Modify MS 365 unified group membership using PowerShell with Enterprise app authentication

Im trying to run the following command:

Add-UnifiedGroupLinks -Identity '' -LinkType members -Links

However, the error I am getting is:

Write-ErrorMessage : |Microsoft.Exchange.Net.AAD.AADException|We failed to update the group mailbox. Please try again later.

Context is I have authenticated using a certificate connected to an Enterprise app I have registered. If I authenticate as the global admin of the tenant via the standard interactive login, the cmdlet works fine, but I need it to work with the enterprise app for unattended scripts.

The permissions the enterprise app has are:

I’ve come across this aricle:

which says; “In Exchange Online PowerShell, you can’t use the procedures in this article with the following Microsoft 365 Group cmdlets: …Add-UnifiedGroupLinks”

If thats the case, whats the alternative via PowerShell?

If you continue reading past the line you quoted, it says

You can use Microsoft Graph to replace most of the functionality from those cmdlets. For more information, see Working with groups in Microsoft Graph.

Thanks I did see that, but thought I would have to make invoke-webrequest cmdlets which I was hoping to avoid, but some further digging got me to this solution;

To add a member:
New-MgGroupMember -GroupId $GroupID -DirectoryObjectId $UserID

To remove a member:
Remove-MgGroupMemberByRef -DirectoryObjectId $UserID -GroupId $GroupId

‘$UserID’ is the ‘id’ attribute thats returned from ‘Get-MgUser’ and ‘$GroupID’ is the ‘Guid’ attribute returned from ‘Get-MgGroup’.

1 Like

Good work! And thanks for sharing.

If you could, please format the code with the preformatted option

</> icon. It may be hiding under the settings gear.

1 Like