How to add an owner to an Azure Active Directory group using PowerShell scripts
Azure Active Directory (Azure AD) groups are used by administrators to simplify administration of users and their permissions efficiently. Owners of Azure AD groups have administrative control over the group and are responsible for managing the group's membership, settings, and other configurations. To ensure controlled delegation of administrative tasks and limited exposure to security risks, owners of a group need to be monitored and their permissions are to be managed regularly. The cmdlet in the table below can be used for adding an owner to an Azure AD group. ADManager Plus, a unified Active Directory, Microsoft 365, Exchange, and Google Workspace management and reporting tool, can also be used to accomplish this task.
The following table is a comparison on how to add an owner to an Azure Active Directory group using PowerShell scripts and ADManager Plus.
Azure PowerShell
Steps to add an owner to an Azure AD group using PowerShell scripts:
- Note down the ObjectID of the Azure AD group to which the owner is to be assigned and the ObjectID of the user to be added as an owner of the Azure AD group.
- Execute the following PowerShell script to add an owner to an Azure AD group.
Copied
Add-AzureADGroupOwner
-ObjectId "<GroupID>"
-RefObjectId "<UserID>"
Click to copy entire script
where <GroupID> refers to the ObjectID of the Azure AD group for which the owner is to to be added and <UserID> refers to the ObjectID of the user to be added as owner of the Azure AD group.
ADManager Plus
Steps to list members in an Azure AD group using ADManager Plus:
- Log in to ADManager Plus and navigate to Microsoft 365 tab > Management > Group Management. Under Bulk Group Members, select the type of Azure AD group that you want to assign owners to.
- Click on the Add Owner(s) radio button. Select the users to be assigned ownership from Select Owner, the desired Microsoft 365 tenant from the Microsoft Tenant drop-down list, type the name of the Azure AD group for which owners are to be assigned in Select Group(s), and click Find, .
- Select from the list of Azure AD groups generated, and click Apply to assign the users selected owners to the selected Azure AD group.
Limitations of using PowerShell scripts to list Azure AD groups:
- Administrators must have sufficient permissions to modify memberships of Azure AD groups if they wish to use the above-mentioned PowerShell script. However, one wrong move from the administrator can affect the security posture of your organization.
- Only technicians with PowerShell expertise can execute this command.
- PowerShell scripts are time-consuming and can affect productivity.
- The value of the parameters used should be exact.
Benefits of using ADManager Plus:
- The ability to modify group memberships of Azure AD groups can be granularly delegated to technicians without altering their permissions elsewhere
- ADManager Plus comes with an intuitive UI and does not demand any knowledge in PowerShell.
- Perform bulk operations with ease with just a few clicks using customizable templates, CSV Import, and a built-in search option.
- Fine tune your conditions with various attribute-based filters like Display Name, Group Type, Last Directory Sync Time, and Proxy Address.
- Add multiple conditions and decide on what basis they can be used to filter your reports.
- Reports generation comes built-in with ADManager Plus and can be performed at the click of a button.
