AzureAD Module User Management
Connect-AzureAD
# Run PowerShell ISE as Administrator | Install AAD Module
Install-Module -Name AzureAD
# Connect to Azure Should Be Prompted for Account Info / Login
Connect-AzureAD
# Simple Test to See if Connected
Get-AzureADUser | Where{$_.UserPrincipalName -like "*"} | Select givenname,surname, DisplayName, AccountEnabled
#Disconnect Session
Disconnect-AzureAD
NEW-AzureADUser
# Import User Account Information From CSV
$MyAccounts=Import-csv "C:\Users\scott\AzureAD\Accounts.csv" -ErrorAction Stop
# Syntax / Technical Formatting of Password from String
$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
# Da Loop Through the CSV Data
Foreach($Account in $MyAccounts){
# Assign Password from CSV to Variable
$PasswordProfile.Password = $Account.PasswordProfile
# Create New Account in AAD
New-AzureADUser -DisplayName $Account.DsiplayName -GivenName $Account.GivenName -SurName $Account.Surname -UserPrincipalName $Account.UserPrincipalName -MailNickName $Account.MailNickName -PasswordProfile $PasswordProfile -JobTitle $Account.JobTitle -AccountEnabled $True
}
Set-AzureADUser (Disable Account)
# I will follow my actual protocols for disabling an account since I always want to show best practices.
#1 I get my data from HR or some other process to alert me some users need to be decomissioned, fired, quit, contract up etc...
$DisableUserAccountsfromHR = Get-Content "C:\Users\scott\Documents\WindowsPowershell\AzureAD\HR-Disable-Accounts.txt"
$DisableUserAccountsfromHR
#1.5 !!!! Run the snippet in #1 ONLY and review the output on the screen to make sure you are importing the correct data from source !!!!
#2 Run this command to verify I have correct infromation on these accounts and they are found in AAD
#Decalre Array
$MyUserArray = @()
Foreach ($userUPN in $DisableUserAccountsfromHR){
$MyUserArray += Get-AzureADUser | Where{$_.UserPrincipalName -eq $userUPN} | Select DisplayName, ObjectID, UserPrincipalName, AccountEnabled
}
$MyUserArray | Tee-Object C:\Temp\MyDisableUserArrayLog.txt -Append
#2.5 Run the Snippet in #2 next to review the output to the screen and make sure these are the accounts you want to disable.
#3 Make sure all results are correct in prior steps, if anything looks out of the norm, STOP and ask someone about it
# I use the ObjectID due to the fact these are unique in the AAD
Foreach($ObjectID in $MyUserArray){
$ObjectID | Tee-Object C:\Temp\UsersDisableLog.txt -Append
Set-AzureADUser -ObjectId $ObjectID.ObjectID -AccountEnabled $false
}
#4 Check your results and out to file
Foreach($ObjectID in $MyUserArray){
Get-AzureADUser -ObjectId $ObjectID.ObjectID | Select UserPrincipalName, AccountEnabled | Tee-Object C:\temp\Disable_Accounts_Results.txt -Append
}
Invoke-item C:\temp\Disable_Accounts_Results.txt
Remove-AzureADUser
# I will follow my actual protocols for removal of accounts since I always want to show best practices.
#1 I get my data from HR or some other process to alert me some users need to be decommissioned , fired, quit, contract up etc...
$UserAccountsfromHR = Get-Content "C:\Users\scott\Documents\WindowsPowershell\AzureAD\HR-Remove-Accounts.txt"
$UserAccountsfromHR
#1.5 !!!! Run the snippet in #1 ONLY and review the output on the screen to make sure you are importing the correct data from source !!!!
#2 Run this command to verify I have correct infromation on these accounts and they are found in AAD
#Decalre Array
$MyUserArray = @()
Foreach ($userUPN in $UserAccountsfromHR){
$MyUserArray += Get-AzureADUser | Where{$_.UserPrincipalName -eq $userUPN} | Select DisplayName, ObjectID, UserPrincipalName, AccountEnabled
}
$MyUserArray | Tee-Object C:\Temp\MyUserArrayLog.txt -Append
#2.5 Run the Snippet in #2 next to review the output to the screen and make sure these are the accounts you want to remove.
#3 Make sure all results are correct in prior steps, if anything looks out of the norm, STOP and ask someone about it
# I use the ObjectID due to the fact these are unique in the AAD
Foreach($ObjectID in $MyUserArray){
$ObjectID | Tee-Object C:\Temp\UsersRemovedLog.txt -Append
Remove-AzureADUser -ObjectId $ObjectID.ObjectID
}