First published on CloudBlogs on Jan, 08 2016
Howdy folks,
It's Friday, so it's time for another Azure AD Mailbag. This time Mark and the team have pulled together some great tips and tricks for using Azure AD with PowerShell. I hope this is helpful. If you have questions make sure to send them to AskAzureADBlog@microsoft.com
Best Regards,
Alex Simons (Twitter: @Alex_A_Simons)
Director of PM Microsoft Identity Products and Services
---------------------------------------
Hey y'all,
Mark Morowczynski back again with another mailbag post to start off your new year on the right foot. Our previous posts have typically focused on a specific feature, this post is going to be a bit different. This one will focus on questions that we see over and over again but you can use PowerShell to find the answer you are looking for! If you haven't started learning PowerShell yet well for the 1,000th time you really should start on it. Seriously. Here is a nice free Microsoft Virtual Academy- Getting Started With PowerShell 3.0 Jump Start , to get you going
Question: Why is Azure Active Directory PowerShell separate from Azure PowerShell?
Answer: Azure Active Directory is used by all Microsoft online services including Microsoft Office 365. It pre-dates the current Azure PowerShell. In addition, Azure Active Directory does not currently leverage Azure Resource Management.
Question: Where do I get the latest version of Azure AD PowerShell?
Answer: The current version can be found here: https://msdn.microsoft.com/en-us/library/jj151815.aspx#bkmk_installmodule . There is also a preview version of Azure AD PowerShell with support for MFA that we discussed in a previous post: http://blogs.technet.com/b/ad/archive/2015/10/20/azure-ad-powershell-public-preview-of-support-for-a...
Question: I'm using B2B or I have invited some external users to my Azure Active Directory, is there any way to see all these users?
Answer: Yes, PowerShell! These types of accounts are called Guest Accounts. You can run this command:
Get-MsolUser -All | where {$_.UserType -eq "Guest"}
Question: I want to find all users containing something specific. Is there any way to do this? Answer: Yes, PowerShell! For example, let's say I wanted to find everyone in a specific department:
Get-MsolUser -All | where {$_.Department -like "*IT*"}
Question: I want to see all of the users in my Azure Active Directory that have a specific Administrator role , for example like Company Administrators. Is there a way to see that?
Answer: Yes, I think you are getting the point by now, PowerShell! First we want to get a list of all roles. To do that run"
Get-MsolRole
We are looking for Company Administrators. To do that we run:
$companyAdminRole = Get-MsolRole -RoleName "Company Administrator"
Get-MsolRoleMember -RoleObjectId $companyAdminRole.ObjectId
Question: Is there a way to check to see if the user is a member of a group using PowerShell?
Answer: This one we went and created a PowerShell Function you can use:
function IsMemberOfGroup($groupName, $userPrincipalName) {
$group = Get-MsolGroup -SearchString $groupName -All
if($group -eq $null){
Write-Output $group
Write-Host "Group not found"
return
}
if($group.count -gt 1){
Write-Host "More than one matching group found"
return
}
$user =Get-MsolUser -UserPrincipalName $userPrincipalName
if($user -eq $null){
Write-Host "User not found"
return
}
$groupMember = Get-MsolGroupMember -GroupObjectId $group.ObjectId -All | where {$_.ObjectId -eq $user.ObjectId}
if($groupMember -eq $null){
Write-Output $false
}else{
write-Output $true
}
}
Then run:
IsMemberOfGroup "GroupName" userprincipalname
We hope you've found this post and this series to be helpful. For any questions you can reach us at AskAzureADBlog@microsoft.com , the Microsoft Forums and on Twitter @AzureAD , @MarkMorow and @Alex_A_Simons
-Mark Morowczynski, Edward Wu, Chad Hasbrook and Shane Oatman
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.