Add MemberObjectId parameter to Remove-PnPAzureADGroupMember and Remove-PnPAzureADGroupOwner cmdlets; update documentation and utility methods for handling directory objects (#5158)

* Add MemberObjectId parameter to Remove-PnPAzureADGroupMember and Remove-PnPAzureADGroupOwner cmdlets; update documentation and utility methods for handling directory objects

* Update documentation/Remove-PnPAzureADGroupOwner.md

Co-authored-by: Copilot <[email protected]>

* Update documentation/Remove-PnPAzureADGroupMember.md

Co-authored-by: Copilot <[email protected]>

---------

Co-authored-by: Copilot <[email protected]>

Author: gautamdsheth

documentation/Remove-PnPAzureADGroupMember.md

@@ -20,7 +20,11 @@ Removes members from a particular Azure Active Directory group. This can be a se
 ## SYNTAX
 
 ```powershell
-Remove-PnPAzureADGroupMember -Identity <AzureADGroupPipeBind> -Users <String[]> 
+Remove-PnPAzureADGroupMember -Identity <AzureADGroupPipeBind> -Users <String[]>
+```
+
+```powershell
+Remove-PnPAzureADGroupMember -Identity <AzureADGroupPipeBind> -MemberObjectId <Guid[]>
 ```
 
 ## DESCRIPTION
@@ -36,6 +40,22 @@ Remove-PnPAzureADGroupMember -Identity "Project Team" -Users "[email protected]
 
 Removes the provided two users as members from the Azure Active Directory group named "Project Team"
 
+### EXAMPLE 2
+```powershell
+# Remove a nested group by its ObjectId
+Remove-PnPAzureADGroupMember -Identity $parentGroupId -MemberObjectId $childGroupId
+```
+
+Removes the group with ObjectId `$childGroupId` from the group identified by `$parentGroupId`.
+
+### EXAMPLE 3
+```powershell
+# Pipeline by property name (Id)
+Get-PnPAzureADGroupMember -Identity $parentGroupId | Where-Object { $_.Id -eq $childGroupId } | Remove-PnPAzureADGroupMember -Identity $parentGroupId
+```
+
+Pipes a member (group or user) whose `Id` matches `$childGroupId` into the cmdlet and removes it.
+
 ## PARAMETERS
 
 ### -Identity
@@ -66,6 +86,20 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -MemberObjectId
+The ObjectId(s) of directory object(s) (Users or Groups) to remove from the Azure Active Directory group. Use this to remove nested groups that do not have a UPN.
+
+```yaml
+Type: Guid[]
+Parameter Sets: ByObjectId
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
 ## RELATED LINKS
 
 [Microsoft 365 Patterns and Practices](https://aka.ms/m365pnp)

documentation/Remove-PnPAzureADGroupOwner.md

@@ -23,6 +23,10 @@ Removes owners from a particular Azure Active Directory group. This can be a sec
 Remove-PnPAzureADGroupOwner -Identity <AzureADGroupPipeBind> -Users <String[]> [-Verbose]
 ```
 
+```powershell
+Remove-PnPAzureADGroupOwner -Identity <AzureADGroupPipeBind> -MemberObjectId <Guid[]> [-Verbose]
+```
+
 ## DESCRIPTION
 
 Allows to remove owners from Azure Active Directory group.
@@ -36,6 +40,22 @@ Remove-PnPAzureADGroupOwner -Identity "Project Team" -Users "[email protected]
 
 Removes the provided two users as owners from the Azure Active Directory group named "Project Team".
 
+### EXAMPLE 2
+```powershell
+# Remove an owner by ObjectId
+Remove-PnPAzureADGroupOwner -Identity $groupId -MemberObjectId $ownerObjectId
+```
+
+Removes the owner (user or group) with ObjectId `$ownerObjectId` from the group identified by `$groupId`.
+
+### EXAMPLE 3
+```powershell
+# Pipeline by property name (Id)
+Get-PnPAzureADGroupOwner -Identity $groupId | Where-Object { $_.Id -eq $ownerObjectId } | Remove-PnPAzureADGroupOwner -Identity $groupId
+```
+
+Pipes an owner whose `Id` matches `$ownerObjectId` into the cmdlet and removes it.
+
 ## PARAMETERS
 
 ### -Identity
@@ -66,6 +86,20 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -MemberObjectId
+The ObjectId(s) of directory object(s) (Users or Groups) to remove from the Azure Active Directory group as owners. Use this to remove owners that do not have a UPN.
+
+```yaml
+Type: Guid[]
+Parameter Sets: ByObjectId
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
 ## RELATED LINKS
 
 [Microsoft 365 Patterns and Practices](https://aka.ms/m365pnp)

src/Commands/AzureAD/RemoveAzureADGroupMember.cs

@@ -7,17 +7,22 @@
 
 namespace PnP.PowerShell.Commands.Graph
 {
-    [Cmdlet(VerbsCommon.Remove, "PnPAzureADGroupMember")]
+    [Cmdlet(VerbsCommon.Remove, "PnPAzureADGroupMember", DefaultParameterSetName = "ByUPN")]
     [RequiredApiDelegatedOrApplicationPermissions("graph/Group.ReadWrite.All")]
     [Alias("Remove-PnPEntraIDGroupMember")]
     public class RemoveAzureADGroupMember : PnPGraphCmdlet
     {
-        [Parameter(Mandatory = true, ValueFromPipeline = true)]
+        [Parameter(Mandatory = true, ValueFromPipeline = true, ParameterSetName = "ByUPN")]
+        [Parameter(Mandatory = true, ValueFromPipeline = true, ParameterSetName = "ByObjectId")]
         public AzureADGroupPipeBind Identity;
 
-        [Parameter(Mandatory = true)]
+        [Parameter(Mandatory = true, ParameterSetName = "ByUPN")]
         public string[] Users;
 
+        [Parameter(Mandatory = true, ParameterSetName = "ByObjectId", ValueFromPipelineByPropertyName = true)]
+        [Alias("ObjectId", "Id")]
+        public System.Guid[] MemberObjectId;
+
         protected override void ExecuteCmdlet()
         {
             Group group = null;
@@ -29,7 +34,14 @@ protected override void ExecuteCmdlet()
 
             if (group != null)
             {
-                Microsoft365GroupsUtility.RemoveMembers(GraphRequestHelper, new System.Guid(group.Id), Users);
+                if (ParameterSetName == "ByUPN" && Users != null && Users.Length > 0)
+                {
+                    Microsoft365GroupsUtility.RemoveMembers(GraphRequestHelper, new System.Guid(group.Id), Users);
+                }
+                else if (ParameterSetName == "ByObjectId" && MemberObjectId != null && MemberObjectId.Length > 0)
+                {
+                    Microsoft365GroupsUtility.RemoveDirectoryMembers(GraphRequestHelper, new System.Guid(group.Id), MemberObjectId);
+                }
             }
         }
     }

src/Commands/AzureAD/RemoveAzureADGroupOwner.cs

@@ -7,17 +7,22 @@
 
 namespace PnP.PowerShell.Commands.Graph
 {
-    [Cmdlet(VerbsCommon.Remove, "PnPAzureADGroupOwner")]
+    [Cmdlet(VerbsCommon.Remove, "PnPAzureADGroupOwner", DefaultParameterSetName = "ByUPN")]
     [RequiredApiDelegatedOrApplicationPermissions("graph/Group.ReadWrite.All")]
     [Alias("Remove-PnPEntraIDGroupOwner")]
     public class RemoveAzureADGroupOwner : PnPGraphCmdlet
     {
-        [Parameter(Mandatory = true, ValueFromPipeline = true)]
+        [Parameter(Mandatory = true, ValueFromPipeline = true, ParameterSetName = "ByUPN")]
+        [Parameter(Mandatory = true, ValueFromPipeline = true, ParameterSetName = "ByObjectId")]
         public AzureADGroupPipeBind Identity;
 
-        [Parameter(Mandatory = true)]
+        [Parameter(Mandatory = true, ParameterSetName = "ByUPN")]
         public string[] Users;
 
+        [Parameter(Mandatory = true, ParameterSetName = "ByObjectId", ValueFromPipelineByPropertyName = true)]
+        [Alias("ObjectId", "Id")]
+        public System.Guid[] MemberObjectId;
+
         protected override void ExecuteCmdlet()
         {
             Group group = null;
@@ -29,7 +34,14 @@ protected override void ExecuteCmdlet()
 
             if (group != null)
             {
-                Microsoft365GroupsUtility.RemoveOwners(GraphRequestHelper, new System.Guid(group.Id), Users);
+                if (ParameterSetName == "ByUPN" && Users != null && Users.Length > 0)
+                {
+                    Microsoft365GroupsUtility.RemoveOwners(GraphRequestHelper, new System.Guid(group.Id), Users);
+                }
+                else if (ParameterSetName == "ByObjectId" && MemberObjectId != null && MemberObjectId.Length > 0)
+                {
+                    Microsoft365GroupsUtility.RemoveDirectoryOwners(GraphRequestHelper, new System.Guid(group.Id), MemberObjectId);
+                }
             }
         }
     }

src/Commands/Utilities/Microsoft365GroupsUtility.cs

@@ -362,6 +362,22 @@ internal static void RemoveMembers(ApiRequestHelper requestHelper, Guid groupId,
             RemoveUserFromGroup(requestHelper, "members", groupId, users);
         }
 
+        internal static void RemoveDirectoryMembers(ApiRequestHelper requestHelper, Guid groupId, Guid[] directoryObjects)
+        {
+            foreach (var dirObject in directoryObjects)
+            {
+                requestHelper.Delete($"v1.0/groups/{groupId}/members/{dirObject}/$ref");
+            }
+        }
+
+        internal static void RemoveDirectoryOwners(ApiRequestHelper requestHelper, Guid groupId, Guid[] directoryObjects)
+        {
+            foreach (var dirObject in directoryObjects)
+            {
+                requestHelper.Delete($"v1.0/groups/{groupId}/owners/{dirObject}/$ref");
+            }
+        }
+
         private static void RemoveUserFromGroup(ApiRequestHelper requestHelper, string groupName, Guid groupId, string[] users)
         {
             foreach (var user in users)