Connect-AzureAD – How to Connect to Azure AD using Powershell. Have you decided to add PowerShell to your Azure Active Directory administration tools but not sure what the first step is? Well, your first step is to connect to Azure AD using the Connect-AzureAD cmdlet, and this article guides you through the steps.
However, since the Connect-AzureAD cmdlet is part of the AzureAD PowerShell module, you must install and download the module on your computer. So, after this quick intro, I’ll show you how to install the Azure Active Directory PowerShell for Graph (AzureAD module) on your Windows computer.
After that we run the Connect-AzureAD command to connect to your Azure Active Directory tenant.
Finally, to get you started with everyday admin tasks, I have included some useful Azure AD SysAdmin examples in the third section of this article.
Shall we start this article blog Connect-AzureAD – How to Connect to Azure AD using Powershell.
Install and Import the AzureAD PowerShell for Graph Module
Microsoft offers two versions of the Azure AD PowerShell for Graph module.
There is the General Availability (GA) version, AzureAD. Additionally, Microsoft also offers a Public Preview version, AzureADPreview.
The Public Preview version is meant for testing, and Microsoft does not recommend using it for production environments.
Based on that, I show you how to install and import the General Availability (GA) version (AzureAD) of the Azure AD PowerShell for Graph module.
Here are the steps (screenshots from a Windows 11 PC)
1. Open PowerShell as Administrator
Search PowerShell and click “Run as Administrator.”
Your PC request for you to allow the app to make changes to your device via the User Account Control pop up – select Yes.
2. Install the AzureAD Module with the Install-Module Command
On the PowerShell console, run the install module command below: copy the command to your PowerShell and press Enter.
Install-Module AzureAD
If you want to try the public preview release version, change AzureAD to AzureADPreview. Note that the installation may take a short while to complete because PowerShell installs the module from the PowerShell Gallery (PowershellGallery.com).
3. Import the AzureAD Module with the Import-Module Command
After installing the module, use the import module command to add it to your current PowerShell session: similar to step 2, copy the command below to PowerShell.
Then, to execute the command, press Enter. Finally, confirm that you have the module by running the Get-Module command – see the command next to the Import-Module command below.
Import-Module AzureAD
Get-Module AzureAD
I have included a screenshot of the three commands below.
Try our Active Directory & Azure AD Reporting Tools
Try us out for Free, Access to all features. – 200+ AD Report templates Available. Easily customise your own AD reports.
Run the Connect-AzureAD Command to Connect to Azure Active Directory
With the AzureAD PowerShell module available in your current PowerShell session, it’s time to connect to Azure Active Directory via PowerShell.
Follow the steps below.
1. Open PowerShell with the "RemoteSigned" Execution Polciy
Run the command below to allow you to run the downloaded cmdlets. The default configuration of PowerShell may not permit running scripts downloaded from the internet.
The command below opens a new PowerShell session within the current session. This new session allows you to run “RemoteSigned” cmdlets and should work for modules downloaded from powershellgallery.com since they’re RemoteSigned.
powershell.exe -ExecutionPolicy RemoteSigned
To learn more about PowerShell Execution Policies, visit the Microsoft page, about_Execution_Policies.
2. Prepare Required Credentials
Prepare the credentials you need to connect to Azure AD via PowerShell. The command saves your Azure AD or Microsoft 365 login username and password in the $credentials variable.
Before you run the command, change UserName@DomainName.com to your username. Running the command displays a “Windows PowerShell credential request” login form, requesting your password.
Enter the password, then click OK.
$credentials = Get-Credential UserName@DomainName.com
3. Connect to Azure AD with PowerShell
Connect to Azure AD by running the Connect-AzureAD Command. The command below calls the credentials you saved in the $credentials variable.
Executing the command takes a short while as your PowerShell console connects to Azure Active Directory. If all goes well, the PowerShell console displays information about the Azure Environment you’ve just connected into.
Connect-AzureAD -Credential $credentials
Here is a screenshot of the result of the above command. I connected to the AzureCloud environment (yours may be a different environment).
Additionally, my PowerShell console shows that my Azure TenantDomain is itechguides.com. Yours will be different!
That’s it! You’ve successfully connected to your Azure AD environment with PowerShell. From this point, you manage users, groups and perform other admin tasks with PowerShell.
That is if you know your way around. However, if you need help with tasks please follow my next section.
Manage and Administer Azure AD with PowerShell with Examples
Get Information About Azure AD Users with the "Get-AzureADUser" cmdlet
This is arguably the most common task you’ll encounter as an Azure SysAdmin. To list all users in your Azure AD environment that you signed into, run the Get-AzureADUser command.
Get-AzureADUser
How about returning other properties? To see all available properties, pipe the last command to the Get-Member command.
Get-AzureADUser | Get-Member
Pipping the command to Get-Member returns a lot more information (“Properties”) that we use. It also displays what we call “Methods.”
Going into detail about PowerShell object Properties and Methods is outside the Get-AzureADUser scope of this article. However, if you want to learn more, read up Get-Member, about_Properties, and about_Methods.
Going back to the result of my last command, you look through the properties returned by Get-Member and then modify the Get-AzureADUser command to return more customized results.
Here is an example of the command that returns the following properties for all users in an Azure environment – DisplayName, UserPrincipalName, DirSyncEnabled and LastDirSyncTime.
Get-AzureADUser | Select-Object DisplayName, UserPrincipalName, DirSyncEnabled, LastDirSyncTime | Format-Table -AutoSize
If you have already set up Azure AD Connect, the previous command helps you troubleshoot Azure AD sync issues to and from on-prem AD. It returns the user’s DisplayName, UPN, and whether the user is enabled for synching to on-prem AD and the last time the sync occurred.
Create New Azure AD Users with the "New-AzureADUser" cmdlet
Another common request SysAdmins get from their manager, or other stakeholders is creating new Azure AD users. However, using PowerShell to create single users is not very useful because you could do that from the GUI.
Where you’ll find this useful is in creating multiple users. If you receive a request to create multiple users in Azure Active Directory, you’ll likely receive the users’ details in a CSV file.
In this example, I am assuming that the CSV file has the following headers: First Name and Last Name. Based on this, I’ve developed a tiny script to create an Azure Active Directory account for all users in the CSV file.
Here is the script.
$users = import-CSV D:\AzureADUsers\userdetails.CSV #imports all users in the CSV fie and saves the information in the $users variable
#the ForEach block iterates through the users in the csv file and performs the tasks in the () block.
ForEach ($user in $users) {
$FirstName = $user.'First Name' #saves the First Name for each user in the $FirstName variable
$LastName = $user.'Last Name' #saves the First Name for each user in the $LastName variable.
$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile #creates a PasswordProfile we would use to create the users
$PasswordProfile.Password = "samplepassword" #creates the password you will use for all created users
New-AzureADUser -DisplayName $FirstName $LastName -PasswordProfile $PasswordProfile -UserPrincipalName "$FirstName.$LastName@DomaninName.com" #creates an account for each user
}
Before you use this script, change the following:
- The path to the CSV file containing your users list. This is in line 1 of the code.
- In line 7, change the text “samplepassword” to the password you wish to use.
- DomainName in line 8 to your Azure AD domain name.
Add Users to a Group Using the "Add-AzureADGroupMember" cmdlet
In this last example, I show you how to add an Azure AD user to an Azure AD group.
I want to add a user with a known UPN to the “Writers” security group to demonstrate how to perform this task. The command that I require to accomplish this is the Add-AzureADGroupMember cmdlet.
This cmdlet requires the ObjectID of both the user and the group. So, to return these values, first, run the Get-AzureADMSGroup and Get-AzureADUser commands.
Get-AzureADMSGroup -SearchString "Office 365 sample group" | Select-Object DisplayName, ID
Get-AzureADUser -SearchString "user@DomainName.com" | Select-Object DisplayName, ObjectId
The first command returns the ObjectID (ID) and the DisplayName of the group. Change “Office 365 sample group” to your group’s name. Furthermore, the second command returns the ObjectID and DisplayName of the user you want to add to the group. Change “user@DomainName.com” to your user’s UPN.
Finally, run the command below to add the user to the group.
Modify the “user ObjectID” from your last command to the user’s ObjectID. Similarly, replace “Group ID” with the group ID from your previous command.
Here is the screenshot of the results of the three commands ran against my Azure AD environment.
Add-AzureADGroupMember -ObjectId "Group ID" -RefObjectId "user ObjectID"
Also Read Try the Azure AD Monitoring Tool
Thank you for reading Connect-AzureAD – How to Connect to Azure AD using Powershell.
Connect-AzureAD – How to Connect to Azure AD using Powershell Command Conclusion
Managing Azure AD with PowerShell is one of the most intelligent decisions a Windows SysAdmin makes.
Why?
Unlike using GUI tools, PowerShell drastically improves your efficiency as a SysAdmin, and managing Azure AD with PowerShell does precisely that!
However, before managing your Azure Active Directory environment with PowerShell, you must first connect to it by running the Connect-AzureAD command. This guide shows that the first step is to get the AzureAD module on your computer by running the Install-Module command.
Then, you need to import the cmdlets in the module into your current PowerShell session by running the Import-Module command. Finally, you make that crucial first move to managing Azure with PowerShell by running the all-important Connect-AzureAD command.
Get more insights by heading over to the Infrasos blog.
Try InfraSOS for FREE
Invite your team and explore InfraSOS features for free
- Free 15-Days Trial
- Easy Setup
- Full Access to Enterprise Plan
Comment (1)
Shaym
October 17, 2023Hi, can you add script for export all AzureADuser but guest account only.