Previously you needed to download software from the Microsoft Download Center, but since 2018 (granted you’re using Powershell 5.0 or higher) you can get the required software from PowerShell.
Install-Module -Name AzureAD Install-Module -Name MSOnline Connect-MsolService
When you’re connected you have these commands avalible:
Manage users
| Command | Description |
|---|---|
| The Convert-MsolFederatedUser cmdlet is used to update a user in a domain that was recently converted from single sign-on (also known as identity federation) to standard authentication type. A new password must be provided for the user. | |
| The Get-MsolUser cmdlet can be used to retrieve an individual user, or list of users. An individual user will be retrieved if the ObjectId or UserPrincipalName parameter is used. | |
| The New-MsolUser cmdlet is used to create a new user in Windows Azure AD. In order to give the user access to services, they must also be assigned a license (using the LicenseAssignment parameter). | |
| The Remove-MsolUser cmdlet is used to remove a user from Windows Azure AD. This cmdlet will delete the user, their licenses, and any other associated data. | |
| The Restore-MsolUser cmdlet restores a user that is in the Deleted users view to their original state. Users will remain in the Deleted users view for 30 days. | |
| The Set-MsolUser cmdlet is used to update a user object. Note that this cmdlet should be used for basic properties only. The licenses, password, and User Principal Name for a user can be updated through Set-MsolUserLicense, Set-MsolUserPassword and Set-MsolUserPrincipalName cmdlets respectively. | |
| The Set-MsolUserPassword cmdlet is used to change the password of a user. This cmdlet can only be used for users with standard identities. | |
| The Set-MsolUserPrincipalName cmdlet is used to change the User Principal Name ([Template Token Value]) of a user. This cmdlet can be used to move a user between a federated and standard domain, which will result in their authentication type changing to that of the target domain. | |
| The Redo-MsolProvisionUser cmdlet can be used to retry the provisioning of a user object in Windows Azure Active Directory when a previous attempt to create the user object resulted in a validation error. |
Manage group and role membership
| Command | Description |
|---|---|
| The Add-MsolGroupMember cmdlet is used to add members to a security group. The new members can be either users or other security groups. | |
| The Get-MsolGroup cmdlet is used to retrieve groups from Windows Azure AD. This cmdlet can be used to return a single group (if ObjectId is passed in), or to search within all groups. | |
| The Get-MsolGroupMember cmdlet is used to retrieve members of the specified group. The members can be either users or groups. | |
| The New-MsolGroup cmdlet is used to add a new security group to Windows Azure AD. | |
| The Remove-MsolGroup cmdlet is used to delete a group from Windows Azure AD. | |
| The Remove-MsolGroupMember cmdlet is used to remove a member from a security group. This member can be either a user or a group. | |
| The Set-MsolGroup cmdlet is used to update the properties of a security group. | |
| The Add-MsolRoleMember cmdlet is used to add a member to a role. Currently, only users can be added to a role (adding a security group is not supported). | |
| The Get-MsolRole cmdlet can be used to retrieve a list of administrator roles. | |
| The Get-MsolUserRole cmdlet is used to retrieve all of the administrator roles that the specified user belongs to. This cmdlet will also return roles that the user is a member of through security group membership. | |
| The Get-MsolRoleMember cmdlet is used to retrieve all members of the specified role. | |
| The Remove-MsolRoleMember cmdlet is used to remove a user from an administrator role. | |
| The Redo-MsolProvisionGroup cmdlet can be used to retry the provisioning of a group object in Windows Azure Active Directory when a previous attempt to create the group object resulted in a validation error. |
For more information and commands please visit technet.
Pre-PowerShell 5.0
You must install the appropriate version of the Windows Azure AD Module for Windows PowerShell for your operating system from the Microsoft Download Center:
Then click the Windows Azure Active Directory Module for Windows PowerShell shortcut to open a Windows PowerShell workspace that has the cmdlets. Alternatively, you can load the cmdlets manually by typing import-module MSOnline at the Windows PowerShell command prompt.
Once the modules are imported you can connect with your Azure credentials.
$msolcred = get-credential connect-msolservice -credential $msolcred
Is there a Power Shell script to create an application object for graph API and not only service principal? I want to register an application using Powershell scripts,which should also be visible in the API.