使用 PowerShell 管理安全性群組Manage security groups with PowerShell

本文適用於 Microsoft 365 企業版和 Office 365 企業版。This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.

您可以使用 Microsoft 365 的 PowerShell 作為 Microsoft 365 系統管理中心的替代方案,以管理安全性群組。You can use PowerShell for Microsoft 365 as an alternative to the Microsoft 365 admin center to manage security groups.

本文說明如何列出、建立、變更設定和移除安全性群組。This article describes listing, creating, changing settings, and removing security groups.

當本文中的命令區塊要求您指定變數值時,請使用下列步驟。When a command block in this article requires that you specify variable values, use these steps.

  1. 將命令區塊複製到 [剪貼簿],然後將它貼到 [記事本] 或 PowerShell 整合型腳本環境 (ISE) 。Copy the command block to the clipboard and paste it into Notepad or the PowerShell Integrated Script Environment (ISE).
  2. 填入變數值,並移除 "<" 和 ">" 字元。Fill in the variable values and remove the "<" and ">" characters.
  3. 在 PowerShell] 視窗或 PowerShell ISE 中執行命令。Run the commands in the PowerShell window or the PowerShell ISE.

請參閱 維護安全性群組成員資格 以使用 PowerShell 管理群組成員資格。See Maintain security group membership to manage group membership with PowerShell.

針對 Graph 模組,請使用 Azure Active Directory PowerShellUse the Azure Active Directory PowerShell for Graph module

首先,連線 至您的 Microsoft 365 租使用者First, connect to your Microsoft 365 tenant.

列出您的群組List your groups

使用此命令來列出所有群組。Use this command to list all of your groups.

Get-AzureADGroup

使用這些命令,依其顯示名稱顯示特定群組的設定。Use these commands to display the settings of a specific group by its display name.

$groupName="<display name of the group>"
Get-AzureADGroup | Where { $_.DisplayName -eq $groupName }

建立新的群組Create a new group

使用此命令來建立新的安全性群組。Use this command to create a new security group.

New-AzureADGroup -Description "<group purpose>" -DisplayName "<name>" -MailEnabled $false -SecurityEnabled $true -MailNickName "<email name>"

變更群組上的設定Change the settings on a group

使用下列命令,顯示群組的設定。Display the settings of the group with these commands.

$groupName="<display name of the group>"
Get-AzureADGroup | Where { $_.DisplayName -eq $groupName } | Select *

然後,使用「 AzureADGroup」一 文來決定如何變更設定。Then, use the Set-AzureADGroup article to determine how to change a setting.

移除安全性群組Remove a security group

使用這些命令移除安全性群組。Use these commands to remove a security group.

$groupName="<display name of the group>"
Remove-AzureADGroup -ObjectId (Get-AzureADGroup | Where { $_.DisplayName -eq $groupName }).ObjectId

管理安全性群組的擁有者Manage the owners of a security group

使用這些命令來顯示安全性群組目前的擁有者。Use these commands to display the current owners of a security group.

$groupName="<display name of the group>"
Get-AzureADGroupOwner -ObjectId (Get-AzureADGroup | Where { $_.DisplayName -eq $groupName }).ObjectId

使用這些命令,將使用者帳戶的 使用者主要名稱 (UPN) 新增至目前安全性群組的擁有者。Use these commands to add a user account by its user principal name (UPN) to the current owners of a security group.

$userUPN="<UPN of the user account to add>"
$groupName="<display name of the group>"
Add-AzureADGroupOwner -ObjectId (Get-AzureADGroup | Where { $_.DisplayName -eq $groupName }).ObjectId -RefObjectId (Get-AzureADUser | Where { $_.UserPrincipalName -eq $userUPN }).ObjectId

使用這些命令,透過其 顯示名稱 將使用者帳戶新增至目前安全性群組的擁有者。Use these commands to add a user account by its display name to the current owners of a security group.

$userName="<Display name of the user account to add>"
$groupName="<display name of the group>"
Add-AzureADGroupOwner -ObjectId (Get-AzureADGroup | Where { $_.DisplayName -eq $groupName }).ObjectId -RefObjectId (Get-AzureADUser | Where { $_.DisplayName -eq $userName }).ObjectId

使用這些命令,將使用者帳戶由其 UPN 的 UPN 移除,移至目前安全性群組的擁有者。Use these commands to remove a user account by its UPN to the current owners of a security group.

$userUPN="<UPN of the user account to remove>"
$groupName="<display name of the group>"
Remove-AzureADGroupOwner -ObjectId (Get-AzureADGroup | Where { $_.DisplayName -eq $groupName }).ObjectId -OwnerId (Get-AzureADUser | Where { $_.UserPrincipalName -eq $userUPN }).ObjectId

使用這些命令,將使用者帳戶的 顯示名稱 移除至安全性群組目前的擁有者。Use these commands to remove a user account by its display name to the current owners of a security group.

$userName="<Display name of the user account to remove>"
$groupName="<display name of the group>"
Remove-AzureADGroupOwner -ObjectId (Get-AzureADGroup | Where { $_.DisplayName -eq $groupName }).ObjectId -OwnerId (Get-AzureADUser | Where { $_.DisplayName -eq $userName }).ObjectId

使用適用於 Windows PowerShell 的 Microsoft Azure Active Directory 模組。Use the Microsoft Azure Active Directory Module for Windows PowerShell

首先,連線 至您的 Microsoft 365 租使用者First, connect to your Microsoft 365 tenant.

列出您的群組List your groups

使用此命令來列出所有群組。Use this command to list all of your groups.

Get-MsolGroup

使用這些命令,依其顯示名稱顯示特定群組的設定。Use these commands to display the settings of a specific group by its display name.

$groupName="<display name of the group>"
Get-MsolGroup | Where { $_.DisplayName -eq $groupName }

建立新的群組Create a new group

使用此命令來建立新的安全性群組。Use this command to create a new security group.

New-MsolGroup -Description "<group purpose>" -DisplayName "<name>"

變更群組上的設定Change the settings on a group

使用下列命令,顯示群組的設定。Display the settings of the group with these commands.

$groupName="<display name of the group>"
Get-MsolGroup | Where { $_.DisplayName -eq $groupName } | Select *

然後,使用「 MsolGroup」一 文來決定如何變更設定。Then, use the Set-MsolGroup article to determine how to change a setting.

移除安全性群組Remove a security group

使用這些命令移除安全性群組。Use these commands to remove a security group.

$groupName="<display name of the group>"
Remove-MsolGroup -ObjectId (Get-AzureADGroup | Where { $_.DisplayName -eq $groupName }).ObjectId

請參閱See also

以 PowerShell 管理 Microsoft 365 使用者帳戶、授權和群組Manage Microsoft 365 user accounts, licenses, and groups with PowerShell

使用 PowerShell 管理 Microsoft 365Manage Microsoft 365 with PowerShell

開始使用適用於 Microsoft 365 的 PowerShellGetting started with PowerShell for Microsoft 365