New-AzureADMSGroup -Description "Marketing team" -DisplayName "Dynamic groups with all Marketing users" -MailEnabled $false -SecurityEnabled $true -MailNickname "Foo" -GroupTypes "DynamicMembership" -MembershipRule "(user.department -eq ""Marketing"")" -MembershipRuleProcessingState "Paused"When you execute this cmdlet, the following output is returned:
Id : db78a43d-ba08-4eab-8766-07280a4ba580 Description : Marketing team OnPremisesSyncEnabled : DisplayName : Dynamic groups with all Marketing users OnPremisesLastSyncDateTime : Mail : MailEnabled : False MailNickname : Foo OnPremisesSecurityIdentifier : ProxyAddresses : {} SecurityEnabled : True GroupTypes : {DynamicMembership} MembershipRule : (user.department -eq "Marketing") MembershipRuleProcessingState : Paused
PS C:\Users\rodejo> New-AzureADMSGroup -Description "Stamp Collectors" -DisplayName "Office 365 group for all Stamp Collectors in our org" -MailEnabled $true -SecurityEnabled $true -MailNickname "StampCollectors" -GroupTypes "Unified"And this is the output the cmdlet call returns:
Id : 92e93152-a1a6-4aac-a18a-bfe157e3b319 Description : Stamp Collectors OnPremisesSyncEnabled : DisplayName : Office 365 group for all Stamp Collectors in our org OnPremisesLastSyncDateTime : Mail : StampCollectors3545@drumkit.onmicrosoft.com MailEnabled : True MailNickname : StampCollectors OnPremisesSecurityIdentifier : ProxyAddresses : {SMTP:StampCollectors3545@drumkit.onmicrosoft.com} SecurityEnabled : True GroupTypes : {Unified} MembershipRule : MembershipRuleProcessingState :Some things to note:
Set-AzureADMSGroup -Id c6edea99-12e7-40f9-9508-862193fcb710 -GroupTypes "DynamicMembership","Unified" -MembershipRule "(User.department -eq ""Marketing"")" -MembershipRuleProcessingState "Paused"
Set-AzureADMSGroup -Id 92e93152-a1a6-4aac-a18a-bfe157e3b319 -MembershipRuleProcessingState "Paused"And to switch it back on, use:
Set-AzureADMSGroup -Id 92e93152-a1a6-4aac-a18a-bfe157e3b319 -MembershipRuleProcessingState "On"Other release updates This release also includes a few other changes and new cmdlets. Cmdlets to revoke a user’s Refresh Tokens: We got requests from several customers to provide capabilities to revoke a user’s refresh tokens. To address that need, we added these two new cmdlets:
Revoke-AzureADSignedInUserAllRefreshTokens
This cmdlet is used by the admin to invalidates all of their own refresh tokens issued to applications by resetting the refreshTokensValidFromDateTime user property to the current date-time. It also resets session cookies in a user’s browser. Use this command if you are concerned you account has been attacked or if you are trying to get back to a “clean” state when you are trying to verify a sign-in flow.
Revoke-AzureADUserAllRefreshTokens
This cmdlet Invalidates all the refresh tokens (as well as session cookies in a user’s browser) of the user specified by the admin in the invoking the command. This is accomplished by resetting the refreshTokensValidFromDateTime user property to the current date-time.Connect-AzureAD no longer requires -Force: We learned from your feedback that you’d rather not get the Connect-AzureAD cmdlet prompt for confirmation, so we removed the requirement to specify the -Force parameter to suppress confirmation prompting. Naming convention change for cmdlets that call Microsoft Graph: In a previous blog post we mentioned how we’re aligning AzureAD PowerShell V2 functionality with Graph API functionality . Since the AzureAD PowerShell cmdlets expose both the Azure AD Graph API and the Microsoft Graph, we decided to make a small change to the naming convention of our cmdlets. Moving forward, all cmdlets that call the Microsoft Graph will have “MS” in their cmdlet names, as in “Get-AzureADMSGroup”. The cmdlets that call the Azure AD Graph will not change, so there is also a “Get-AzureADGroup” cmdlet. We’ll be implementing these name changes in an upcoming release and will share all the details then. Getting started To get started using the New-AzureADMSGroup cmdlet, take a look at a short video we made detailing how to manage dynamic groups using PowerShell . Dynamic Membership for Groups requires an Azure AD premium license, so if you don’t have one already, make sure to sign up for a free trial license . I hope you’ll find these new capabilities useful! And as always, we would love to receive any feedback or suggestions you have. Best regards, Alex Simons (Twitter: @Alex_A_Simons ) Director of Program Management Microsoft Identity Division
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.