Add-EntraAdministrativeUnitMember
Adds an administrative unit member.
Syntax
Add-EntraAdministrativeUnitMember
-MemberId <String>
-AdministrativeUnitId <String>
[<CommonParameters>] Description
The Add-EntraAdministrativeUnitMember cmdlet adds a Microsoft Entra ID administrative unit member.
Administrative units enable more granular management of permissions and access, particularly in large organizations or where administrative responsibilities are divided across departments or regions.
In delegated scenarios, adding a user, group, or device to an administrative unit requires:
- Privileged Role Administrator
Examples
Example 1: Add user as an administrative unit member
Connect-Entra -Scopes 'AdministrativeUnit.ReadWrite.All'
$administrativeUnit = Get-EntraAdministrativeUnit -Filter "DisplayName eq '<administrativeunit-display-name>'"
$user = Get-EntraUser -UserId 'SawyerM@contoso.com'
Add-EntraAdministrativeUnitMember -AdministrativeUnitId $administrativeUnit.Id -MemberId $user.IdThis example demonstrates adding an administrative unit member. Use Get-EntraAdministrativeUnit to find the administrative unit ID and Get-EntraUser to find the user ID.
AdministrativeUnitIdparameter specifies the ID of an administrative unit.MemberIdparameter specifies the ID of the user or group you want to add as a member of the administrative unit.
Example 2: Add a group to an administrative unit
Connect-Entra -Scopes 'AdministrativeUnit.ReadWrite.All'
$administrativeUnit = Get-EntraAdministrativeUnit -Filter "DisplayName eq '<administrativeunit-display-name>'"
$group = Get-EntraGroup -SearchString 'Sales and Marketing'
Add-EntraAdministrativeUnitMember -AdministrativeUnitId $administrativeUnit.Id -MemberId $group.IdThis example demonstrates adding an administrative unit member. Use Get-EntraAdministrativeUnit to find the administrative unit ID and Get-EntraGroup to find the group ID.
AdministrativeUnitIdparameter specifies the ID of an administrative unit.MemberIdparameter specifies the ID of the user or group you want to add as a member of the administrative unit.
Example 3: Add a device to an administrative unit
Connect-Entra -Scopes 'AdministrativeUnit.ReadWrite.All'
$administrativeUnit = Get-EntraAdministrativeUnit -Filter "DisplayName eq '<administrativeunit-display-name>'"
$device = Get-EntraDevice -SearchString 'ContosoDesktop01'
Add-EntraAdministrativeUnitMember -AdministrativeUnitId $administrativeUnit.Id -MemberId $device.IdThis example demonstrates adding an administrative unit member. Use Get-EntraAdministrativeUnit to find the administrative unit ID and Get-EntraDevice to find the device ID.
AdministrativeUnitIdparameter specifies the ID of an administrative unit.MemberIdparameter specifies the ID of the device you want to add as a member of the administrative unit.
Parameters
-AdministrativeUnitId
Specifies the ID of a Microsoft Entra ID administrative unit.
| Type: | System.String |
| Aliases: | ObjectId |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-MemberId
Specifies the unique ID of the specific Microsoft Entra ID object that are as owner/manager/member.
| Type: | System.String |
| Aliases: | RefObjectId |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |