cli-microsoft365 icon indicating copy to clipboard operation
cli-microsoft365 copied to clipboard
verified publisher icon pnp

New command: `entra group member remove`

Open milanholemans opened this issue 2 years ago • 3 comments

Usage

m365 entra group member remove [options]

Description

Removes members from a Microsoft Entra group

Options

Option Description
-i, --groupId [groupId] The ID of the Azure AD group. Specify groupId or groupDisplayName but not both.
-n, --groupDisplayName [groupDisplayName] The display name of the Azure AD group. Specify groupId or groupDisplayName but not both.
--ids [ids] Azure AD IDs of users. You can also pass a comma-separated list of IDs. Specify either ids or userNames but not both.
--userNames [userNames] The user principal names of users. You can also pass a comma-separated list of UPNs. Specify either ids or userNames but not both.
-r, --role [role] The role to be removed from the new user. Valid values: Owner, Member. Defaults to both.
-f, --force Don't prompt for confirmation.

Examples

Remove a single user specified by ID as a member from a group specified by display name

m365 entra group member remove --groupDisplayName Developers --ids 098b9f52-f48c-4401-819f-29c33794c3f5 --role Member

Remove multiple users specified by ID from a group specified by ID

m365 entra group member remove --groupId a03c0c35-ef9a-419b-8cab-f89e0a8d2d2a --ids "098b9f52-f48c-4401-819f-29c33794c3f5,f1e06e31-3abf-4746-83c2-1513d71f38b8"

Remove a single user specified by UPN as an owner from a group specified by display name

m365 entra group member remove --groupDisplayName Developers --userNames [email protected] --role Owner

Removes multiple users specified by UPN from a group specified by ID

m365 entra group member remove --groupId a03c0c35-ef9a-419b-8cab-f89e0a8d2d2a --userNames "[email protected],[email protected]"

Default properties

No response

Additional Info

Let's use Graph batching.

milanholemans avatar Sep 08 '23 19:09 milanholemans

@pnp/cli-for-microsoft-365-maintainers, currently if a user is a member of a group and you run this command without the role option, you get an error because it tries to remove the user both from the owner and member part of the group.

Would it make sense if we add an extra flag --supressNotFound where people can choose to ignore not found errors? In my opinion, this would increase user-friendliness. Imagine you want to remove 3 users from a group. One is owner, one is member, and one is owner + member. This means that you will have to run the command 2 times with 2 different values. If we suppress not found errors, the user would be able to do this in one go.

milanholemans avatar Feb 11 '24 16:02 milanholemans

That would indeed make it even more user-friendly. That option sounds good to me but we should make sure that the explanation is clear enough for the end-users, either in the option description itself or in a well-written remark regarding the usage of that option.

Jwaegebaert avatar Feb 12 '24 07:02 Jwaegebaert

That would indeed make it even more user-friendly. That option sounds good to me but we should make sure that the explanation is clear enough for the end-users, either in the option description itself or in a well-written remark regarding the usage of that option.

+1

Adam-it avatar Feb 18 '24 23:02 Adam-it