microsoftgraph
Remove-MgGroupMemberByRef 2.17.0 missing DirectoryObjectId parameter
Describe the bug
The parameter -DirectoryObjectId is not available with the command Remove-MgGroupMemberByRef in the module Microsoft.Graph.Groups 2.17.0.
The Microsoft.Graph.Groups 2.16.0 have the -DirectoryObjectId parameter.
To Reproduce Steps to reproduce the behavior:
- Open PowerShell 7.4.1 as a user
-
Install-Module -Name Microsoft.Graph -MaximumVersion 2.17.0 -Force -Confirm:$false -Scope CurrentUser -
Connect-MgGraph -Scopes "User.Read.All", "Group.Read.All", "GroupMember.Read.All", "GroupMember.ReadWrite.All" -
Remove-MgGroupMemberByRef -GroupId 123 -DirectoryObjectIdRemove-MgGroupMemberByRef: A parameter cannot be found that matches parameter name 'DirectoryObjectId'.
Expected behavior
The parameter -DirectoryObjectId is supposed to be available with the command Remove-MgGroupMemberByRef in the module Microsoft.Graph.Groups 2.17.0.
Module Version
Get-Module Microsoft.Graph*
ModuleType Version PreRelease Name ExportedCommands
---------- ------- ---------- ---- ----------------
Script 2.17.0 Microsoft.Graph.Authentication {Add-MgEnvironment, Connect-MgGraph, Disconnect-MgGraph, Get-MgContext…}
Script 2.17.0 Microsoft.Graph.Groups {Add-MgGroupDriveListContentTypeCopy, Add-MgGroupDriveListContentTypeCopyFromContentTypeHub, Add-MgGroupFavorite, Add-MgGroupSite…}
Environment Data
$PSVersionTable
Name Value
---- -----
PSVersion 7.4.1
PSEdition Core
GitCommitId 7.4.1
OS Microsoft Windows 10.0.19045
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
Screenshots
Hello @lorisAmbrozzo @WillPowerIsAll thank you for reporting this issue. After checking the paths in the open API file provided by the Microsoft Graph API owner, I noticed that Remove-MgGroupMemberByRef which transalates to /groups/{group-id}/members/$ref doesn't have a directoryObject-id parameter. See image below.
Further checks revealed that the API endpoint containing the missing parameter is /groups/{group-id}/members/{directoryObject-id}/$ref which transalates to Remove-MgGroupMemberDirectoryObjectByRef cmdlet. See image below.
There for the correct cmdlets to use are Remove-MgGroupMemberDirectoryObjectByRef and Remove-MgBetaGroupMemberDirectoryObjectByRef
Is it normal for such backwards incompatible changes to be made to Graph without mentioning it in any release notes?
@LeonarddeR Thanks for seeking further clarity on this matter. To answer your question. No, it's not normal. I have gone through their change log once again and unfortunately was not able to trace the changes related to this particular issue. I will follow up with the API owner on this issue.
Still seeing this in our Azure automation and the modules haven't been updated yet. I need to schedule an outage to roll back our modules to 2.16
I don't get why the issue is closed. The version 2.17.0 still does not have the DirectoryObjectId parameter and the documentation is still not up to date.
Can you tel me where the correct cmdlet (Remove-MgGroupMemberDirectoryObjectByRef) is documented?
It's right here: https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.groups/remove-mggroupmemberdirectoryobjectbyref?view=graph-powershell-1.0
Hello @lorisAmbrozzo @WillPowerIsAll thank you for reporting this issue. After checking the paths in the open API file provided by the Microsoft Graph API owner, I noticed that
Remove-MgGroupMemberByRefwhich transalates to/groups/{group-id}/members/$refdoesn't have adirectoryObject-idparameter. See image below.
Further checks revealed that the API endpoint containing the missing parameter is
/groups/{group-id}/members/{directoryObject-id}/$refwhich transalates toRemove-MgGroupMemberDirectoryObjectByRefcmdlet. See image below.There for the correct cmdlets to use are
Remove-MgGroupMemberDirectoryObjectByRefand Remove-MgBetaGroupMemberDirectoryObjectByRef
Fantastic work, thank you, this works for me. Must be a recent change within the last 2 months because the old command used to work for me at that time.
I am trying to use the Remove-MgGroupMemberDirectoryObjectByRef -GroupId $groupId -DirectoryObjectId $userId to remove users from a group. It works fine when using an account that has global admin permissions but using a service principal with (GroupMember.ReadWrite.All Directory.ReadWrite.All, Group.ReadWrite.All) I get error "Insufficient privileges to complete the operation"
What other permissions is required?
I am trying to use the Remove-MgGroupMemberDirectoryObjectByRef -GroupId $groupId -DirectoryObjectId $userId to remove users from a group. It works fine when using an account that has global admin permissions but using a service principal with (GroupMember.ReadWrite.All Directory.ReadWrite.All, Group.ReadWrite.All) I get error "Insufficient privileges to complete the operation"
What other permissions is required?
Same issue. I have 'UserAuthenticationMethod.ReadWrite.All','User.ReadWrite.All','GroupMember.ReadWrite.All','Group.ReadWrite.All','Directory.ReadWrite.All' and none of them let me use the command. Worth saying I am using a Global Admin account.
Noticed that the cmdlet has changed with 2.18.0 to Remove-MgGroupMemberDirectoryObjectByRef, noted by samuelt81 The original cmdlet Remove-MgGroupMemberByRef is still broken.
If this cmdlet has changed, that means a lot of rewriting of runbooks. I could understand this with a major version change, but a point version seems a bit rediculous.