Get-EntraGroup

Gets a group.

Syntax

Get-EntraGroup
   [-Top <Int32>]
   [-All]
   [-Filter <String>]
   [-Property <String[]>]
   [<CommonParameters>]
Get-EntraGroup
   [-SearchString <String>]
   [-All]
   [-Property <String[]>]
   [<CommonParameters>]
Get-EntraGroup
   -GroupId <String>
   [-All]
   [-Property <String[]>]
   [<CommonParameters>]

Description

The Get-EntraGroup cmdlet gets a group in Microsoft Entra ID. Specify the ObjectId parameter to get a specific group.

Examples

Example 1: Get all groups

Connect-Entra -Scopes 'GroupMember.Read.All'
Get-EntraGroup

DisplayName                                       Id                                   MailNickname                                   Description
-----------                                       --                                   ------------                                   -----------
SimpleTestGrp                                     aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb NickName
SimpleGroup                                       bbbbbbbb-1111-2222-3333-cccccccccccc NickName
testGroupInAU10                                   cccccccc-2222-3333-4444-dddddddddddd testGroupInAU10                                testGroupInAU10
My new group                                      dddddddd-3333-4444-5555-eeeeeeeeeeee NotSet                                         New created group
SimpleGroup                                       eeeeeeee-4444-5555-6666-ffffffffffff NickName

This example demonstrates how to get all groups from Microsoft Entra ID.

Example 2: Get a specific group by using an GroupId

Connect-Entra -Scopes 'GroupMember.Read.All'
$group = Get-EntraGroup -Filter "DisplayName eq 'Azure Panda'"
Get-EntraGroup -GroupId $group.Id

DisplayName    Id                                   MailNickname        Description         GroupTypes
-----------    --                                   ------------        -----------         ----------
Crimson Eagle  pppppppp-4444-0000-8888-yyyyyyyyyyyy crimsoneaglegroup   Crimson Eagle Group {Unified}

This example demonstrates how to retrieve specific group by providing ID.

Example 3: Get top five groups

Connect-Entra -Scopes 'GroupMember.Read.All'
Get-EntraGroup -Top 5

DisplayName             Id                                   MailNickname          Description
-----------             --                                   ------------          -----------
Contoso Group           hhhhhhhh-3333-5555-3333-qqqqqqqqqqqq contosogroup          Contoso Group
Crimson Eagle           pppppppp-4444-0000-8888-yyyyyyyyyyyy crimsoneagle          Crimson Eagle Group
Bold Falcon             tttttttt-0000-3333-9999-mmmmmmmmmmmm boldfalcon            Bold Falcon Group
Azure Panda             qqqqqqqq-5555-0000-1111-hhhhhhhhhhhh azurepanda            Azure Panda
Misty Fox               kkkkkkkk-3333-5555-1111-nnnnnnnnnnnn mistyfox              Misty Fox Group

This example demonstrates how to get top five groups.

Example 4: Get a group by DisplayName

Connect-Entra -Scopes 'GroupMember.Read.All'
Get-EntraGroup -Filter "DisplayName eq 'Azure Panda'"

DisplayName        Id                                   MailNickname     Description        GroupTypes
-----------        --                                   ------------     -----------        ----------
Azure Panda        qqqqqqqq-5555-0000-1111-hhhhhhhhhhhh azurepanda       Azure Panda        {Unified}

In this example, we retrieve group using the Display Name.

Example 5: Get groups that contain a search string

Connect-Entra -Scopes 'GroupMember.Read.All'
Get-EntraGroup -SearchString 'New'

DisplayName             Id                                   MailNickname          Description             GroupTypes
-----------             --                                   ------------          -----------             ----------
New Sparkling Deer      bbbbbbbb-5555-5555-0000-qqqqqqqqqqqq newsparklingdeer New Sparkling Deer Group {Unified}
New Golden Fox          xxxxxxxx-8888-5555-9999-bbbbbbbbbbbb newgoldenfox                  New Golden Fox            {DynamicMembership}

This example demonstrates how to retrieve groups that include the text new in their display names from Microsoft Entra ID.

Example 6: Listing ownerless groups

Connect-Entra -Scopes 'GroupMember.Read.All'
$allGroups = Get-EntraGroup -All
$groupsWithoutOwners = foreach ($group in $allGroups) {
    $owners = Get-EntraGroupOwner -ObjectId $group.Id
    if ($owners.Count -eq 0) {
        $group
    }
}
$groupsWithoutOwners | Format-Table DisplayName, Id, GroupTypes

DisplayName           Id                                   GroupTypes
-----------           --                                   ----------
My new group          aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb {}
HelpDesk admin group  eeeeeeee-4444-5555-6666-ffffffffffff {}

This example demonstrates how to retrieve groups without owners. By identifying ownerless groups, IT admins can improve overall governance and operational efficiency.

Example 7: Listing empty groups

Connect-Entra -Scopes 'GroupMember.Read.All'
$allGroups = Get-EntraGroup -All
$groupsWithoutMembers = foreach ($group in $allGroups) {
    $members = Get-EntraGroupMember -ObjectId $group.Id
    if ($members.Count -eq 0) {
        $group
    }
}
$groupsWithoutMembers | Format-Table DisplayName, Id, GroupTypes

DisplayName           Id                                   GroupTypes
-----------           --                                   ----------
My new group          aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb {}
HelpDesk admin group  eeeeeeee-4444-5555-6666-ffffffffffff {}

This example demonstrates how to retrieve groups without members. By identifying memberless groups, IT admins can identify and clean up unused or obsolete groups that no longer serve a purpose.

Example 8: Get groups with specific properties

Connect-Entra -Scopes 'GroupMember.Read.All'
Get-EntraGroup -Property Id,DisplayName, SecurityEnabled,Visibility,GroupTypes | Select-Object Id,DisplayName, SecurityEnabled,Visibility,GroupTypes | Format-Table -AutoSize

Id                                   DisplayName                SecurityEnabled Visibility GroupTypes
--                                   -----------                --------------- ---------- ----------
aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb SimpleGroup               False           Public     {Unified}
eeeeeeee-4444-5555-6666-ffffffffffff My new group              False           Private    {Unified}
bbbbbbbb-5555-5555-0000-qqqqqqqqqqqq HelpDesk admin group      True            {}

This example demonstrates how to return only a specific property of a group. You can use -Select alias or -Property.

Parameters

-All

List all pages.

Type:System.Management.Automation.SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Filter

Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-GroupId

The unique identifier of a group in Microsoft Entra ID (GroupId)

Type:System.String
Aliases:ObjectId
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Property

Specifies properties to be returned

Type:System.String[]
Aliases:Select
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SearchString

Specifies a search string.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Top

Specifies the maximum number of records to return.

Type:System.Int32
Aliases:Limit
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False