In this series of articles, it which will explain how to use PowerShell to manage your Azure Active Directory instance. In Part 01, I am going to show how to connect with Azure Active Directory using PowerShell and show actions of some day to day operation related commands.
In order to use PowerShell with Azure Active Directory, first we need to install Azure Active Directory Module in local computer. there is two version of Azure active directory PowerShell module. One was made for the Public Preview and the latest one released after announces Azure AD GA. You can download module from http://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=59185
If you had the previous version installed, highly recommended to replace it with the new version.
Once installed let’s check its status.
Get-Module MSOnline
Azure Active Directory PowerShell Commands
In order to list down all the commands associate cmdlets with the module we can use
Get-Command -Module MSOnline
Next step is to connect to Azure AD Instance. In order to do that we can use,
Connect-MsolService
It will prompt for the login details. Please use your Azure DC Admin account details. Please note login via Microsoft account not supported.
First, we can list down all the domain under the given subscription. To do that we can use,
Get-MsolDomain
As next steps I like to list down all the users in Azure AD Setup.
Get-MsolUser
It will list down all the Users in the Azure AD.
I also can search for a specific user based on text patterns. In below example I am searching users with Name which match text “Dishan”
Get-MsolUser -SearchString “Dishan”
Idea of my search is to find some object values for this user. I can combine above command to return all the object value.
Get-MsolUser -SearchString “Dishan” | Select-Object *
Now we know what are the objects been use and I can make more unique search.
Get-MsolUser | Select-Object DisplayName,whenCreated,LastPasswordChangeTimestamp
Above command will list me all the users with Display Name, Date and Time It was created, and Date and Time of Last Password Change Action.
Get-MsolUserRole another handy cmdlet. It can use to check the role of a user account.
Get-MsolUserRole -UserPrincipalName “dcadmin@REBELADMIN.onmicrosoft.com” | fl
The above command will find the role for the given user account.
Get-MsolGroup cmdlet can use to list, filter Groups in the Azure AD.
Using searchstring can search for the groups based on text patterns.
Get-MsolGroup -SearchString “AAD”
Get-MsolGroupMember can use to list down the members in the group.
Get-MsolGroupMember -GroupObjectId “77a76005-02df-48d5-af63-91a19ed55a82”
Remove-MsolUser cmdlet can use to remove the user object from the Azure AD. This can combine with searchstring to search for user and then remove the object same time.
Get-MsolUser -SearchString “user2” | Remove-MsolUser
Above command will search for the user object which have display name similar to user2 and then delete it.
In next post let’s dig further in to cmdlets which can use to manage Azure AD.
If there is any question, please feel free to contact me on rebeladm@live.com