Replace a user's membership in selected Microsoft 365 Groups or Teams
Summary
This script can be used to replace the membership of a user for a selected list of Groups. It might be useful when a person changes role in an organization or is about to leave it.
Warning
Please be aware this script contains a command that will remove or delete an artifact, ensure you test and understand the implications of running the script.
$adminUrl = "https://contoso-admin.sharepoint.com"
$fileInput = "<PUTYOURPATHHERE.csv>"
$oldUser = "upnOfOldUser"
$newUser = "upnOfNewUser"
Connect-PnPOnline -Url $adminUrl -Interactive
function Replace-Membership {
[cmdletbinding()]
param(
[parameter(Mandatory = $true)]
$fileInput ,
[parameter(Mandatory = $true)]
$oldUser,
[parameter(Mandatory = $true)]
$newUser
)
$groupsToProcess = Import-Csv $fileInput
$groupsToProcess.id | ForEach-Object {
$groupId = $_
Write-Host "Processing Group ($groupId)" -ForegroundColor DarkGray -NoNewline
$group = $null
try {
$group = Get-PnPMicrosoft365Group -Identity $groupId
}
catch {
Write-Host
Write-Host $_.Exception.Message -ForegroundColor Red
return
}
Write-Host " - $($group.displayName)" -ForegroundColor DarkGray
$isTeam = $group.resourceProvisioningOptions.Contains("Team");
$users = $null
$members = Get-PnPMicrosoft365GroupMembers -Identity $groupId
$owners = Get-PnPMicrosoft365GroupOwners -Identity $groupId
$members | Where-Object { $_.userPrincipalName -eq $oldUser } | ForEach-Object {
$user = $_
$owner = $owners | Where-Object { $_.userPrincipalName -eq $oldUser }
if($owner)
{
Write-Host "Found $oldUser with owner rights" -ForegroundColor Green
}
else
{
Write-Host "Found $oldUser with member rights" -ForegroundColor Green
}
# owners must be explicitly added as members if it is a team
if ($user -or $isTeam) {
try {
Write-Host "Granting $newUser member rights"
Add-PnPMicrosoft365GroupMember -Identity $groupId -Users $newUser
}
catch {
Write-Host $_.Exception.Message -ForegroundColor White
}
}
if ($owner) {
try {
Write-Host "Granting $newUser owner rights"
Add-PnPMicrosoft365GroupOwner -Identity $groupId -Users $newUser
}
catch {
Write-Host $_.Exception.Message -ForegroundColor White
}
}
try {
Write-Host "Removing $oldUser..."
if($owner)
{
Remove-PnPMicrosoft365GroupOwner -Identity $groupId -Users $oldUser
}
Remove-PnPMicrosoft365GroupMember -Identity $groupId -Users $oldUser
}
catch {
Write-Host $_.Exception.Message -ForegroundColor Red
continue
}
}
}
}
Replace-Membership $fileInput $oldUser $newUser
Check out the PnP PowerShell to learn more at: https://aka.ms/pnp/powershell
The way you login into PnP PowerShell has changed please read PnP Management Shell EntraID app is deleted : what should I do ?
CSV Format
id
<groupId>
<groupId>
<groupId>
Contributors
| Author(s) |
|---|
| Reshmee Auckloo |
Disclaimer
THESE SAMPLES ARE PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.