Manage Azure AD using PowerShell

Posted byiamfazulPosted inPowershellTags:, , , ,

Welcome to another blog of mine, Managing Azure AD using PowerShell
One could ask why go through all the pain of scripting stuffs in PowerShell when there is a pretty nice Portal Console like this below.

Azure Portal

I would agree with the most of them saying portal is enough but PowerShell comes in handy when it comes bulk deployment or anything that needs to be done more than ones or repeatedly.

For instance let say there are 20 New Users joining your Organization. You got 10 mins to do onboard these user to Azure AD – you would probably look at me like No way, you’re dreaming. That’s when I will tell you this “Ohh you should use PowerShell instead ;)”

That’s one of the many examples that came in my mind. Now you probably have agreed with me and be like ok Show me the PowerShell way of doing this quickly then.

Its Pretty Simple if you see the below script to Install, Import and connect to Azure AD.

Install-Module msonline -scope currentuser -force -confirm:$false

The above command is what you might run first to install the Azure PowerShell Module in you machine. (Keep in mind this requires Admin Privileges so run you PowerShell as Admin.)

Once you have installed the Module next on the list is to Import it.

Import-Module msonline
Result from the Script

This is what it would look like once imported. How do you check if the module is imported? Well let me show you, Run this simple command and you should be able to see.

Checking if module is imported

Now we have installed and imported the module next would be connecting to the MsolService (Microsoft Online Service)

connect-msolservice

Once you enter the above command you will be asked to enter you Creds, shown below:

Portal login window

Once you logged in successfully now you are all set to go and do some cool PowerShell script.

As for my example above lets say you are going to create users in Azure AD, let’s create the user now I am going to onboard Elon Musk as my first staff :P, Lets see the script for that.

New-MsolUser -UserPrincipalName "User UPN" -DisplayName "Elon Musk (Tesla)" -FirstName "Elon" -LastName "Musk"

You need to add your Domain name in the UserPrincipalName property and a Random generated Password would be added to the user account. Let see the result so the above script

Elon Musk On-boarded

Tadaaa… Successfully onboarded Elon Musk. By Default it show that created user has license of not. Lets verify in the portal to see if he is there?

Elon Musk in added successfully

It’s that easy to create a user using PowerShell now lets create a Group as well and call it “Technical Team” Currently I only have 2 groups.

group console in azure portal

Script is so simple to create a group in Azure AD, Let run the command see the result below.

New-MsolGroup -DisplayName "Technical Team"
Group created in Azure AD using powershell

let check in portal now. BOOOOM here you go!

Security Group in Azure AD

Creating users and groups are so simple and easy to do it via PowerShell.
Now Lets add all the Accounts in the tenant to the Technical Team Group, A simple foreach loop should do the job for us.

Current state of the technical team group – No users

let run the Foreach loop.

foreach($user in (Get-MsolUser)){
$ObjectId = Get-MsolUser -UserPrincipalName $user.userprincipalname | Select-Object objectid
Add-MsolGroupMember -GroupObjectId "bed87ae6-b609-4488-8140-1ac652b2d8ed" -GroupMemberType User -GroupMemberObjectId $ObjectId.ObjectId
}

Let check the console to see if the Users are added?

users added

Now We have created a user & security group in Azure AD and added the users to the security group now lets add a DeveloperPack_E5 license to Elon Musk so he can start working.

Lets check the current license status for Elon and add him a license.

 Get-MsolUser -UserPrincipalName "user UPN"| select userprincipalname,displayname,licenses
Current License state for a User

Lets add the license now.

Set-MsolUserLicense -userprincipalname "User UPN" -AddLicenses "yooadmin:DeveloperPack_e5"

let see the result in the PowerShell and also in the Azure Portal.
In Powershell you can also search via the display name as shown below.

Powershell Checking License for the user
Result from Azure Console.

It’s that simple to manage Azure AD using Powershell.

Conclusion: If you are managing azure Ad via Powershell its going to be great as you can do a lot of automation such as User Onboarding process, License assign based on ad group assignment, disabled users who left the organization, get license count update and many more.

Will be doing lots of Azure Powershell based resource creation.

Published by iamfazul

Author of the site

Leave a comment