Expand Groups recursively using Graph API

No biggie but in case it saves someone a bit of Googling… :) Had a need to expand a group recursively so I created the following function:

function Get-MgGroupMemberRecursively {
    param([Parameter(Mandatory=$true)][string]$GroupId)

    $output = @()
    
    Get-MgGroupMember -GroupId $GroupId -All | ForEach-Object { 
        if ($_.AdditionalProperties["@odata.type"] -eq "#microsoft.graph.user") {
            $output += $_
        }
        if ($_.AdditionalProperties["@odata.type"] -eq "#microsoft.graph.group") {
            $output += @(Get-MgGroupMemberRecursively -GroupId $_.Id)
        }
    }
    return $output
}

function Get-MgGroupMemberRecursively {

param([Parameter(Mandatory=$true)][string]$GroupId)

$output = @()

Get-MgGroupMember -GroupId $GroupId -All | ForEach-Object {

if ($_.AdditionalProperties["@odata.type"] -eq "#microsoft.graph.user") {

$output += $_

}

if ($_.AdditionalProperties["@odata.type"] -eq "#microsoft.graph.group") {

$output += @(Get-MgGroupMemberRecursively -GroupId $_.Id)

}

return $output

}

Update 13th July 2023: Fixed a typo in the above code.

Also, the Get-MgGroupTransitiveMember cmdlet is a good in-built replacement for the above. It lists recursive members too. By default it returns users and groups, so to filter for just users like above do the following:

Get-MgGroupTransitiveMember -GroupId $srcGroupId -All -ErrorAction Stop | Where-Object { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.user' }

1	Get-MgGroupTransitiveMember -GroupId $srcGroupId -All -ErrorAction Stop \| Where-Object { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.user' }