Step-By-Step: Intro to Managing Azure AD via PowerShell
As IT Professionals know, time is never on our side. Hence the reason PowerShell is so important. It provides a quicker way of completing tasks and can even provide some automation if harnessed correctly. This Step-By-Step will detail how to get started in harnessing PowerShell to manage an Azure Active Directory instance and detail day to day operation related commands to get you started.
In order to use PowerShell with Azure AD, first we need to install Azure Active Directory Module in local computer. there is two version of Azure active directory PowerShell module. One was made for the Public Preview and the latest one released after announces Azure AD GA. You can download module from https://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx
It is highly recommended to replace it with the new version should you have already installed an older version.
Once installed let’s check its status.
In order to list down all the commands associate cmdlets with the module we can use
Next step is to connect to Azure AD Instance. In order to do that we can use,
Connect-MsolService
It will prompt for the login details. Please use your Azure DC Admin account details. Please note login via Microsoft account not supported.
First, we can list down all the domain under the given subscription. To do that we can use,
As next steps I like to list down all the users in Azure AD Setup.
It will list down all the Users in the Azure AD.
I also can search for a specific user based on text patterns. In below example I am searching users with Name which match text “Dishan”
Get-MsolUser -SearchString "Dishan"
Idea of my search is to find some object values for this user. I can combine above command to return all the object value.
Get-MsolUser -SearchString "Dishan" | Select-Object *
Now we know what are the objects been use and I can make more unique search.
Get-MsolUser | Select-Object DisplayName,whenCreated,LastPasswordChangeTimestamp
Above command will list me all the users with Display Name, Date and Time It was created, and Date and Time of Last Password Change Action.
Get-MsolUserRole another handy cmdlet. It can use to check the role of a user account.
Get-MsolUserRole -UserPrincipalName "dcadmin@REBELADMIN.onmicrosoft.com" | fl
The above command will find the role for the given user account.
Get-MsolGroup cmdlet can use to list, filter Groups in the Azure AD.
Using searchstring can search for the groups based on text patterns.
Get-MsolGroup -SearchString "AAD"
Get-MsolGroupMember can use to list down the members in the group.
Get-MsolGroupMember -GroupObjectId "77a76005-02df-48d5-af63-91a19ed55a82"
Remove-MsolUser cmdlet can use to remove the user object from the Azure AD. This can combine with searchstring to search for user and then remove the object same time.
Get-MsolUser -SearchString "user2" | Remove-MsolUser
Above command will search for the user object which have display name similar to user2 and then delete it.