(Cloud) Tip of the Day: Azure AD PowerShell Tips

  • Article

Today’s Tip…

I ran across this frequently asked questions blog post: https://blogs.technet.com/b/ad/archive/2016/01/08/azure-ad-mailbag-powershell-tips-and-tricks.aspx and it's good some good example for using Azure AD PowerShell…

Question: Why is Azure Active Directory PowerShell separate from Azure PowerShell?

Answer: Azure Active Directory is used by all Microsoft online services including Microsoft Office 365. It pre-dates the current Azure PowerShell. In addition, Azure Active Directory does not currently leverage Azure Resource Management.

Question: Where do I get the latest version of Azure AD PowerShell?

Answer: The current version can be found here: https://msdn.microsoft.com/en-us/library/jj151815.aspx#bkmk_installmodule. There is also a preview version of Azure AD PowerShell with support for MFA that we discussed in a previous post: https://blogs.technet.com/b/ad/archive/2015/10/20/azure-ad-powershell-public-preview-of-support-for-azure-mfa-new-device-management-commands.aspx

Question: I'm using B2B or I have invited some external users to my Azure Active Directory, is there any way to see all these users?

Answer: Yes, PowerShell! These types of accounts are called Guest Accounts. You can run this command:

Get-MsolUser -All | where {$_.UserType -eq "Guest"}

clip_image001

Question: I want to find all users containing something specific. Is there any way to do this?

Answer: Yes, PowerShell! For example, let's say I wanted to find everyone in a specific department:

Get-MsolUser -All | where {$_.Department -like "*IT*"}

clip_image002

Question: I want to see all of the users in my Azure Active Directory that have a specific Administrator role, for example like Company Administrators. Is there a way to see that?

Answer: Yes, I think you are getting the point by now, PowerShell! First we want to get a list of all roles. To do that run

Get-MsolRole

clip_image003

We are looking for Company Administrators. To do that we run:

$companyAdminRole = Get-MsolRole -RoleName "Company Administrator"

Get-MsolRoleMember -RoleObjectId $companyAdminRole.ObjectId

clip_image004

Question: Is there a way to check to see if the user is a member of a group using PowerShell?

Answer: This one we went and created a PowerShell Function you can use:

image

Then run:

IsMemberOfGroup "GroupName" userprincipalname