New-AzADGroup

Adds new entity to groups

Syntax

New-AzADGroup
   -DisplayName <String>
   -MailNickname <String>
   [-AcceptedSender <IMicrosoftGraphDirectoryObject[]>]
   [-AdditionalProperties <Hashtable>]
   [-AppRoleAssignment <IMicrosoftGraphAppRoleAssignmentAutoGenerated[]>]
   [-Classification <String>]
   [-CreatedOnBehalfOf <IMicrosoftGraphDirectoryObject>]
   [-DeletedDateTime <DateTime>]
   [-Description <String>]
   [-GroupType <String[]>]
   [-HasMembersWithLicenseError]
   [-IsArchived]
   [-IsAssignableToRole]
   [-MailEnabled]
   [-MembershipRule <String>]
   [-MembershipRuleProcessingState <String>]
   [-PermissionGrant <IMicrosoftGraphResourceSpecificPermissionGrant[]>]
   [-PreferredDataLocation <String>]
   [-PreferredLanguage <String>]
   [-SecurityEnabled]
   [-SecurityIdentifier <String>]
   [-Theme <String>]
   [-TransitiveMember <IMicrosoftGraphDirectoryObject[]>]
   [-TransitiveMemberOf <IMicrosoftGraphDirectoryObject[]>]
   [-Visibility <String>]
   [-DefaultProfile <PSObject>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

Adds new entity to groups

Examples

Example 1: Create group

New-AzADGroup -DisplayName $gname -MailNickname $nickname

Create group

Parameters

-AcceptedSender

The list of users or groups that are allowed to create post's or calendar events in this group. If this list is non-empty then only users or groups listed here are allowed to post. To construct, see NOTES section for ACCEPTEDSENDER properties and create a hash table.

Type:IMicrosoftGraphDirectoryObject[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-AdditionalProperties

Additional Parameters

Type:Hashtable
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-AppRoleAssignment

Represents the app roles a group has been granted for an application. Supports $expand. To construct, see NOTES section for APPROLEASSIGNMENT properties and create a hash table.

Type:IMicrosoftGraphAppRoleAssignmentAutoGenerated[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-Classification

Describes a classification for the group (such as low, medium or high business impact). Valid values for this property are defined by creating a ClassificationList setting value, based on the template definition.Returned by default. Supports $filter (eq, ne, NOT, ge, le, startsWith).

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-CreatedOnBehalfOf

Represents an Azure Active Directory object. The directoryObject type is the base type for many other directory entity types. To construct, see NOTES section for CREATEDONBEHALFOF properties and create a hash table.

Type:IMicrosoftGraphDirectoryObject
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:PSObject
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-DeletedDateTime

.

Type:DateTime
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-Description

An optional description for the group. Returned by default. Supports $filter (eq, ne, NOT, ge, le, startsWith) and $search.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-DisplayName

The display name for the group. This property is required when a group is created and cannot be cleared during updates. Returned by default. Supports $filter (eq, ne, NOT, ge, le, in, startsWith), $search, and $orderBy.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-GroupType

Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static. Returned by default. Supports $filter (eq, NOT).

Type:String[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-HasMembersWithLicenseError

Indicates whether there are members in this group that have license errors from its group-based license assignment. This property is never returned on a GET operation. You can use it as a $filter argument to get groups that have members with license errors (that is, filter for this property being true). Supports $filter (eq).

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-IsArchived

.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-IsAssignableToRole

Indicates whether this group can be assigned to an Azure Active Directory role.This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true and the group cannot be a dynamic group (that is, groupTypes cannot contain DynamicMembership). Only callers in Global administrator and Privileged role administrator roles can set this property. The caller must also be assigned the Directory.AccessAsUser.All permission to set this property. For more, see Using a group to manage Azure AD role assignmentsReturned by default. Supports $filter (eq, ne, NOT).

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-MailEnabled

Specifies whether the group is mail-enabled. Returned by default. Supports $filter (eq, ne, NOT).

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-MailNickname

The mail alias for the group, unique in the organization. This property must be specified when a group is created. These characters cannot be used in the mailNickName: @()/[]';:.<>,SPACE. Returned by default. Supports $filter (eq, ne, NOT, ge, le, in, startsWith).

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-MembershipRule

The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax. Returned by default. Supports $filter (eq, ne, NOT, ge, le, startsWith).

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-MembershipRuleProcessingState

Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused. Returned by default. Supports $filter (eq, ne, NOT, in).

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-PermissionGrant

The permissions that have been granted for a group to a specific application. Supports $expand. To construct, see NOTES section for PERMISSIONGRANT properties and create a hash table.

Type:IMicrosoftGraphResourceSpecificPermissionGrant[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-PreferredDataLocation

The preferred data location for the group. For more information, see OneDrive Online Multi-Geo. Returned by default.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-PreferredLanguage

The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example 'en-US'. Returned by default. Supports $filter (eq, ne, NOT, ge, le, in, startsWith).

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-SecurityEnabled

Specifies whether the group is a security group. Returned by default. Supports $filter (eq, ne, NOT, in).

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-SecurityIdentifier

Security identifier of the group, used in Windows scenarios. Returned by default.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-Theme

Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange or Red. Returned by default.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-TransitiveMember

. To construct, see NOTES section for TRANSITIVEMEMBER properties and create a hash table.

Type:IMicrosoftGraphDirectoryObject[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-TransitiveMemberOf

. To construct, see NOTES section for TRANSITIVEMEMBEROF properties and create a hash table.

Type:IMicrosoftGraphDirectoryObject[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-Visibility

Specifies the group join policy and group content visibility for groups. Possible values are: Private, Public, or Hiddenmembership. Hiddenmembership can be set only for Microsoft 365 groups, when the groups are created. It can't be updated later. Other values of visibility can be updated after group creation. If visibility value is not specified during group creation on Microsoft Graph, a security group is created as Private by default and Microsoft 365 group is Public. See group visibility options to learn more. Returned by default.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Outputs

IMicrosoftGraphGroup

Notes

ALIASES

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

ACCEPTEDSENDER <IMicrosoftGraphDirectoryObject[]>: The list of users or groups that are allowed to create post's or calendar events in this group. If this list is non-empty then only users or groups listed here are allowed to post.

  • [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted.
  • [DisplayName <String>]: The name displayed in directory

APPROLEASSIGNMENT <IMicrosoftGraphAppRoleAssignmentAutoGenerated[]>: Represents the app roles a group has been granted for an application. Supports $expand.

  • [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted.
  • [DisplayName <String>]: The name displayed in directory
  • [AppRoleId <String>]: The identifier (id) for the app role which is assigned to the principal. This app role must be exposed in the appRoles property on the resource application's service principal (resourceId). If the resource application has not declared any app roles, a default app role ID of 00000000-0000-0000-0000-000000000000 can be specified to signal that the principal is assigned to the resource app without any specific app roles. Required on create.
  • [CreatedDateTime <DateTime?>]: The time when the app role assignment was created.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only.
  • [PrincipalDisplayName <String>]: The display name of the user, group, or service principal that was granted the app role assignment. Read-only. Supports $filter (eq and startswith).
  • [PrincipalId <String>]: The unique identifier (id) for the user, group or service principal being granted the app role. Required on create.
  • [PrincipalType <String>]: The type of the assigned principal. This can either be User, Group or ServicePrincipal. Read-only.
  • [ResourceDisplayName <String>]: The display name of the resource app's service principal to which the assignment is made.
  • [ResourceId <String>]: The unique identifier (id) for the resource service principal for which the assignment is made. Required on create. Supports $filter (eq only).

CREATEDONBEHALFOF <IMicrosoftGraphDirectoryObject>: Represents an Azure Active Directory object. The directoryObject type is the base type for many other directory entity types.

  • [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted.
  • [DisplayName <String>]: The name displayed in directory

PERMISSIONGRANT <IMicrosoftGraphResourceSpecificPermissionGrant[]>: The permissions that have been granted for a group to a specific application. Supports $expand.

  • [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted.
  • [DisplayName <String>]: The name displayed in directory
  • [ClientAppId <String>]: ID of the service principal of the Azure AD app that has been granted access. Read-only.
  • [ClientId <String>]: ID of the Azure AD app that has been granted access. Read-only.
  • [Permission <String>]: The name of the resource-specific permission. Read-only.
  • [PermissionType <String>]: The type of permission. Possible values are: Application, Delegated. Read-only.
  • [ResourceAppId <String>]: ID of the Azure AD app that is hosting the resource. Read-only.

TRANSITIVEMEMBER <IMicrosoftGraphDirectoryObject[]>: .

  • [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted.
  • [DisplayName <String>]: The name displayed in directory

TRANSITIVEMEMBEROF <IMicrosoftGraphDirectoryObject[]>: .

  • [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted.
  • [DisplayName <String>]: The name displayed in directory