Azure Identity And Access Management Part 5 – Azure Active Directory – Bulk Update of Azure AD User Profile Using PowerShell
Hello Everybody,
Hope you all are doing good!!! .
In our last article we have discuses about Azure AD Extension Attribute. Today In this article , we will continue with our Azure IAM series by discussing on how to do bulk update of Azure AD User profiles.
If you have missed our previous articles on Azure Identity And Access Management (IAM), please check it in following links.
Part 1 – Azure Active Directory – Overview
Part 2 – Azure Active Directory – Enterprise Users
Part 3 – Azure Active Directory – Create Custom Directory Role & Assign Role using Power-Shell
Part 4 – Azure Active Directory – Create Azure AD Extension Attribute Using Power-Shell
Next Article : Part 6 – Azure Active Directory – Manage Device Identity 1 – Overview
Bulk Update User Profile :
Some times scenario comes where we need to do some task in a bulk like bulk user addition, bulk guest invitation or bulk deletion etc. Today we will see, how to update Azure AD user profile attribute in a bulk for multiple users using PowerShell. Azure AD provides a nice UI for updating profile attributes for a user but, it can become tedious if we need to update many users. So better to do it in a bulk. So lets start with the power-shell script.
Use Case :
In our use case, we have a Azure AD group “MSTechs” and all members of this group belongs to IT department. So we need to update Department property of all users in this group and set it to “IT“.
To proceed with the example follow the below steps :
1 . First Import the AzureAD power-shell module using Import-Module AzureADPreview cmdlet. We are amusing the module already installed.
2 . Connect to Azure Active Directory using Connect-AzureAD cmdlet and provide the Tenant id of default directory.
3 . Get all Available group detials using Get-AzureADGroup cmdlet as shown in the following figure.
4 . Find the Id of the required AD Group (“MSTechs”) using Get-AzureADGroup cmdlet and by providing filter argument as shown in the following figure.
5 . Once we have Group-Id, we can get all member user of that group using Get-AzureADGroupMember cmdlet and update the required Department field using Set-AzureADUser cmdlet by iterating the user list on UserPrincipalName as shown in the following figure.
6 . Now let check if the Department attribute has updated or not. As we can see in the following figure the Department is now set to IT.
Here we have updated the profile of list of users from a particular Azure AD Group. But if we want to update profile attributes of a list of users from different group or without group in that case, we can provide a .CSV file with user’s UserPrincipalName and using power-shell we can iterate through the .CSV file and do the same with each UserPrincipalName.
More Power-Shell Commands to Manage Azure AD User :
We have seen how to update Azure AD user property. Here I would like to inform you all that , there are some other power-shell cmdlet, which is also used to update user profile properties. Each of those cmdlet are used to update a specific user profile property. Following are a list up power-shell command to manage User or Group properties.
- Get-AzureADUserManager : cmdlet gets the manager of a user in Azure Active Directory (AD).
- Set-AzureADUser : cmdlet updates a user in Azure Active Directory (AD).
- Set-AzureADUserExtension : cmdlet sets a user extension in Azure Active Directory (Azure AD).
- Set-AzureADUserManager : cmdlet update the manager for a user in Azure Active Directory (AD).
- Set-AzureADUserLicense : Cmdlet adds or removes licenses for a Microsoft online service to the list of assigned licenses for a user.
- Set-AzureADUserPassword : cmdlet sets the password for a user in Azure Active Directory (AD).
- Set-AzureADUserThumbnailPhoto : cmdlet is used to set the thumbnail photo for a user
- Update-AzureADSignedInUserPassword : cmdlet updates the password for the signed-in user in Azure Active Directory (AD).
- Remove-AzureADUserExtension : cmdlet removes a user extension from Azure Active Directory (AD).
- Remove-AzureADUserManager : cmdlet removes a user’s manager in Azure Active Directory (AD).
- Get-AzureADGroup : cmdlet gets a group in Azure Active Directory (AD).
- Get-AzureADMSGroup : cmdlet gets information about groups in Azure AD.
- Get-AzureADGroupMember : cmdlet gets a member of a group in Azure Active Directory (AD).
- Get-AzureADGroupOwner : cmdlet gets an owner of a group in Azure Active Directory (AD).
- Set-AzureADGroup : cmdlet updates a group in Azure Active Directory (AD).
- Set-AzureADMSGroup : cmdlet updates a group information in Azure Active Directory (AD).
- Set-AzureADMSGroupLifecyclePolicy : cmdlet updates a specific group Lifecycle Policy in Azure Active Directory
Find the complete script here to download.
I hope this article helps you . In next article we will come with a new topic for our series on Azure Active Directory.
Next Article : Part 6 – Azure Active Directory – Manage Device Identity 1 – Overview
Please let me know if I missed anything important .In my next article we will continue one more feature of Azure Active Directory.
Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.
If you have any suggestion / feedback / doubt, you are most welcome. Stay tuned on Knowledge-Junction, will come up with more such articles.
Thanks for reading 🙂 .
1 Response
[…] our last Azure AD series articles we have discussed, about Bulk Update of Azure AD User Profile Using PowerShell. We have different articles which covered Azure AD Group and User. Today In this article, we will […]