Create groups in Entra ID with PowerShell

Creating objects in the Entra Admin Center is quite intuitive, but is only suitable for individual requirements. For larger numbers of groups, it is better to use PowerShell.

Select the module

Microsoft provides a comprehensive PowerShell module called Microsoft.Graph. In addition to Entra ID, this includes various other functions for managing services, such as Microsoft 365.
It can be installed using one of the following commands:

Install-Module Microsoft.Graph -Scope CurrentUser   # Install for current user only
Install-Module Microsoft.Graph -Scope AllUsers      # Install for all users - requires administrative permissions

Install-Module Microsoft.Graph -Scope CurrentUser   # Install for current user only
Install-Module Microsoft.Graph -Scope AllUsers      # Install for all users - requires administrative permissions

Microsoft provides a separate PowerShell module called Microsoft.Entra specifically for Entra ID.
This can be installed using one of the following commands:

Install-Module Microsoft.Entra -Scope CurrentUser   # Install for current user only
Install-Module Microsoft.Entra -Scope AllUsers      # Install for all users - requires administrative permissions

Install-Module Microsoft.Entra -Scope CurrentUser   # Install for current user only
Install-Module Microsoft.Entra -Scope AllUsers      # Install for all users - requires administrative permissions

Connect

Depending on the module used, the following command can be used to establish a connection to the Microsoft Cloud. The -Scopes parameter defines which permissions are requested for the interactive session. If groups are to be created using an automated script, an app registration containing the usable permissions is specified instead of the permissions.

Connect-MgGraph -Scopes Group.ReadWrite.All                 # Connect to central Graph API
Connect-Entra   -Scopes Group.ReadWrite.All,Group.Create    # Connect to Entra ID

Connect-MgGraph -Scopes Group.ReadWrite.All                 # Connect to central Graph API
Connect-Entra   -Scopes Group.ReadWrite.All,Group.Create    # Connect to Entra ID

Create a group

Depending on the module used, the following command can be used to create a group. Important: Unlike the graphical user interface, the system does not check whether a group with the selected name already exists. This means that groups may be created twice. To prevent this, it is advisable to check manually before creating the group:

$GroupName = '<Group name>'
$Description = '<Description>'

# Microsoft Graph
if (!(Get-MgGroup -Filter "DisplayName eq '$GroupName'"){New-MgGroup -DisplayName $GroupName -MailEnabled:$False -MailNickName $GroupName -SecurityEnabled -Description $Description}

# Microsoft Entra
if (!(Get-EntraGroup -Filter "DisplayName eq '$GroupName'"){New-EntraGroup -DisplayName $GroupName -MailEnabled:$False -MailNickName $GroupName -SecurityEnabled -Description $Description}

$GroupName = '<Group name>'
$Description = '<Description>'

# Microsoft Graph
if (!(Get-MgGroup -Filter "DisplayName eq '$GroupName'"){New-MgGroup -DisplayName $GroupName -MailEnabled:$False -MailNickName $GroupName -SecurityEnabled -Description $Description}

# Microsoft Entra
if (!(Get-EntraGroup -Filter "DisplayName eq '$GroupName'"){New-EntraGroup -DisplayName $GroupName -MailEnabled:$False -MailNickName $GroupName -SecurityEnabled -Description $Description}

Liked this article? Share it!

• Share on LinkedIn
• Share on Bluesky
• Share on Facebook
• Email this Page
• Share on Reddit