SOLVED

Read/Write AzureAD Guest Self Signup via PowerShell

Copper Contributor

Setting the Guest user self-signup property via powershell is documented to be done via the Msonline module's `Set-MsolCompanySettings` cmdlet (-AllowAdHocSubscriptions) (documentation)

Now, I don't see a way to read this setting. There's Get-MsolCompanyInformation but no value for AdHocSubscriptions.

Also, the Msonline module is marked as deprecated and we should use AzureAD(-Preview) module instead.

But there I can't find the setting. It might be me just being unable to correctly search the documentation.

So my questions are:

  1.  how can I read the setting via powershell?
  2. what is the "new" way to set this setting when msonline module is deprecated?

 

4 Replies
best response confirmed by SRMueller (Copper Contributor)
Solution
It's there, but hidden:

Get-MsolCompanyInformation | select AllowAdHocSubscriptions

Or just | fl * it. And you can also set/query it via Graph: https://docs.microsoft.com/en-us/graph/api/resources/authorizationpolicy?view=graph-rest-beta

@Vasil Michev 

 

Thank you! I wasn't aware of this concept of hidden properties. Would I have been able to figure that out via documentation?

Also, I now see that AllowAdHocSubsciptions is set to true in the result of the cmdlet, but Azure Portal shows this as "false" in the External Identities->External Collaboration Settings

SRMueller_0-1623663325754.pngSRMueller_1-1623663350361.png

 

That's not the same setting as the Guest self-service sign-up.

Yeah, I saw that afterwards. I'm moving on with all the other properties I find. Properties like that, which seem unreachable via the MS Powershell cmdlets, will move to a backlog/do it manually via UI pool.

The main problem I see is with the inconsistent implementation of the cmdlets and the lacking documentation. Or better, the inconsistent quality of the documentation. To make matters worse for me, I just found the PnP PowerShell which is supposed to bring with it more commands. But now I'm stuck figuring out, which tools/cmdlets/tech I should use, i.e. are best practice, according to microsoft and the community.


I want to avoid writing my own MS Graph frontend but maybe that's where this is going in the long run.

Thanks for the support!

 

EDIT: sorry for the edit noise

1 best response

Accepted Solutions
best response confirmed by SRMueller (Copper Contributor)
Solution
It's there, but hidden:

Get-MsolCompanyInformation | select AllowAdHocSubscriptions

Or just | fl * it. And you can also set/query it via Graph: https://docs.microsoft.com/en-us/graph/api/resources/authorizationpolicy?view=graph-rest-beta

View solution in original post