties to be returned
Parameter properties
| Type: | System.String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Select |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-SearchString
Specifies a search string.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
GetValue
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
Append
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Top
Specifies the maximum number of records to return.
Parameter properties
| Type: | System.Int32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Limit |
Parameter sets
GetQuery
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
Append
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.