pac admin

Work with your Power Platform Admin Account

Commands

Command Description
pac admin add-group Add environment to a group.
pac admin application list List Microsoft Entra ID applications registered under your tenant.
pac admin application register Register Microsoft Entra ID application with your tenant.
pac admin application unregister Unregister Microsoft Entra ID application from your tenant.
pac admin assign-group Assign group to target Dataverse environment with specified security role.
pac admin assign-user Assign a user to a target Dataverse environment with specified security role.
pac admin backup Takes a manual backup of your environment.
pac admin copy Copy Source Environment to Destination Environment.
pac admin create Creates a Dataverse instance in your tenant.
pac admin create-service-principal Add Microsoft Entra ID application and associated application user to the Dataverse environment.
pac admin delete Deletes the environment from your tenant.
pac admin list List all environments from your tenant.
pac admin list-app-templates Lists all supported Dataverse templates of model-driven apps in Dynamics 365.
pac admin list-backups Lists all backups of your environment.
pac admin list-groups List environment groups from your tenant.
pac admin list-service-principal List Microsoft Entra ID applications which have access to Dataverse.
pac admin list-tenant-settings List tenant settings.
pac admin reset Reset the environment from your tenant.
pac admin restore Restores an environment to a given backup.
pac admin set-backup-retention-period Sets the backup retention period in days as provided. Valid values are: 7, 14, 21, 28.
pac admin set-governance-config Enable, disable, and edit managed environments.
pac admin set-runtime-state Update environment administration mode.
pac admin status This command lists the status of all the operations in progress.
pac admin update-tenant-settings Update tenant settings.

pac admin add-group

Add environment to a group.

Required Parameters for admin add-group

--environment-group -eg

Environment group.

Optional Parameters for admin add-group

--environment -env

Environment (ID, org ID, url, unique name, or partial name).

pac admin application list

List Microsoft Entra ID applications registered under your tenant.

pac admin application register

Register Microsoft Entra ID application with your tenant.

Required Parameters for admin application register

--application-id -id

Application Id

pac admin application unregister

Unregister Microsoft Entra ID application from your tenant.

Required Parameters for admin application unregister

--application-id -id

Application Id

pac admin assign-group

Assign group to target Dataverse environment with specified security role.

Required Parameters for admin assign-group

--group -g

Microsoft Entra ID object ID of group to assign to target Dataverse environment.

--group-name -gn

Name of the group or team to create in Dataverse.

--membership-type -mt

Team membership type.

Use one of these values:

  • MembersAndGuests
  • Members
  • Owners
  • Guests

--role -r

Name or ID of security role to be applied to user

--team-type -tt

Type of team.

Use one of these values:

  • Owner
  • Access
  • AadSecurityGroup
  • AadOfficeGroup

Optional Parameters for admin assign-group

--business-unit -bu

ID of business unit to associate application user with.

--environment -env

ID or URL of the environment to assign a user to.

pac admin assign-user

Assign a user to a target Dataverse environment with specified security role.

Examples

The following examples show the use of the pac admin assign-user command.

Assign a user by email to an environment with the basic user role

pac admin assign-user `
  --environment 00000000-0000-0000-0000-000000000000 `
  --user "user@company.com" `
  --role "Basic User"

Assign a user by guid to an environment with the system administrator role and add the user to a specified business unit

pac admin assign-user `
  --environment 00000000-0000-0000-0000-000000000000 `
  --user 00000000-0000-0000-0000-000000000000 `
  --business-unit` 00000000-0000-0000-0000-000000000000 `
  --role "System Administrator"

Assign an application user to an environment with the system administrator role

pac admin assign-user `
  --environment 00000000-0000-0000-0000-000000000000 `
  --user 00000000-0000-0000-0000-000000000000 `
  --role "System Administrator"
  --application-user

Required Parameters for admin assign-user

--role -r

Name or ID of security role to be applied to user

--user -u

Object ID or user principal name (UPN) of Microsoft Entra ID user to be assigned to the environment or Application ID if assigning an Application User.

Optional Parameters for admin assign-user

--application-user -au

Specifies whether the input user is an application user. If a business unit isn't specified, the application user is added to the authenticated users business unit.

This parameter requires no value. It's a switch.

--async -a

Deprecated: This parameter is ignored.

--business-unit -bu

ID of business unit to associate application user with.

--environment -env

ID or URL of the environment to assign a user to.

pac admin backup

Takes a manual backup of your environment.

Example

Create a manual backup for an environment

pac admin backup `
  --environment 00000000-0000-0000-0000-000000000000 `
  --label "Manual Backup October 2022"

Required Parameters for admin backup

--label -l

Sets the backup label as provided.

Optional Parameters for admin backup

--environment -env

Environment URL or ID of the Environment that requires backup.

pac admin copy

Copy Source Environment to Destination Environment.

Examples

The following examples show the use of the pac admin copy command.

Copy an environment from a source environment to a target environment using a minimal copy

This example copies over customizations and schemas only from a source environment to a target environment.

pac admin copy `
  --name "Environment Name" `
  --source-env 00000000-0000-0000-0000-000000000000 `
  --target-env 00000000-0000-0000-0000-000000000000 `
  --type MinimalCopy

Copy an environment from a source environment to a target environment using a full copy

This example copies the whole environment over from a source environment to a target environment.

pac admin copy `
  --name "Environment Name" `
  --source-env 00000000-0000-0000-0000-000000000000 `
  --target-env 00000000-0000-0000-0000-000000000000 `
  --type FullCopy

Optional Parameters for admin copy

--async -a

Optional boolean argument to run pac verbs asynchronously, defaults to false.

This parameter requires no value. It's a switch.

--max-async-wait-time -wt

Max asynchronous wait time in minutes. The default value is 60 minutes.

--name -n

Name of the target environment.

--skip-audit-data -sa

Switch indicating whether audit data should be skipped

This parameter requires no value. It's a switch.

--source-env -se

Environment URL or ID of the source environment that is being copied

--target-env -te

Environment URL or ID of the target environment.

--type -t

Use one of these values:

  • MinimalCopy
  • FullCopy

--json

Returns the output of the command as a JSON formatted string.

pac admin create

Creates a Dataverse instance in your tenant.

Examples

The following examples show the use of the pac admin create command.

Simple creation of an environment

In this example, we'll create a sandbox environment with the default settings:

  • Currency: USD
  • Language: English
  • Region: unitedstates

We don't have to add those properties, because those values are the default values.

pac admin create `
  --name "Contoso Test" `
  --type Sandbox `
  --domain ContosoTest

Advanced creation of an environment

In this example, we'll create a production environment in the region europe, with the currency set to Euro and the language to English.

We don't have to add the language property, because it's the default value.

pac admin create `
  --name "Contoso Marketing" `
  --currency EUR `
  --region europe `
  --type Production `
  --domain ContosoMarketing

Create using --input-file

In this example, we create the same environment described in Advanced creation of an environment, except refer to data in a JSON file named config.json where config.json contains this data:

{
  "name": "Contoso Marketing",
  "currency": "EUR",
  "region": "europe",
  "type": "Production",
  "domain": "ContosoMarketing"
}

Then, refer to the file when using the pac admin create command:

pac admin create --input-file C:\config.json

Required Parameters for admin create

--type -t

Sets the environment Type.

Use one of these values:

  • Trial
  • Sandbox
  • Production
  • Developer
  • Teams
  • SubscriptionBasedTrial

Optional Parameters for admin create

--async -a

Optional boolean argument to run pac verbs asynchronously, defaults to false.

This parameter requires no value. It's a switch.

--currency -c

Sets the currency used for your environment. [defaults to USD]

--domain -d

The domain name is part of the environment URL. If domain name is already in use, a numeric value is appended to the domain name. For example: If 'contoso' is already in use, then the environment URL is updated to https://{contoso}0.crm.dynamics.com.

Note: Only characters within the ranges [A - Z], [a - z], [0 - 9], or '-' are allowed. The first and last character can't be the '-' character. Consecutive '-' characters aren't allowed.

--input-file -if

The verb arguments to be passed in a .json input file. For example: {"name" : "contoso"}. The arguments passed through command-line will take precedence over arguments from the .json input file.

--language -l

Sets the language used for your environment. [defaults to English]

--max-async-wait-time -wt

Max asynchronous wait time in minutes. The default value is 60 minutes.

--name -n

Sets the name of the environment.

--region -r

Sets the environment's region name. [defaults to unitedstates]

--security-group-id -sgid

Microsoft Entra ID Security Group Id or Microsoft 365 Group Id (required for Teams environment).

Note: The Security Group Id must be a valid Guid.

--templates -tm

Sets the Dynamics 365 app that needs to be deployed, passed as comma separated values. For example: -tm "D365_Sample, D365_Sales"

--user -u

Object ID or user principal name (UPN) of Microsoft Entra ID user to be assigned to the environment.

--json

Returns the output of the command as a JSON formatted string.

pac admin create-service-principal

Add Microsoft Entra ID application and associated application user to the Dataverse environment.

Example

pac admin create-service-principal  --environment <environment id>

More information: Configure service connections using a service principal

Optional Parameters for admin create-service-principal

--environment -env

Environment (ID, org ID, url, unique name, or partial name).

--name -n

Application name to create in Entra ID.

--role -r

Name or ID of security role to be applied to application user. The default value is: 'System Administrator'.

Remarks

When successful, four columns are displayed:

  • Power Platform TenantId
  • Application ID
  • Client Secret (in clear text)
  • Expiration

For example:

PS C:\>pac admin create-service-principal --environment d3fcc479-0122-e7af-9965-bde57f69ee1d
Connected as admin@M365x57236226.onmicrosoft.com
Successfully assigned user adde6d52-9582-4932-a43a-beca5d182301 to environment d3fcc479-0122-e7af-9965-bde57f69eeld with security role System Administrator
Tenant ID                            Application ID                       Client Secret                           Expiration
2b0463ed-efd7-419d-927d-a9dca49d899c adde6d52-9582-4932-a43a-beca5d182301 beY8Q~JBZ~CBDgIKKBjbZ3g6BofKzoZkYj23Hbf 7/31/2024 4:27:03 PM

pac admin delete

Deletes the environment from your tenant.

Examples

The following examples show the use of the pac admin delete command.

Delete environment by GUID

pac admin delete --environment 00000000-0000-0000-0000-000000000000

Delete environment by URL

pac admin delete --environment https://contosomarketing.crm4.dynamics.com

Optional Parameters for admin delete

--async -a

Optional boolean argument to run pac verbs asynchronously, defaults to false.

This parameter requires no value. It's a switch.

--environment -env

Environment URL or ID of the Environment that needs to be deleted from your tenant.

--max-async-wait-time -wt

Max asynchronous wait time in minutes. The default value is 60 minutes.

pac admin list

List all environments from your tenant.

Examples

The following examples show the use of the pac admin list command.

List all environments in the tenant

This example will list all environments in the tenant.

pac admin list

An example of the output is displayed below.

Environment   Environment Id                        Environment Url                        Type        Organization Id
Contoso       00000000-0000-0000-0000-000000000000  https://contoso.crm.dynamics.com/      Production  00000000-0000-0000-0000-000000000000
Contoso Dev   00000000-0000-0000-0000-000000000000  https://contoso-dev.crm.dynamics.com/  Sandbox     00000000-0000-0000-0000-000000000000
Contoso Test  00000000-0000-0000-0000-000000000000  https://commdemos.crm.dynamics.com/    Sandbox     00000000-0000-0000-0000-000000000000

List all sandbox environments in the tenant

This example will list all environments in the tenant of the type Sandbox.

pac admin list --type Sandbox

An example of the output is displayed below.

Environment  Environment Id                        Environment Url                        Type        Organization Id
Contoso Dev  00000000-0000-0000-0000-000000000000  https://contoso-dev.crm.dynamics.com/  Sandbox     00000000-0000-0000-0000-000000000000
Contoso Test 00000000-0000-0000-0000-000000000000  https://commdemos.crm.dynamics.com/    Sandbox     00000000-0000-0000-0000-000000000000

Optional Parameters for admin list

--application -a

List all environments that have specified application installed. To specify application, use unique name or ID.

--environment -env

List all environments that contain given string in their name or ID.

--name -n

List all environments that contain given string in their name.

--type -t

List all environments with the given type.

Use one of these values:

  • Trial
  • Sandbox
  • Production
  • Developer
  • Teams
  • SubscriptionBasedTrial

--json

Returns the output of the command as a JSON formatted string.

pac admin list-app-templates

Lists all supported Dataverse templates of model-driven apps in Dynamics 365.

Examples

The following examples use the pac admin list-app-templates command:

List all supported Dataverse database templates

This example lists all supported Dataverse database templates of model-driven apps in Dynamics 365.

pac admin list-app-templates

An example of the output is displayed below.

Template Name               Template Location Template Display Name Is Disabled
D365_CDSSampleApp           unitedstates      Sample App            False
D365_CustomerService        unitedstates      Customer Service      True
D365_CustomerServicePro     unitedstates      Customer Service Pro  True
D365_DeveloperEdition       unitedstates      Developer Edition     False
D365_FieldService           unitedstates      Field Service         True
D365_Guides                 unitedstates      Guides                True
D365_PowerFrameworkTemplate unitedstates      Power Framework       False
D365_ProjectOperations      unitedstates      Project Operations    True
D365_RemoteAssist           unitedstates      Remote Assist         True
D365_Sales                  unitedstates      Sales Enterprise      True
D365_SalesPro               unitedstates      Sales Pro             True
D365_SmbMarketing           unitedstates      SMB Marketing         True

List all supported Dataverse database templates of model-driven apps in Dynamics 365 for region Europe

This example lists all supported Dataverse database templates of model-driven apps in Dynamics 365 for the region Europe.

pac admin list-app-templates --region Europe

An example of the output is displayed below.

Template Name               Template Location Template Display Name Is Disabled
D365_CDSSampleApp           Europe            Sample App            False
D365_CustomerService        Europe            Customer Service      True
D365_CustomerServicePro     Europe            Customer Service Pro  True
D365_DeveloperEdition       Europe            Developer Edition     True
D365_FieldService           Europe            Field Service         True
D365_Guides                 Europe            Guides                True
D365_PowerFrameworkTemplate Europe            Power Framework       True
D365_ProjectOperations      Europe            Project Operations    True
D365_RemoteAssist           Europe            Remote Assist         True
D365_Sales                  Europe            Sales Enterprise      True
D365_SalesPro               Europe            Sales Pro             True
D365_SmbMarketing           Europe            SMB Marketing         True

Optional Parameters for admin list-app-templates

--region -r

Sets the environment's region name. [defaults to unitedstates]

pac admin list-backups

Lists all backups of your environment.

Examples

The following examples show the use of the pac admin list-backups command.

List backups from an environment by ID

This example lists the backups of an environment based on the environment ID.

pac admin list-backups --environment 00000000-0000-0000-0000-000000000000

An example of the output is displayed below.

 Index   Id                                      Label        Expiry                Point Date
 1       00000000-0000-0000-0000-000000000000    Backup       14/12/2022 12:50:38   07/12/2022 12:50:38

List backups from an environment by URL

This example lists the backups of an environment based on the environment URL.

pac admin list-backups --environment https://contoso.crm.dynamics.com

Optional Parameters for admin list-backups

--environment -env

List all environments that contain a given string in their Environment ID or URL.

pac admin list-groups

List environment groups from your tenant.

pac admin list-service-principal

List Microsoft Entra ID applications which have access to Dataverse.

Optional Parameters for admin list-service-principal

--filter -f

Application name 'starts with' filter.

--max -m

Max number of applications to show. Default: 20

pac admin list-tenant-settings

List tenant settings.

Optional Parameters for admin list-tenant-settings

--settings-file -s

The .json file to output tenant settings.

pac admin reset

Reset the environment from your tenant.

Examples

The following examples show the use of the pac admin reset command:

Reset an environment in your tenant

pac admin reset --environment 00000000-0000-0000-0000-000000000000

Reset an environment in your tenant and set the currency to EUR

pac admin reset --environment 00000000-0000-0000-0000-000000000000 --currency EUR

Optional Parameters for admin reset

--async -a

Optional boolean argument to run pac verbs asynchronously, defaults to false.

This parameter requires no value. It's a switch.

--currency -c

Sets the currency used for your environment. [defaults to USD]

--domain -d

The domain name is part of the environment URL. If domain name is already in use, a numeric value is appended to the domain name. For example: If 'contoso' is already in use, then the environment URL is updated to https://{contoso}0.crm.dynamics.com.

--environment -env

URL or ID of the Environment that needs to be reset.

--input-file -if

The verb arguments to be passed in a .json input file. For example: {"name" : "contoso"}. The arguments passed through command-line will take precedence over arguments from the .json input file.

--language -l

Sets the language used for your environment. [defaults to English]

--max-async-wait-time -wt

Max asynchronous wait time in minutes. The default value is 60 minutes.

--name -n

Sets the name of the environment.

--purpose -p

Sets the description used to associate the environment with a specific intent.

--templates -tm

Sets the Dynamics 365 app that needs to be deployed, passed as comma separated values. For example: -tm "D365_Sample, D365_Sales"

--json

Returns the output of the command as a JSON formatted string.

pac admin restore

Restores an environment to a given backup.

Examples

The following examples show the use of the pac admin restore command:

Restore the latest backup

This example restores the latest backup from the source environment with ID 00000000-0000-0000-0000-000000000000 to the environment that's currently selected in the currently active auth profile.

pac admin restore --selected-backup latest --source-env 00000000-0000-0000-0000-000000000000

Restore a backup based on a timestamp

This example restores the backup that has been created on 12/01/2022 09:00 from the source environment with ID 00000000-0000-0000-0000-000000000000 to the environment that's currently selected in the currently active auth profile.

pac admin restore --selected-backup '12/01/2022 09:00' --source-env 00000000-0000-0000-0000-000000000000

Required Parameters for admin restore

--selected-backup -sb

DateTime of the backup in 'mm/dd/yyyy hh:mm' format OR string 'latest'.

Optional Parameters for admin restore

--async -a

Optional boolean argument to run pac verbs asynchronously, defaults to false.

This parameter requires no value. It's a switch.

--max-async-wait-time -wt

Max asynchronous wait time in minutes. The default value is 60 minutes.

--name -n

Optional name of the restored environment.

--skip-audit-data -sa

Switch indicating whether audit data should be skipped

This parameter requires no value. It's a switch.

--source-env -se

Environment URL or ID of the source environment required for restore.

--target-env -te

Environment URL or ID of the target environment required for restore. This would default to source URL/ID if not provided.

--json

Returns the output of the command as a JSON formatted string.

pac admin set-backup-retention-period

Sets the backup retention period in days as provided. Valid values are: 7, 14, 21, 28.

Required Parameters for admin set-backup-retention-period

--backup-retention-period -br

Sets the backup retention period in days as provided. Valid values are: 7, 14, 21, 28.

Optional Parameters for admin set-backup-retention-period

--async -a

Optional boolean argument to run pac verbs asynchronously, defaults to false.

This parameter requires no value. It's a switch.

--environment -env

Environment URL or ID of the Environment that requires backup.

--max-async-wait-time -wt

Max asynchronous wait time in minutes. The default value is 60 minutes.

pac admin set-governance-config

Enable, disable, and edit managed environments.

Required Parameters for admin set-governance-config

--environment -env

URL or ID of the environment for which managed environments need to be enabled, disabled or edited.

--protection-level -pl

Set protection level : 'Standard' to enable managed environments, 'Basic' to disable managed environments.

Use one of these values:

  • Basic
  • Standard

Optional Parameters for admin set-governance-config

--checker-rule-overrides -cro

Solution checker rule overrides

--cloud-flows-limit -cfl

Number of people that makers can share solution cloud flows with

--cloud-flows-mode -cfm

Solution cloud flows limit sharing mode

--disable-group-sharing -dgs

Disable group sharing.

This parameter requires no value. It's a switch.

--exclude-analysis -ea

Exclude usage insights for the environment from the weekly digest email.

This parameter requires no value. It's a switch.

--include-insights -ii

Include insights in the Power Platform Admin Center homepage cards.

This parameter requires no value. It's a switch.

--limit-sharing-mode -lsm

Limit sharing mode.

--maker-onboarding-markdown -mom

Maker onboarding markdown

--maker-onboarding-url -mou

Maker onboarding URL

--max-limit-user-sharing -ml

If group sharing is disabled, specify the number of people that makers can share canvas apps with.

--solution-checker-mode -scm

Solution checker validation mode.

Use one of these values:

  • none
  • warn
  • block

--suppress-validation-emails -sve

Suppress validation emails

This parameter requires no value. It's a switch.

pac admin set-runtime-state

Update environment administration mode.

Required Parameters for admin set-runtime-state

--environment -env

URL or ID of the environment for which administration mode needs to be updated.

--runtime-state -rs

The environment runtime state

Use one of these values:

  • AdminMode
  • Enabled

Optional Parameters for admin set-runtime-state

--async -a

Optional boolean argument to run pac verbs asynchronously, defaults to false.

This parameter requires no value. It's a switch.

--background-operations -bo

The environment background operations state

Use one of these values:

  • Enabled
  • Disabled

--max-async-wait-time -wt

Max asynchronous wait time in minutes. The default value is 60 minutes.

pac admin status

This command lists the status of all the operations in progress.

pac admin update-tenant-settings

Update tenant settings.

Required Parameters for admin update-tenant-settings

--settings-file -s

The .json file with tenant settings.

Remarks

You can find an example using this command in Enable the environment routing setting.

See also

Microsoft Power Platform CLI Command Groups
Microsoft Power Platform CLI overview