Udostępnij za pośrednictwem


New AzureAD Module for Office 365

What is new?

The Update was made as Microsoft wanted to maintain the capabilities equivalent between our Graph API and our PowerShell cmdlets

What is in for me? What should I take care?

Yes, what this means that if(most of us would have) written some scripts that give us certain

All the commands where you used MSOL, you would be using AzureAD

Like for example

Instead of Connect-MsolService -credential we would be using Connect-AzureAD.

Instead of Get-MSOLUser we would be using Get-AzureADUser

How should I Install the new module?

Installing the new module is fairly simple.

Open Powershell with Admin privileges

run-as-admin-to-install-powershell

Run the command Install-Module AzureAD

 installing-azure-modue

It automatically connects to Powershell gallery and downloads and Installs the module. If you have not installed any other module this way then it might require your permissions to connect to PowerShell gallery and install modules

We can see the installed Module in this location "C:\Program Files\WindowsPowerShell\Modules"

location-of-azuread-module

We can check the Module information by running the below command

azure-ad-module-information

Should I do change to it asap?

Yes and No.

The below was mentioned in Microsoft's Enterprise Mobility and Security Blog

  • The new Azure AD PowerShell v2.0 module don’t provide full functional parity with the older MSOL module yet. We’re working hard to make that happen in the coming months and will keep you updated on our progress.
  • We are not planning to publish new functionality in the MSOL PowerShell module. Over time we will implement all the functionality of the old MSOL cmdlets in the new module, and this new module contains quite a few new cmdlets that haven’t been available before.

So essentially the current scripts that you have will probably not have all the corresponding commands in the new module, so it's better to wait until all the commands are imported to the new module. But in the meantime admins can install this in their test environment and test and get familiarize with the new commands.

Also below are the commands that are available when this blog is published. If your scripts utilize only these commands then you can start using the new module

Current set of commands that are available in the module are

Add-AzureADApplicationOwner

Add-AzureADDeviceRegisteredOwner

Add-AzureADDeviceRegisteredUser

Add-AzureADDirectoryRoleMember

Add-AzureADGroupMember

Add-AzureADGroupOwner

Add-AzureADServicePrincipalOwner

Connect-AzureAD

Disconnect-AzureAD

Enable-AzureADDirectoryRole

Get-AzureADApplication

Get-AzureADApplicationExtensionProperty

Get-AzureADApplicationKeyCredential

Get-AzureADApplicationOwner

Get-AzureADApplicationPasswordCredential

Get-AzureADContact

Get-AzureADContactDirectReport

Get-AzureADContactManager

Get-AzureADContactMembership

Get-AzureADContract

Get-AzureADDevice

Get-AzureADDeviceRegisteredOwner

Get-AzureADDeviceRegisteredUser

Get-AzureADDirectoryRole

Get-AzureADDirectoryRoleMember

Get-AzureADDirectoryRoleTemplate

Get-AzureADExtensionProperty

Get-AzureADGroup

Get-AzureADGroupAppRoleAssignment

Get-AzureADGroupMember

Get-AzureADGroupOwner

Get-AzureADOAuth2PermissionGrant

Get-AzureADServiceAppRoleAssignment

Get-AzureADServicePrincipal

Get-AzureADServicePrincipalCreatedObject

Get-AzureADServicePrincipalKeyCredential

Get-AzureADServicePrincipalMembership

Get-AzureADServicePrincipalOAuth2PermissionGrant

Get-AzureADServicePrincipalOwnedObject

Get-AzureADServicePrincipalOwner

Get-AzureADServicePrincipalPasswordCredential

Get-AzureADSubscribedSku

Get-AzureADTenantDetail

Get-AzureADTrustedCertificateAuthority

Get-AzureADUser

Get-AzureADUserAppRoleAssignment

Get-AzureADUserCreatedObject

Get-AzureADUserDirectReport

Get-AzureADUserExtension

Get-AzureADUserManager

Get-AzureADUserMembership

Get-AzureADUserOAuth2PermissionGrant

Get-AzureADUserOwnedDevice

Get-AzureADUserOwnedObject

Get-AzureADUserRegisteredDevice

New-AzureADApplication

New-AzureADApplicationExtensionProperty

New-AzureADApplicationKeyCredential

New-AzureADApplicationPasswordCredential

New-AzureADDevice

New-AzureADGroup

New-AzureADGroupAppRoleAssignment

New-AzureADServiceAppRoleAssignment

New-AzureADServicePrincipal

New-AzureADServicePrincipalKeyCredential

New-AzureADServicePrincipalPasswordCredential

New-AzureADTrustedCertificateAuthority

New-AzureADUser

New-AzureADUserAppRoleAssignment

Remove-AzureADApplication

Remove-AzureADApplicationExtensionProperty

Remove-AzureADApplicationKeyCredential

Remove-AzureADApplicationOwner

Remove-AzureADApplicationPasswordCredential

Remove-AzureADContact

Remove-AzureADContactManager

Remove-AzureADDevice

Remove-AzureADDeviceRegisteredOwner

Remove-AzureADDeviceRegisteredUser

Remove-AzureADDirectoryRoleMember

Remove-AzureADGroup

Remove-AzureADGroupAppRoleAssignment

Remove-AzureADGroupMember

Remove-AzureADGroupOwner

Remove-AzureADOAuth2PermissionGrant

Remove-AzureADServiceAppRoleAssignment

Remove-AzureADServicePrincipal

Remove-AzureADServicePrincipalKeyCredential

Remove-AzureADServicePrincipalOwner

Remove-AzureADServicePrincipalPasswordCredential

Remove-AzureADTrustedCertificateAuthority

Remove-AzureADUser

Remove-AzureADUserAppRoleAssignment

Remove-AzureADUserExtension

Remove-AzureADUserManager

Revoke-AzureADSignedInUserAllRefreshToken

Revoke-AzureADUserAllRefreshToken

Select-AzureADGroupIdsContactIsMemberOf

Select-AzureADGroupIdsGroupIsMemberOf

Select-AzureADGroupIdsServicePrincipalIsMemberOf

Select-AzureADGroupIdsUserIsMemberOf

Set-AzureADApplication

Set-AzureADContact

Set-AzureADContactManager

Set-AzureADDevice

Set-AzureADGroup

Set-AzureADServicePrincipal

Set-AzureADTrustedCertificateAuthority

Set-AzureADUser

Set-AzureADUserExtension

Set-AzureADUserLicense

Set-AzureADUserManager

Set-AzureADUserPassword

Update-AzureADSignedInUserPassword

Comments

  • Anonymous
    February 09, 2017
    "Instead of Get-MSOLUser we would be using Get-AzureADUser""The new Azure AD PowerShell v2.0 module don’t provide full functional parity with the older MSOL module yet. We’re working hard to make that happen in the coming months and will keep you updated on our progress."FYI... For anyone curious.. There are some switches that don't work. Get-AzureADUser -ALL does not. The command alone only returns 100 users. Using the -top switch, Get-AzureADUser -top 500, gives you 500 but then you can't filter on those with the -searchstring switch. You need something like Get-AzureADUser -top 500 | ?{$_.userprincipalname -match "@abc.com"} | select userprincipalname