Blog Post

Microsoft Entra Blog
3 MIN READ

Azure AD Mailbag: PowerShell tips and tricks

Alex Simons (AZURE)'s avatar
Sep 07, 2018

First published on CloudBlogs on Jan, 08 2016

 


Howdy folks,

 

It's Friday, so it's time for another Azure AD Mailbag. This time Mark and the team have pulled together some great tips and tricks for using Azure AD with PowerShell. I hope this is helpful. If you have questions make sure to send them to AskAzureADBlog@microsoft.com

 

Best Regards,

Alex Simons (Twitter: Alex_A_Simons)

Director of PM Microsoft Identity Products and Services

 

---------------------------------------

 

Hey y'all,

 

Mark Morowczynski back again with another mailbag post to start off your new year on the right foot. Our previous posts have typically focused on a specific feature, this post is going to be a bit different. This one will focus on questions that we see over and over again but you can use PowerShell to find the answer you are looking for! If you haven't started learning PowerShell yet well for the 1,000th time you really should start on it. Seriously. Here is a nice free Microsoft Virtual Academy- Getting Started With PowerShell 3.0 Jump Start , to get you going

 

Question: Why is Azure Active Directory PowerShell separate from Azure PowerShell?

Answer: Azure Active Directory is used by all Microsoft online services including Microsoft Office 365. It pre-dates the current Azure PowerShell. In addition, Azure Active Directory does not currently leverage Azure Resource Management.

 

Question: Where do I get the latest version of Azure AD PowerShell?

Answer: The current version can be found here: https://msdn.microsoft.com/en-us/library/jj151815.aspx#bkmk_installmodule . There is also a preview version of Azure AD PowerShell with support for MFA that we discussed in a previous post: http://blogs.technet.com/b/ad/archive/2015/10/20/azure-ad-powershell-public-preview-of-support-for-azure-mfa-new-device-management-commands.aspx

 

Question: I'm using B2B or I have invited some external users to my Azure Active Directory, is there any way to see all these users?

Answer: Yes, PowerShell! These types of accounts are called Guest Accounts. You can run this command:

Get-MsolUser -All | where {$_.UserType -eq "Guest"}

Question: I want to find all users containing something specific. Is there any way to do this? Answer: Yes, PowerShell! For example, let's say I wanted to find everyone in a specific department:

Get-MsolUser -All | where {$_.Department -like "*IT*"}

 

Question: I want to see all of the users in my Azure Active Directory that have a specific Administrator role , for example like Company Administrators. Is there a way to see that?

Answer: Yes, I think you are getting the point by now, PowerShell! First we want to get a list of all roles. To do that run"

Get-MsolRole

We are looking for Company Administrators. To do that we run:

$companyAdminRole = Get-MsolRole -RoleName "Company Administrator"

Get-MsolRoleMember -RoleObjectId $companyAdminRole.ObjectId

 

Question: Is there a way to check to see if the user is a member of a group using PowerShell?

Answer: This one we went and created a PowerShell Function you can use:

function IsMemberOfGroup($groupName, $userPrincipalName) {

$group = Get-MsolGroup -SearchString $groupName -All

if($group -eq $null){

Write-Output $group

Write-Host "Group not found"

return

}

if($group.count -gt 1){

Write-Host "More than one matching group found"

return

}

$user =Get-MsolUser -UserPrincipalName $userPrincipalName

if($user -eq $null){

Write-Host "User not found"

return

}

$groupMember = Get-MsolGroupMember -GroupObjectId $group.ObjectId -All | where {$_.ObjectId -eq $user.ObjectId}

if($groupMember -eq $null){

Write-Output $false

}else{

write-Output $true

}

}

Then run:

IsMemberOfGroup "GroupName" userprincipalname

 

We hope you've found this post and this series to be helpful. For any questions you can reach us at AskAzureADBlog@microsoft.com , the Microsoft Forums and on Twitter @AzureAD , @MarkMorow and @Alex_A_Simons

 

-Mark Morowczynski, Edward Wu, Chad Hasbrook and Shane Oatman

Updated Jul 24, 2020
Version 11.0
No CommentsBe the first to comment