AzureAD Module Manage Users
The Connect-AzureAD cmdlet is used to establish a connection with your Azure Active Directory (Azure AD) tenant. This cmdlet is part of the AzureAD module, which provides a set of cmdlets to manage your Azure AD resources.
When you run the Connect-AzureAD cmdlet, it will prompt you to sign in with your Azure AD account credentials. After a successful login, you'll be able to manage your Azure AD resources using other cmdlets from the AzureAD module.
Connect-AzureAD
# Run PowerShell ISE as Administrator | Install AAD Module
Install-Module -Name AzureAD
# Connect to Azure Should Be Prompted for Account Info / Login
Connect-AzureAD
# Simple Test to See if Connected
Get-AzureADUser | Where{$_.UserPrincipalName -like "*"} | Select givenname,surname, DisplayName, AccountEnabled
#Disconnect Session
Disconnect-AzureAD​
The New-AzureADUser cmdlet is used to create a new user in Azure Active Directory (Azure AD). Below is a basic example of how to use this cmdlet, along with descriptions of some of its common parameters.
​
Parameters
-
-DisplayName: Specifies the display name of the new user.
-
-PasswordProfile: Specifies the password profile for the new user. This profile includes the password and whether the user must change the password at the next sign-in.
-
-UserPrincipalName: Specifies the user principal name (UPN) of the new user. This is typically the user's email address.
-
-AccountEnabled: Specifies whether the account is enabled. Set to $true to enable the account or $false to disable it.
New-AzureADUser
# Import User Account Information From CSV
$MyAccounts=Import-csv "C:\Users\scott\AzureAD\Accounts.csv" -ErrorAction Stop
​# Syntax / Technical Formatting of Password from String
$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
​# Da Loop Through the CSV Data
Foreach($Account in $MyAccounts){
# Assign Password from CSV to Variable
$PasswordProfile.Password = $Account.PasswordProfile
​ # Create New Account in AAD
New-AzureADUser -DisplayName $Account.DsiplayName -GivenName $Account.GivenName -SurName $Account.Surname -UserPrincipalName $Account.UserPrincipalName -MailNickName $Account.MailNickName -PasswordProfile $PasswordProfile -JobTitle $Account.JobTitle -AccountEnabled $True}
Set-AzureADUser (Disable Account)
# I will follow my actual protocols for disabling an account since I always want to show best practices.
#1 I get my data from HR or some other process to alert me some users need to be decomissioned, fired, quit, contract up etc...
$DisableUserAccountsfromHR = Get-Content "C:\Users\scott\Documents\WindowsPowershell\AzureAD\HR-Disable-Accounts.txt"
$DisableUserAccountsfromHR
#1.5 !!!! Run the snippet in #1 ONLY and review the output on the screen to make sure you are importing the correct data from source !!!!
#2 Run this command to verify I have correct infromation on these accounts and they are found in AAD
#Decalre Array
$MyUserArray = @()
Foreach ($userUPN in $DisableUserAccountsfromHR){
$MyUserArray += Get-AzureADUser | Where{$_.UserPrincipalName -eq $userUPN} | Select DisplayName, ObjectID, UserPrincipalName, AccountEnabled
}
$MyUserArray | Tee-Object C:\Temp\MyDisableUserArrayLog.txt -Append
​#2.5 Run the Snippet in #2 next to review the output to the screen and make sure these are the accounts you want to disable.
​
#3 Make sure all results are correct in prior steps, if anything looks out of the norm, STOP and ask someone about it
# I use the ObjectID due to the fact these are unique in the AAD
​Foreach($ObjectID in $MyUserArray){
$ObjectID | Tee-Object C:\Temp\UsersDisableLog.txt -Append
Set-AzureADUser -ObjectId $ObjectID.ObjectID -AccountEnabled $false
}
#4 Check your results and out to file
Foreach($ObjectID in $MyUserArray){
Get-AzureADUser -ObjectId $ObjectID.ObjectID | Select UserPrincipalName, AccountEnabled | Tee-Object C:\temp\Disable_Accounts_Results.txt -Append
}
Invoke-item C:\temp\Disable_Accounts_Results.txt
Remove-AzureADUser
# I will follow my actual protocols for removal of accounts since I always want to show best practices.
​
#1 I get my data from HR or some other process to alert me some users need to be decommissioned , fired, quit, contract up etc...
$UserAccountsfromHR = Get-Content "C:\Users\scott\Documents\WindowsPowershell\AzureAD\HR-Remove-Accounts.txt"
$UserAccountsfromHR
​
#1.5 !!!! Run the snippet in #1 ONLY and review the output on the screen to make sure you are importing the correct data from source !!!!
#2 Run this command to verify I have correct infromation on these accounts and they are found in AAD
#Decalre Array
$MyUserArray = @()
​
Foreach ($userUPN in $UserAccountsfromHR){
​
$MyUserArray += Get-AzureADUser | Where{$_.UserPrincipalName -eq $userUPN} | Select DisplayName, ObjectID, UserPrincipalName, AccountEnabled
}
​
$MyUserArray | Tee-Object C:\Temp\MyUserArrayLog.txt -Append
​
#2.5 Run the Snippet in #2 next to review the output to the screen and make sure these are the accounts you want to remove.
#3 Make sure all results are correct in prior steps, if anything looks out of the norm, STOP and ask someone about it
# I use the ObjectID due to the fact these are unique in the AAD
​
Foreach($ObjectID in $MyUserArray){
​
$ObjectID | Tee-Object C:\Temp\UsersRemovedLog.txt -Append
Remove-AzureADUser -ObjectId $ObjectID.ObjectID
​
}