Manage licenses with PowerShell in Azure Active Directory!

MVP

 

Hi Azure friends,

 

In this article, I will describe how you can use PowerShell in Azure Active Directory to quickly get information about licenses. I have summarized a few experiences and would like to share them with you.

 

I used the PowerShell ISE for this configuration. But you are also very welcome to use Visual Studio Code, just as you wish. Please start with the following steps to begin the deployment (the Hashtags are comments):

 

#The first two lines have nothing to do with the configuration, but make some space below in the blue part of the ISE

Set-Location C:\Temp
Clear-Host

#We need the cmdlets
Install-Module -Name AzureAD -AllowClobber -Force -Verbose

 

#Sometimes the module must be imported
Import-Module AzureAD

 

#Lets connect to the Azure Active Directory
Connect-AzureAD

 

#What licenses are available?
Get-AzureADSubscribedSku

 

#More info about the license package
Get-AzureADSubscribedSku | Select-Object -Property ObjectId, SkuPartNumber, ConsumedUnits -ExpandProperty PrepaidUnits

 

#What is included in the license package
Get-AzureADSubscribedSku `
-ObjectId 95b14fab-6bbf-4756-94d4-99993dd27f55_05e9a617-0261-4cee-bb44-138d3ef5d965 | Select-Object -ExpandProperty ServicePlans

 

#To list all licensed users
Get-AzureAdUser | ForEach { $licensed=$False ; For ($i=0; $i -le ($_.AssignedLicenses | Measure).Count ; $i++)`
{ If( [string]::IsNullOrEmpty( $_.AssignedLicenses[$i].SkuId ) -ne $True) { $licensed=$true } } ; If( $licensed -eq $true)`
{ Write-Host $_.UserPrincipalName} }

 

#To list all of the unlicensed users
Get-AzureAdUser | ForEach{ $licensed=$False ; For ($i=0; $i -le ($_.AssignedLicenses | Measure).Count ; $i++)`
{ If( [string]::IsNullOrEmpty( $_.AssignedLicenses[$i].SkuId ) -ne $True) { $licensed=$true } } ; If( $licensed -eq $false)`
{ Write-Host $_.UserPrincipalName} }

 

#Do users have a usage location?
Get-AzureADUser | Select DisplayName,Department,UsageLocation

 

#We select a user
$User = Get-AzureADUser -ObjectId fred.prefect@tomscloud.ch

 

#The user needs a location
Set-AzureADUser -ObjectId $User.ObjectId -UsageLocation CH

 

#We need the SKU ID
Get-AzureADSubscribedSku | Select SkuPartNumber, SkuID

 

#Create the AssignedLicense object
$Sku = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense

 

#Set the SKU ID
$Sku.SkuId = "6fd2c87f-b296-42f0-b197-1e91e994b900"

 

#Create the AssignedLicenses Object
$Licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses

 

#Add the SKU
$Licenses.AddLicenses = $Sku

 

#Setting a License to a User
Set-AzureADUserLicense -ObjectId $User.ObjectId -AssignedLicenses $Licenses

 

#Creating a Custom License
$User = Get-AzureADUser -ObjectId fred.prefect@tomscloud.ch.ch

 

#Create the AssignedLicense object
$Sku = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense

 

#Add the SKU

$Sku.SkuId = "6fd2c87f-b296-42f0-b197-1e91e994b900"

 

#Show the ServicePlans
Get-AzureADSubscribedSku -ObjectId 95b14fab-6bbf-4756-94d4-99993dd27f55_05e9a617-0261-4cee-bb44-138d3ef5d965 | Select-Object -ExpandProperty ServicePlans

 

#Get the LicenseSKU and create the Disabled ServicePlans object
$Sku.DisabledPlans = @("a23b959c-7ce8-4e57-9140-b90eb88a9e97","aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1")

 

#Create the AssignedLicenses Object
$Licenses = New-Object –TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses

 

#Add the SKU
$Licenses.AddLicenses = $Sku

 

#Assign the license to the user
Set-AzureADUserLicense -ObjectId $User.ObjectId -AssignedLicenses $Licenses


Now you have successfully edited the licenses with PowerShell in Azure Active Directory!
Congratulations!

 

I hope this article was useful. Best regards, Tom Wechsler

 

P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler

6 Replies
Article is very helpful!
Thank you! It's a pleasure!

Thanks for the write up here Tom.
What are your thoughts on Microsoft's stance on the retirement of licensing via MSOnline and Azure AD PowerShell in favour of the Microsoft Graph PowerShell equivalent beginning on June 30, 2022?

 

https://techcommunity.microsoft.com/t5/azure-active-directory-identity/migrate-your-apps-to-access-t... 

It's a pleasure!
I have also read this information and wait once until there is more information about it.
Thank's for share Tom, great stuff!
Thank you, It's a pleasure!