Microsoft 365 Group (aka Office 365 Group) is a cross-application membership service for Microsoft 365 services such as Microsoft Teams, Planner. etc. To use the service like Microsoft Teams, users should have been added as a member in required teams and they should have a valid Teams license.
We can use the Get-AzureADGroupMember cmdlet to get members of a group. This command also returns basic user details and applied licenses. Before start, install the Azure AD V2 PowerShell module and run the following to connect the module.
Connect-AzureAD
Run the below command to get members of a group and their license details.
$Group = Get-AzureADGroup -SearchString '<GroupName>'
#Get Group Members and their license assignments
Get-AzureADGroupMember -ObjectId $Group.ObjectId -All $true | Select DisplayName, AssignedLicenses, UserPrincipalName
We can use the Get-AzureADGroupOwner cmdlet to get owners of the group.
$Group = Get-AzureADGroup -SearchString '<GroupName>'
Get-AzureADGroupOwner -ObjectId $Group.ObjectId -All $true | Select DisplayName, AssignedLicenses, UserPrincipalName
Find unlicensed members
The following command gets the list of group members who are without any license.
$Group = Get-AzureADGroup -SearchString '<GroupName>'
Get-AzureADGroupMember -ObjectId $Group.ObjectId -All $true | Where-Object { $_.AssignedLicenses.Count -eq 0}
Find unlicensed owners
$Group = Get-AzureADGroup -SearchString '<GroupName>'
Get-AzureADGroupOwner -ObjectId $Group.ObjectId -All $true | Where-Object { $_.AssignedLicenses.Count -eq 0}
Export License Status of all the Group members
$Result = @()
#Get all M365 groups
$AllGroups = Get-AzureADMSGroup -Filter "groupTypes/any(c:c eq 'Unified')" -All $true
$TotalGroups = $AllGroups.Count
$i = 1
ForEach ($Group in $AllGroups) {
Write-Progress -Activity "Processing $($Group.DisplayName)" -Status "$i out of $TotalGroups groups completed"
#Fetch group members
$GroupMembers = Get-AzureADGroupMember -ObjectId $Group.Id -All $true
ForEach ($User in $GroupMembers) {
$Result += New-Object PSObject -property $([ordered]@{
GroupName = $Group.DisplayName
UserName = $User.DisplayName
UserPrincipalName = $User.UserPrincipalName
IsLicensed = if ($User.AssignedLicenses.Count -ne 0) { $true } else { $false }
})
}
$i++
}
$Result | Export-CSV "C:\AllGroupMembers.CSV" -NoTypeInformation -Encoding UTF8
Get licensed and unlicensed members from all groups
The below command returns licensed users from all Microsoft 365 groups.
$Result | Where-Object {$_.IsLicensed -eq $true} | Select GroupName, UserName
$Result | Where-Object {$_.IsLicensed -eq $false} | Select GroupName, UserName
Get unlicensed users list
The above command returns the result for all group members. If an unlicensed user is a member of multiple groups, then we will get multiple user name entry for the same user. Run the following command to get only the users list without duplication.
$Result | Where-Object {$_.IsLicensed -eq $false} | Select UserName, UserPrincipalName -Unique
Export the unlicensed user details
$Result | Where-Object {$_.IsLicensed -eq $false} | Select UserName, UserPrincipalName -Unique | Export-CSV "C:\UnlicensedMembers.CSV" -NoTypeInformation -Encoding UTF8
This is great!
What if wanted to add a parameter to determine, whether the unlicensed mailbox is a shared mailbox?
For shared mailbox, you need to query Exchange Online. Install the latest Exchange Online powershell module and run the following commands to get the list of unlicensed shared mailboxes.
#Connect Exchange Online powershell
Connect-ExchangeOnline
#Get shared mailboxes without a license
Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox | where {!($_.SkuAssigned -eq $true)}