Add-EntraAdministrativeUnitMember
Adds an administrative unit member.
Syntax
Add-EntraAdministrativeUnitMember
-RefObjectId <String>
-AdministrativeUnitId <String>
[<CommonParameters>] Description
The Add-EntraAdministrativeUnitMember cmdlet adds a Microsoft Entra ID administrative unit member.
Administrative units enable more granular management of permissions and access, particularly in large organizations or where administrative responsibilities are divided across departments or regions.
To add a user, group, or device to an administrative unit, the calling principal must be assigned at least the Privileged Role Administrator Microsoft Entra role.
Examples
Example 1: Add user as an administrative unit member
Connect-Entra -Scopes 'AdministrativeUnit.ReadWrite.All'
$administrativeUnit = Get-EntraAdministrativeUnit -Filter "DisplayName eq '<administrativeunit-display-name>'"
$user = Get-EntraUser -UserId 'SawyerM@contoso.com'
Add-EntraAdministrativeUnitMember -AdministrativeUnitId $administrativeUnit.Id -RefObjectId $user.IdThis example demonstrates adding an administrative unit member. Use Get-EntraAdministrativeUnit to find the administrative unit ID and Get-EntraUser to find the user ID.
AdministrativeUnitIdparameter specifies the ID of an administrative unit.RefObjectIdparameter specifies the ID of the user or group you want to add as a member of the administrative unit.
Parameters
-AdministrativeUnitId
Specifies the ID of a Microsoft Entra ID administrative unit.
| Type: | System.String |
| Aliases: | ObjectId |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-RefObjectId
Specifies the unique ID of the specific Microsoft Entra ID object that are as owner/manager/member.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |