Get-EntraGroup
Gets a group.
Syntax
GetQuery (Default)
Get-EntraGroup
[-Top <Int32>]
[-All]
[-Filter <String>]
[-Property <String[]>]
[<CommonParameters>]
GetByValue
Get-EntraGroup
[-SearchString <String>]
[-All]
[-Property <String[]>]
[<CommonParameters>]
GetById
Get-EntraGroup
-GroupId <String>
[-All]
[-Property <String[]>]
[<CommonParameters>]
Description
The Get-EntraGroup cmdlet gets a group in Microsoft Entra ID. Specify the ObjectId parameter to get a specific group.
Examples
Example 1: Get all groups
Connect-Entra -Scopes 'GroupMember.Read.All'
Get-EntraGroup
DisplayName Id MailNickname Description
----------- -- ------------ -----------
SimpleTestGrp aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb NickName
SimpleGroup bbbbbbbb-1111-2222-3333-cccccccccccc NickName
testGroupInAU10 cccccccc-2222-3333-4444-dddddddddddd testGroupInAU10 testGroupInAU10
My new group dddddddd-3333-4444-5555-eeeeeeeeeeee NotSet New created group
SimpleGroup eeeeeeee-4444-5555-6666-ffffffffffff NickName
This example demonstrates how to get all groups from Microsoft Entra ID.
Example 2: Get a specific group by using an GroupId
Connect-Entra -Scopes 'GroupMember.Read.All'
$group = Get-EntraGroup -Filter "DisplayName eq 'Azure Panda'"
Get-EntraGroup -GroupId $group.Id
DisplayName Id MailNickname Description GroupTypes
----------- -- ------------ ----------- ----------
Crimson Eagle pppppppp-4444-0000-8888-yyyyyyyyyyyy crimsoneaglegroup Crimson Eagle Group {Unified}
This example demonstrates how to retrieve specific group by providing ID.
Example 3: Retrieve Microsoft 365 (Unified) groups
Connect-Entra -Scopes 'GroupMember.Read.All'
Get-EntraGroup -Filter "groupTypes/any(g:g eq 'Unified')" -Top 4
DisplayName Id MailNickname GroupTypes
----------- -- ------------ ----------
Contoso Group hhhhhhhh-3333-5555-3333-qqqqqqqqqqqq contosogroup {Unified}
Crimson Eagle pppppppp-4444-0000-8888-yyyyyyyyyyyy crimsoneagle {Unified}
Bold Falcon tttttttt-0000-3333-9999-mmmmmmmmmmmm boldfalcon {Unified}
Misty Fox qqqqqqqq-5555-0000-1111-hhhhhhhhhhhh mistyfox {Unified}
This example retrieves Microsoft 365 (Unified) groups. You can use -Limit as an alias for -Top.
Example 4: Get a group by DisplayName
Connect-Entra -Scopes 'GroupMember.Read.All'
Get-EntraGroup -Filter "DisplayName eq 'Azure Panda'"
DisplayName Id MailNickname Description GroupTypes
----------- -- ------------ ----------- ----------
Azure Panda qqqqqqqq-5555-0000-1111-hhhhhhhhhhhh azurepanda Azure Panda {Unified}
In this example, we retrieve group using the Display Name.
Example 5: Get groups that contain a search string
Connect-Entra -Scopes 'GroupMember.Read.All'
Get-EntraGroup -SearchString 'New'
DisplayName Id MailNickname Description GroupTypes
----------- -- ------------ ----------- ----------
New Sparkling Deer bbbbbbbb-5555-5555-0000-qqqqqqqqqqqq newsparklingdeer New Sparkling Deer Group {Unified}
New Golden Fox xxxxxxxx-8888-5555-9999-bbbbbbbbbbbb newgoldenfox New Golden Fox {DynamicMembership}
This example demonstrates how to retrieve groups that include the text new in their display names from Microsoft Entra ID.
Example 6: Listing ownerless groups
Connect-Entra -Scopes 'GroupMember.Read.All'
$allGroups = Get-EntraGroup -All
$groupsWithoutOwners = foreach ($group in $allGroups) {
$owners = Get-EntraGroupOwner -ObjectId $group.Id
if ($owners.Count -eq 0) {
$group
}
}
$groupsWithoutOwners | Format-Table DisplayName, Id, GroupTypes
DisplayName Id GroupTypes
----------- -- ----------
My new group aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb {}
HelpDesk admin group eeeeeeee-4444-5555-6666-ffffffffffff {}
This example demonstrates how to retrieve groups without owners. By identifying ownerless groups, IT admins can improve overall governance and operational efficiency.
Example 7: Listing empty groups
Connect-Entra -Scopes 'GroupMember.Read.All'
$allGroups = Get-EntraGroup -All
$groupsWithoutMembers = foreach ($group in $allGroups) {
$members = Get-EntraGroupMember -ObjectId $group.Id
if ($members.Count -eq 0) {
$group
}
}
$groupsWithoutMembers | Format-Table DisplayName, Id, GroupTypes
DisplayName Id GroupTypes
----------- -- ----------
My new group aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb {}
HelpDesk admin group eeeeeeee-4444-5555-6666-ffffffffffff {}
This example demonstrates how to retrieve groups without members. By identifying memberless groups, IT admins can identify and clean up unused or obsolete groups that no longer serve a purpose.
Example 8: Get groups with specific properties
Connect-Entra -Scopes 'GroupMember.Read.All'
Get-EntraGroup -Property Id,DisplayName, SecurityEnabled,Visibility,GroupTypes | Select-Object Id,DisplayName, SecurityEnabled,Visibility,GroupTypes | Format-Table -AutoSize
Id DisplayName SecurityEnabled Visibility GroupTypes
-- ----------- --------------- ---------- ----------
aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb SimpleGroup False Public {Unified}
eeeeeeee-4444-5555-6666-ffffffffffff My new group False Private {Unified}
bbbbbbbb-5555-5555-0000-qqqqqqqqqqqq HelpDesk admin group True {}
This example demonstrates how to return only a specific property of a group. You can use -Select alias or -Property.
Parameters
-All
List all pages.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Filter
Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
GetQuery
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-GroupId
The unique identifier of a group in Microsoft Entra ID (GroupId)
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | ObjectId |
Parameter sets
GetById
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Property
Specifies properties to be returned
Parameter properties
| Type: | System.String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Select |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-SearchString
Specifies a search string.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
GetValue
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Top
Specifies the maximum number of records to return.
Parameter properties
| Type: | System.Int32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Limit |
Parameter sets
GetQuery
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.