Get Unlicensed Microsoft 365 Group Members and Owners in PowerShell

Microsoft 365 Group (aka Office 365 Group) is a cross-application membership service for Microsoft 365 services such as Microsoft Teams, Planner. etc. To use the service like Microsoft Teams, users should have been added as a member in required teams and they should have a valid Teams license.

We can use the Get-AzureADGroupMember cmdlet to get members of a group. This command also returns basic user details and applied licenses.  Before start, install the Azure AD V2 PowerShell module and run the following to connect the module.

Connect-AzureAD

Run the below command to get members of a group and their license details.

$Group = Get-AzureADGroup -SearchString '<GroupName>'
#Get Group Members and their license assignments
Get-AzureADGroupMember -ObjectId $Group.ObjectId -All $true | Select DisplayName, AssignedLicenses, UserPrincipalName

We can use the Get-AzureADGroupOwner cmdlet to get owners of the group.

$Group = Get-AzureADGroup -SearchString '<GroupName>'
Get-AzureADGroupOwner -ObjectId $Group.ObjectId -All $true | Select DisplayName, AssignedLicenses, UserPrincipalName

Find unlicensed members

The following command gets the list of group members who are without any license.

$Group = Get-AzureADGroup -SearchString '<GroupName>'
Get-AzureADGroupMember -ObjectId $Group.ObjectId -All $true | Where-Object { $_.AssignedLicenses.Count -eq 0}

Find unlicensed owners

$Group = Get-AzureADGroup -SearchString '<GroupName>'
Get-AzureADGroupOwner -ObjectId $Group.ObjectId -All $true | Where-Object { $_.AssignedLicenses.Count -eq 0}

Export License Status of all the Group members

$Result = @()
#Get all M365 groups
$AllGroups = Get-AzureADMSGroup -Filter "groupTypes/any(c:c eq 'Unified')" -All $true
$TotalGroups = $AllGroups.Count
$i = 1 
ForEach ($Group in $AllGroups) {
Write-Progress -Activity "Processing $($Group.DisplayName)" -Status "$i out of $TotalGroups groups completed"
#Fetch group members
$GroupMembers = Get-AzureADGroupMember -ObjectId $Group.Id -All $true
ForEach ($User in $GroupMembers) {
$Result += New-Object PSObject -property $([ordered]@{ 
GroupName = $Group.DisplayName
UserName = $User.DisplayName
UserPrincipalName  = $User.UserPrincipalName
IsLicensed  = if ($User.AssignedLicenses.Count -ne 0) { $true } else { $false }
})
}
$i++
}
$Result | Export-CSV "C:\AllGroupMembers.CSV" -NoTypeInformation -Encoding UTF8

Get licensed and unlicensed members from all groups

The below command returns licensed users from all Microsoft 365 groups.

$Result | Where-Object {$_.IsLicensed -eq $true} | Select GroupName, UserName
Run the below command to list only the unlicensed group members.
$Result | Where-Object {$_.IsLicensed -eq $false} | Select GroupName, UserName

Get unlicensed users list

The above command returns the result for all group members. If an unlicensed user is a member of multiple groups, then we will get multiple user name entry for the same user. Run the following command to get only the users list without duplication.

$Result | Where-Object {$_.IsLicensed -eq $false} | Select UserName, UserPrincipalName -Unique

Export the unlicensed user details

$Result | Where-Object {$_.IsLicensed -eq $false} | Select UserName, UserPrincipalName -Unique | Export-CSV "C:\UnlicensedMembers.CSV" -NoTypeInformation -Encoding UTF8

Advertisement

2 thoughts on “Get Unlicensed Microsoft 365 Group Members and Owners in PowerShell”

    • For shared mailbox, you need to query Exchange Online. Install the latest Exchange Online powershell module and run the following commands to get the list of unlicensed shared mailboxes.

      #Connect Exchange Online powershell
      Connect-ExchangeOnline

      #Get shared mailboxes without a license
      Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox | where {!($_.SkuAssigned -eq $true)}

      Reply

Leave a Comment