Remove_User_O365_GroupsV2.ps1 Issue with removing user from O365 Group

[tomturpin]

Issue in removing User from O365 Groups. It appears that the Graph API should be used instead of the Exchange Online module to remove users from O365 Groups. I get the following error when running the script.

VERBOSE: Removing user "N090909" from Microsoft 365 Group "o365 Team Test" ...

PSMessageDetails :
Exception : System.Exception: |Microsoft.Exchange.Net.AAD.AADException|We failed to update the group
mailbox. Please try again later.
TargetObject :
CategoryInfo : NotSpecified: (:) [Remove-UnifiedGroupLinks], AADException
FullyQualifiedErrorId : [Server=MW4PR09MB9473,RequestId=5bbc0135-5773-c04b-cf54-3c88c410764d,TimeStamp=Mon, 24 Jul
2023 11:53:39 GMT],Write-ErrorMessage
ErrorDetails :
InvocationInfo : System.Management.Automation.InvocationInfo
ScriptStackTrace : at Write-ErrorMessage,
C:\Users\turp\AppData\Local\Temp\3\tmpEXO_wm3whcfw.2k1\tmpEXO_wm3whcfw.2k1.psm1: line 531
at CheckRetryAndHandleWaitTime,
C:\Users\turp\AppData\Local\Temp\3\tmpEXO_wm3whcfw.2k1\tmpEXO_wm3whcfw.2k1.psm1: line 1162
at Execute-Command,
C:\Users\turp\AppData\Local\Temp\3\tmpEXO_wm3whcfw.2k1\tmpEXO_wm3whcfw.2k1.psm1: line 1493
at script:Remove-UnifiedGroupLinks,
C:\Users\turp\AppData\Local\Temp\3\tmpEXO_wm3whcfw.2k1\tmpEXO_wm3whcfw.2k1.psm1: line 88008
at Remove-UserFromAllGroups,
C:\chgpass\data\deletes\Remove_User_O365_GroupsV2.ps1: line 153
at , C:\chgpass\data\deletes\Remove_User_O365_GroupsV2.ps1: line 228
at , C:\chgpass\data\deletes\BUChangeV2.ps1: line 85
at , : line 1
PipelineIterationInfo : {}

I found this article referencing using Graph API call. It suggest using:
Thanks managed to find graph cmdlets rather than making invoke-webrequest calls (wanted to avoid the latter), ended up with this:

To add a member:
New-MgGroupMember -GroupId $GroupID -DirectoryObjectId $UserID

To remove a member:
Remove-MgGroupMemberByRef -DirectoryObjectId $UserID -GroupId $GroupId

'$UserID' is the 'id' attribute thats returned from 'Get-MgUser' and '$GroupID' is the 'Guid' attribute returned from 'Get-MgGroup'.

I am working on replacing an automation server, so a fast response would be very helpful.

Regards,
Tom

[tomturpin]

I have debugged that using the Remove-MgGroupMemberByRef as below removes the memberships from O365 via the MgGraphAPI rather than the Exchange Online which did not work for me.

# Remove-UnifiedGroupLinks -Identity $Group.ExternalDirectoryObjectId -Links $user.Value.DistinguishedName -LinkType Member -Confirm:$false -WhatIf:$WhatIfPreference -ErrorAction Stop Remove-MgGroupMemberByRef -DirectoryObjectId $user.Value.ExternalDirectoryObjectId -GroupId $Group.ExternalDirectoryObjectId -Confirm:$false -WhatIf:$WhatIfPreference -ErrorAction Stop

[michevnew]

That's a transient error, likely due to the dual-write mechanism failing. Feel free to change the code to use the Graph SDK instead, personally I'm not a big fan.