Edit

Share via

Run legacy scripts in compatibility mode

  • Article

In this article, you learn how to run legacy Azure AD PowerShell scripts in Microsoft Entra PowerShell using compatibility mode, enabling seamless script migration with minimal changes. This process enables you to transition smoothly to the new module while maintaining existing automation workflows, ensuring continued efficiency and compliance with updated tools.

Microsoft Entra PowerShell has over 98% compatibility with Azure AD PowerShell module. In the compatibility mode, you're able to run your existing Azure AD PowerShell scripts with minimal modifications using Microsoft Entra PowerShell by using the Enable-EntraAzureADAlias command. To find Azure AD PowerShell and MSOnline cmdlet equivalents in Microsoft Entra PowerShell, use the Azure AD PowerShell to Microsoft Entra PowerShell cmdlet map .

Use compatibility mode with Enable-EntraAzureADAlias

The Enable-EntraAzureADAlias cmdlet enables compatibility mode through aliases. By default, Enable-EntraAzureADAlias only enables compatibility aliases for the current Microsoft Entra PowerShell session. For more information, see the Enable-EntraAzureADAlias reference documentation.

To use Microsoft Entra PowerShell with your existing AzureAD PowerShell scripts, replace the Connect-AzureAD command with the three provided lines. These three lines are the beginning of your migrated AzureAD PowerShell script.

Import-Module -Name Microsoft.Entra.Users
Connect-Entra #Replaces Connect-AzureAD for auth
Enable-EntraAzureADAlias #enable aliasing
Get-AzureADApplication -Top 2

Example

In this example, you run a script that exports apps with expiring secrets using Microsoft Entra PowerShell. This example assumes that the Microsoft Entra PowerShell module is already installed.

The following example script is the original AzureAD PowerShell script.

Connect-AzureAD
$applications = Get-AzureADApplication -All $true
$Logs = @()
Write-Host "I would like to see the Applications with the Secrets and Certificates that expire in the next X amount of Days? <<Replace X with the number of days. The answer should be ONLY in Numbers>>" -ForegroundColor Green
$Days = Read-Host

Write-Host "Would you like to see Applications with already expired secrets or certificates as well? <<Answer with [Yes] [No]>>" -ForegroundColor Green
$alreadyExpired = Read-Host

$now = Get-Date

foreach ($app in $applications) {
    $appName = $app.DisplayName
    $appID = $app.objectid
    $applID = $app.AppId
    $appCreds = Get-AzureADApplication -ObjectId $appID | Select-Object -Property PasswordCredentials, KeyCredentials
    $secret = $appCreds.PasswordCredentials
    $cert = $appCreds.KeyCredentials

Note: This code snippet is shortened for readability. See the full sample for details.

To use your script with the Microsoft Entra PowerShell module, replace the Connect-AzureAD cmdlet with the three lines provided in the snippet. You don’t need to rewrite the entire script.

The following script is the migrated script.

Import-Module -Name Microsoft.Entra.Users
Connect-Entra #Replaces Connect-AzureAD for auth
Enable-EntraAzureADAlias #Activate aliasing

$applications = Get-AzureADApplication -All $true
$logs = @()
Write-Host "I would like to see the Applications with the Secrets and Certificates that expire in the next X amount of Days? <<Replace X with the number of days. The answer should be ONLY in Numbers>>" -ForegroundColor Green
$days = Read-Host
Write-Host "Would you like to see Applications with already expired secrets or certificates as well? <<Answer with [Yes] [No]>>" -ForegroundColor Green
$alreadyExpired = Read-Host
$now = Get-Date
foreach ($app in $applications) {
    $appName = $app.DisplayName
    $appID = $app.Objectid
    $applID = $app.AppId
    $appCreds = Get-AzureADApplication -ObjectId $appID | Select-Object -Property PasswordCredentials, KeyCredentials
    $secret = $appCreds.PasswordCredentials
    $cert = $appCreds.KeyCredentials

Note: This code snippet is shortened for readability. See the full modified sample for details.

Test compatibility with Test-EntraScript command

The Test-EntraScript cmdlet verifies if a script with Azure AD PowerShell commands works with the Microsoft Entra PowerShell module. If there are compatibility issues, it lists them, including the line number, issue type, incompatible command, and the specific code snippet.

Known issues

When migrating from the Azure AD PowerShell module to Microsoft Entra PowerShell, you might encounter several known issues.

  • Parameter -Filter might not work correctly.
  • Parameter -SearchString might not work correctly.
  • Output objects can differ slightly with AzureAD output objects.

Related content