pac admin
Work with your Power Platform Admin Account
Commands
Command | Description |
---|---|
pac admin add-group | Add environment to a group. |
pac admin application list | List Microsoft Entra ID applications registered under your tenant. |
pac admin application register | Register Microsoft Entra ID application with your tenant. |
pac admin application unregister | Unregister Microsoft Entra ID application from your tenant. |
pac admin assign-group | Assign group to target Dataverse environment with specified security role. |
pac admin assign-user | Assign a user to a target Dataverse environment with specified security role. |
pac admin backup | Takes a manual backup of your environment. |
pac admin copy | Copy Source Environment to Destination Environment. |
pac admin create | Creates a Dataverse instance in your tenant. |
pac admin create-service-principal | Add Microsoft Entra ID application and associated application user to the Dataverse environment. |
pac admin delete | Deletes the environment from your tenant. |
pac admin list | List all environments from your tenant. |
pac admin list-app-templates | Lists all supported Dataverse templates of model-driven apps in Dynamics 365. |
pac admin list-backups | Lists all backups of your environment. |
pac admin list-groups | List environment groups from your tenant. |
pac admin list-service-principal | List Microsoft Entra ID applications which have access to Dataverse. |
pac admin list-tenant-settings | List tenant settings. |
pac admin reset | Reset the environment from your tenant. |
pac admin restore | Restores an environment to a given backup. |
pac admin set-backup-retention-period | Sets the backup retention period in days as provided. Valid values are: 7, 14, 21, 28. |
pac admin set-governance-config | Enable, disable, and edit managed environments. |
pac admin set-runtime-state | Update environment administration mode. |
pac admin status | This command lists the status of all the operations in progress. |
pac admin update-tenant-settings | Update tenant settings. |
pac admin add-group
Add environment to a group.
Required Parameters for admin add-group
--environment-group
-eg
Environment group.
Optional Parameters for admin add-group
--environment
-env
Environment (ID, org ID, url, unique name, or partial name).
pac admin application list
List Microsoft Entra ID applications registered under your tenant.
pac admin application register
Register Microsoft Entra ID application with your tenant.
Required Parameters for admin application register
--application-id
-id
Application Id
pac admin application unregister
Unregister Microsoft Entra ID application from your tenant.
Required Parameters for admin application unregister
--application-id
-id
Application Id
pac admin assign-group
Assign group to target Dataverse environment with specified security role.
Required Parameters for admin assign-group
--group
-g
Microsoft Entra ID object ID of group to assign to target Dataverse environment.
--group-name
-gn
Name of the group or team to create in Dataverse.
--membership-type
-mt
Team membership type.
Use one of these values:
MembersAndGuests
Members
Owners
Guests
--role
-r
Name or ID of security role to be applied to user
--team-type
-tt
Type of team.
Use one of these values:
Owner
Access
AadSecurityGroup
AadOfficeGroup
Optional Parameters for admin assign-group
--business-unit
-bu
ID of business unit to associate application user with.
--environment
-env
ID or URL of the environment to assign a user to.
pac admin assign-user
Assign a user to a target Dataverse environment with specified security role.
Examples
The following examples show the use of the pac admin assign-user
command.
- Assign a user by email to an environment with the basic user role
- Assign a user by guid to an environment with the system administrator role and add the user to a specified business unit
- Assign an application user to an environment with the system administrator role
Assign a user by email to an environment with the basic user role
pac admin assign-user `
--environment 00000000-0000-0000-0000-000000000000 `
--user "user@company.com" `
--role "Basic User"
Assign a user by guid to an environment with the system administrator role and add the user to a specified business unit
pac admin assign-user `
--environment 00000000-0000-0000-0000-000000000000 `
--user 00000000-0000-0000-0000-000000000000 `
--business-unit` 00000000-0000-0000-0000-000000000000 `
--role "System Administrator"
Assign an application user to an environment with the system administrator role
pac admin assign-user `
--environment 00000000-0000-0000-0000-000000000000 `
--user 00000000-0000-0000-0000-000000000000 `
--role "System Administrator"
--application-user
Required Parameters for admin assign-user
--role
-r
Name or ID of security role to be applied to user
--user
-u
Object ID or user principal name (UPN) of Microsoft Entra ID user to be assigned to the environment or Application ID if assigning an Application User.
Optional Parameters for admin assign-user
--application-user
-au
Specifies whether the input user is an application user. If a business unit isn't specified, the application user is added to the authenticated users business unit.
This parameter requires no value. It's a switch.
--async
-a
Deprecated: This parameter is ignored.
--business-unit
-bu
ID of business unit to associate application user with.
--environment
-env
ID or URL of the environment to assign a user to.
pac admin backup
Takes a manual backup of your environment.
Example
Create a manual backup for an environment
pac admin backup `
--environment 00000000-0000-0000-0000-000000000000 `
--label "Manual Backup October 2022"
Required Parameters for admin backup
--label
-l
Sets the backup label as provided.
Optional Parameters for admin backup
--environment
-env
Environment URL or ID of the Environment that requires backup.
pac admin copy
Copy Source Environment to Destination Environment.
Examples
The following examples show the use of the pac admin copy
command.
- Copy an environment from a source environment to a target environment using a minimal copy
- Copy an environment from a source environment to a target environment using a full copy
Copy an environment from a source environment to a target environment using a minimal copy
This example copies over customizations and schemas only from a source environment to a target environment.
pac admin copy `
--name "Environment Name" `
--source-env 00000000-0000-0000-0000-000000000000 `
--target-env 00000000-0000-0000-0000-000000000000 `
--type MinimalCopy
Copy an environment from a source environment to a target environment using a full copy
This example copies the whole environment over from a source environment to a target environment.
pac admin copy `
--name "Environment Name" `
--source-env 00000000-0000-0000-0000-000000000000 `
--target-env 00000000-0000-0000-0000-000000000000 `
--type FullCopy
Optional Parameters for admin copy
--async
-a
Optional boolean argument to run pac verbs asynchronously, defaults to false.
This parameter requires no value. It's a switch.
--max-async-wait-time
-wt
Max asynchronous wait time in minutes. The default value is 60 minutes.
--name
-n
Name of the target environment.
--skip-audit-data
-sa
Switch indicating whether audit data should be skipped
This parameter requires no value. It's a switch.
--source-env
-se
Environment URL or ID of the source environment that is being copied
--target-env
-te
Environment URL or ID of the target environment.
--type
-t
Use one of these values:
MinimalCopy
FullCopy
--json
Returns the output of the command as a JSON formatted string.
pac admin create
Creates a Dataverse instance in your tenant.
Examples
The following examples show the use of the pac admin create
command.
Simple creation of an environment
In this example, we'll create a sandbox environment with the default settings:
- Currency: USD
- Language: English
- Region: unitedstates
We don't have to add those properties, because those values are the default values.
pac admin create `
--name "Contoso Test" `
--type Sandbox `
--domain ContosoTest
Advanced creation of an environment
In this example, we'll create a production environment in the region europe, with the currency set to Euro and the language to English.
We don't have to add the language property, because it's the default value.
pac admin create `
--name "Contoso Marketing" `
--currency EUR `
--region europe `
--type Production `
--domain ContosoMarketing
Create using --input-file
In this example, we create the same environment described in Advanced creation of an environment, except refer to data in a JSON file named config.json
where config.json contains this data:
{
"name": "Contoso Marketing",
"currency": "EUR",
"region": "europe",
"type": "Production",
"domain": "ContosoMarketing"
}
Then, refer to the file when using the pac admin create
command:
pac admin create --input-file C:\config.json
Required Parameters for admin create
--type
-t
Sets the environment Type.
Use one of these values:
Trial
Sandbox
Production
Developer
Teams
SubscriptionBasedTrial
Optional Parameters for admin create
--async
-a
Optional boolean argument to run pac verbs asynchronously, defaults to false.
This parameter requires no value. It's a switch.
--currency
-c
Sets the currency used for your environment. [defaults to USD]
--domain
-d
The domain name is part of the environment URL. If domain name is already in use, a numeric value is appended to the domain name. For example: If 'contoso' is already in use, then the environment URL is updated to https://{contoso}0.crm.dynamics.com.
Note: Only characters within the ranges [A - Z], [a - z], [0 - 9], or '-' are allowed. The first and last character can't be the '-' character. Consecutive '-' characters aren't allowed.
--input-file
-if
The verb arguments to be passed in a .json input file. For example: {"name" : "contoso"}. The arguments passed through command-line will take precedence over arguments from the .json input file.
--language
-l
Sets the language used for your environment. [defaults to English]
--max-async-wait-time
-wt
Max asynchronous wait time in minutes. The default value is 60 minutes.
--name
-n
Sets the name of the environment.
--region
-r
Sets the environment's region name. [defaults to unitedstates]
--security-group-id
-sgid
Microsoft Entra ID Security Group Id or Microsoft 365 Group Id (required for Teams environment).
Note: The Security Group Id must be a valid Guid.
--templates
-tm
Sets the Dynamics 365 app that needs to be deployed, passed as comma separated values. For example: -tm "D365_Sample, D365_Sales"
--user
-u
Object ID or user principal name (UPN) of Microsoft Entra ID user to be assigned to the environment.
--json
Returns the output of the command as a JSON formatted string.
pac admin create-service-principal
Add Microsoft Entra ID application and associated application user to the Dataverse environment.
Example
pac admin create-service-principal --environment <environment id>
More information: Configure service connections using a service principal
Optional Parameters for admin create-service-principal
--environment
-env
Environment (ID, org ID, url, unique name, or partial name).
--name
-n
Application name to create in Entra ID.
--role
-r
Name or ID of security role to be applied to application user. The default value is: 'System Administrator'.
Remarks
When successful, four columns are displayed:
- Power Platform TenantId
- Application ID
- Client Secret (in clear text)
- Expiration
For example:
PS C:\>pac admin create-service-principal --environment d3fcc479-0122-e7af-9965-bde57f69ee1d
Connected as admin@M365x57236226.onmicrosoft.com
Successfully assigned user adde6d52-9582-4932-a43a-beca5d182301 to environment d3fcc479-0122-e7af-9965-bde57f69eeld with security role System Administrator
Tenant ID Application ID Client Secret Expiration
2b0463ed-efd7-419d-927d-a9dca49d899c adde6d52-9582-4932-a43a-beca5d182301 beY8Q~JBZ~CBDgIKKBjbZ3g6BofKzoZkYj23Hbf 7/31/2024 4:27:03 PM
pac admin delete
Deletes the environment from your tenant.
Examples
The following examples show the use of the pac admin delete
command.
Delete environment by GUID
pac admin delete --environment 00000000-0000-0000-0000-000000000000
Delete environment by URL
pac admin delete --environment https://contosomarketing.crm4.dynamics.com
Optional Parameters for admin delete
--async
-a
Optional boolean argument to run pac verbs asynchronously, defaults to false.
This parameter requires no value. It's a switch.
--environment
-env
Environment URL or ID of the Environment that needs to be deleted from your tenant.
--max-async-wait-time
-wt
Max asynchronous wait time in minutes. The default value is 60 minutes.
pac admin list
List all environments from your tenant.
Examples
The following examples show the use of the pac admin list
command.
List all environments in the tenant
This example will list all environments in the tenant.
pac admin list
An example of the output is displayed below.
Environment Environment Id Environment Url Type Organization Id
Contoso 00000000-0000-0000-0000-000000000000 https://contoso.crm.dynamics.com/ Production 00000000-0000-0000-0000-000000000000
Contoso Dev 00000000-0000-0000-0000-000000000000 https://contoso-dev.crm.dynamics.com/ Sandbox 00000000-0000-0000-0000-000000000000
Contoso Test 00000000-0000-0000-0000-000000000000 https://commdemos.crm.dynamics.com/ Sandbox 00000000-0000-0000-0000-000000000000
List all sandbox environments in the tenant
This example will list all environments in the tenant of the type Sandbox
.
pac admin list --type Sandbox
An example of the output is displayed below.
Environment Environment Id Environment Url Type Organization Id
Contoso Dev 00000000-0000-0000-0000-000000000000 https://contoso-dev.crm.dynamics.com/ Sandbox 00000000-0000-0000-0000-000000000000
Contoso Test 00000000-0000-0000-0000-000000000000 https://commdemos.crm.dynamics.com/ Sandbox 00000000-0000-0000-0000-000000000000
Optional Parameters for admin list
--application
-a
List all environments that have specified application installed. To specify application, use unique name or ID.
--environment
-env
List all environments that contain given string in their name or ID.
--name
-n
List all environments that contain given string in their name.
--type
-t
List all environments with the given type.
Use one of these values:
Trial
Sandbox
Production
Developer
Teams
SubscriptionBasedTrial
--json
Returns the output of the command as a JSON formatted string.
pac admin list-app-templates
Lists all supported Dataverse templates of model-driven apps in Dynamics 365.
Examples
The following examples use the pac admin list-app-templates
command:
- List all supported Dataverse database templates
- List all supported Dataverse database templates of model-driven apps in Dynamics 365 for region Europe
List all supported Dataverse database templates
This example lists all supported Dataverse database templates of model-driven apps in Dynamics 365.
pac admin list-app-templates
An example of the output is displayed below.
Template Name Template Location Template Display Name Is Disabled
D365_CDSSampleApp unitedstates Sample App False
D365_CustomerService unitedstates Customer Service True
D365_CustomerServicePro unitedstates Customer Service Pro True
D365_DeveloperEdition unitedstates Developer Edition False
D365_FieldService unitedstates Field Service True
D365_Guides unitedstates Guides True
D365_PowerFrameworkTemplate unitedstates Power Framework False
D365_ProjectOperations unitedstates Project Operations True
D365_RemoteAssist unitedstates Remote Assist True
D365_Sales unitedstates Sales Enterprise True
D365_SalesPro unitedstates Sales Pro True
D365_SmbMarketing unitedstates SMB Marketing True
List all supported Dataverse database templates of model-driven apps in Dynamics 365 for region Europe
This example lists all supported Dataverse database templates of model-driven apps in Dynamics 365 for the region Europe.
pac admin list-app-templates --region Europe
An example of the output is displayed below.
Template Name Template Location Template Display Name Is Disabled
D365_CDSSampleApp Europe Sample App False
D365_CustomerService Europe Customer Service True
D365_CustomerServicePro Europe Customer Service Pro True
D365_DeveloperEdition Europe Developer Edition True
D365_FieldService Europe Field Service True
D365_Guides Europe Guides True
D365_PowerFrameworkTemplate Europe Power Framework True
D365_ProjectOperations Europe Project Operations True
D365_RemoteAssist Europe Remote Assist True
D365_Sales Europe Sales Enterprise True
D365_SalesPro Europe Sales Pro True
D365_SmbMarketing Europe SMB Marketing True
Optional Parameters for admin list-app-templates
--region
-r
Sets the environment's region name. [defaults to unitedstates]
pac admin list-backups
Lists all backups of your environment.
Examples
The following examples show the use of the pac admin list-backups
command.
List backups from an environment by ID
This example lists the backups of an environment based on the environment ID.
pac admin list-backups --environment 00000000-0000-0000-0000-000000000000
An example of the output is displayed below.
Index Id Label Expiry Point Date
1 00000000-0000-0000-0000-000000000000 Backup 14/12/2022 12:50:38 07/12/2022 12:50:38
List backups from an environment by URL
This example lists the backups of an environment based on the environment URL.
pac admin list-backups --environment https://contoso.crm.dynamics.com
Optional Parameters for admin list-backups
--environment
-env
List all environments that contain a given string in their Environment ID or URL.
pac admin list-groups
List environment groups from your tenant.
pac admin list-service-principal
List Microsoft Entra ID applications which have access to Dataverse.
Optional Parameters for admin list-service-principal
--filter
-f
Application name 'starts with' filter.
--max
-m
Max number of applications to show. Default: 20
pac admin list-tenant-settings
List tenant settings.
Optional Parameters for admin list-tenant-settings
--settings-file
-s
The .json file to output tenant settings.
pac admin reset
Reset the environment from your tenant.
Examples
The following examples show the use of the pac admin reset
command:
Reset an environment in your tenant
pac admin reset --environment 00000000-0000-0000-0000-000000000000
Reset an environment in your tenant and set the currency to EUR
pac admin reset --environment 00000000-0000-0000-0000-000000000000 --currency EUR
Optional Parameters for admin reset
--async
-a
Optional boolean argument to run pac verbs asynchronously, defaults to false.
This parameter requires no value. It's a switch.
--currency
-c
Sets the currency used for your environment. [defaults to USD]
--domain
-d
The domain name is part of the environment URL. If domain name is already in use, a numeric value is appended to the domain name. For example: If 'contoso' is already in use, then the environment URL is updated to https://{contoso}0.crm.dynamics.com.
--environment
-env
URL or ID of the Environment that needs to be reset.
--input-file
-if
The verb arguments to be passed in a .json input file. For example: {"name" : "contoso"}. The arguments passed through command-line will take precedence over arguments from the .json input file.
--language
-l
Sets the language used for your environment. [defaults to English]
--max-async-wait-time
-wt
Max asynchronous wait time in minutes. The default value is 60 minutes.
--name
-n
Sets the name of the environment.
--purpose
-p
Sets the description used to associate the environment with a specific intent.
--templates
-tm
Sets the Dynamics 365 app that needs to be deployed, passed as comma separated values. For example: -tm "D365_Sample, D365_Sales"
--json
Returns the output of the command as a JSON formatted string.
pac admin restore
Restores an environment to a given backup.
Examples
The following examples show the use of the pac admin restore
command:
Restore the latest backup
This example restores the latest backup from the source environment with ID 00000000-0000-0000-0000-000000000000
to the environment that's currently selected in the currently active auth profile.
pac admin restore --selected-backup latest --source-env 00000000-0000-0000-0000-000000000000
Restore a backup based on a timestamp
This example restores the backup that has been created on 12/01/2022 09:00
from the source environment with ID 00000000-0000-0000-0000-000000000000
to the environment that's currently selected in the currently active auth profile.
pac admin restore --selected-backup '12/01/2022 09:00' --source-env 00000000-0000-0000-0000-000000000000
Required Parameters for admin restore
--selected-backup
-sb
DateTime of the backup in 'mm/dd/yyyy hh:mm' format OR string 'latest'.
Optional Parameters for admin restore
--async
-a
Optional boolean argument to run pac verbs asynchronously, defaults to false.
This parameter requires no value. It's a switch.
--max-async-wait-time
-wt
Max asynchronous wait time in minutes. The default value is 60 minutes.
--name
-n
Optional name of the restored environment.
--skip-audit-data
-sa
Switch indicating whether audit data should be skipped
This parameter requires no value. It's a switch.
--source-env
-se
Environment URL or ID of the source environment required for restore.
--target-env
-te
Environment URL or ID of the target environment required for restore. This would default to source URL/ID if not provided.
--json
Returns the output of the command as a JSON formatted string.
pac admin set-backup-retention-period
Sets the backup retention period in days as provided. Valid values are: 7, 14, 21, 28.
Required Parameters for admin set-backup-retention-period
--backup-retention-period
-br
Sets the backup retention period in days as provided. Valid values are: 7, 14, 21, 28.
Optional Parameters for admin set-backup-retention-period
--async
-a
Optional boolean argument to run pac verbs asynchronously, defaults to false.
This parameter requires no value. It's a switch.
--environment
-env
Environment URL or ID of the Environment that requires backup.
--max-async-wait-time
-wt
Max asynchronous wait time in minutes. The default value is 60 minutes.
pac admin set-governance-config
Enable, disable, and edit managed environments.
Required Parameters for admin set-governance-config
--environment
-env
URL or ID of the environment for which managed environments need to be enabled, disabled or edited.
--protection-level
-pl
Set protection level : 'Standard' to enable managed environments, 'Basic' to disable managed environments.
Use one of these values:
Basic
Standard
Optional Parameters for admin set-governance-config
--checker-rule-overrides
-cro
Solution checker rule overrides
--cloud-flows-limit
-cfl
Number of people that makers can share solution cloud flows with
--cloud-flows-mode
-cfm
Solution cloud flows limit sharing mode
--disable-group-sharing
-dgs
Disable group sharing.
This parameter requires no value. It's a switch.
--exclude-analysis
-ea
Exclude usage insights for the environment from the weekly digest email.
This parameter requires no value. It's a switch.
--include-insights
-ii
Include insights in the Power Platform Admin Center homepage cards.
This parameter requires no value. It's a switch.
--limit-sharing-mode
-lsm
Limit sharing mode.
--maker-onboarding-markdown
-mom
Maker onboarding markdown
--maker-onboarding-url
-mou
Maker onboarding URL
--max-limit-user-sharing
-ml
If group sharing is disabled, specify the number of people that makers can share canvas apps with.
--solution-checker-mode
-scm
Solution checker validation mode.
Use one of these values:
none
warn
block
--suppress-validation-emails
-sve
Suppress validation emails
This parameter requires no value. It's a switch.
pac admin set-runtime-state
Update environment administration mode.
Required Parameters for admin set-runtime-state
--environment
-env
URL or ID of the environment for which administration mode needs to be updated.
--runtime-state
-rs
The environment runtime state
Use one of these values:
AdminMode
Enabled
Optional Parameters for admin set-runtime-state
--async
-a
Optional boolean argument to run pac verbs asynchronously, defaults to false.
This parameter requires no value. It's a switch.
--background-operations
-bo
The environment background operations state
Use one of these values:
Enabled
Disabled
--max-async-wait-time
-wt
Max asynchronous wait time in minutes. The default value is 60 minutes.
pac admin status
This command lists the status of all the operations in progress.
pac admin update-tenant-settings
Update tenant settings.
Required Parameters for admin update-tenant-settings
--settings-file
-s
The .json file with tenant settings.
Remarks
You can find an example using this command in Enable the environment routing setting.
See also
Microsoft Power Platform CLI Command Groups
Microsoft Power Platform CLI overview