Previously you needed to download software from the Microsoft Download Center, but since 2018 (granted you’re using Powershell 5.0 or higher) you can get the required software from PowerShell.

Install-Module -Name AzureAD

Install-Module -Name MSOnline

Connect-MsolService

When you’re connected you have these commands avalible:

Manage users

Command Description

Convert-MsolFederatedUser

The Convert-MsolFederatedUser cmdlet is used to update a user in a domain that was recently converted from single sign-on (also known as identity federation) to standard authentication type. A new password must be provided for the user.

Get-MsolUser

The Get-MsolUser cmdlet can be used to retrieve an individual user, or list of users. An individual user will be retrieved if the ObjectId or UserPrincipalName parameter is used.

New-MsolUser

The New-MsolUser cmdlet is used to create a new user in Windows Azure AD. In order to give the user access to services, they must also be assigned a license (using the LicenseAssignment parameter).

Remove-MsolUser

The Remove-MsolUser cmdlet is used to remove a user from Windows Azure AD. This cmdlet will delete the user, their licenses, and any other associated data.

Restore-MsolUser

The Restore-MsolUser cmdlet restores a user that is in the Deleted users view to their original state. Users will remain in the Deleted users view for 30 days.

Set-MsolUser

The Set-MsolUser cmdlet is used to update a user object. Note that this cmdlet should be used for basic properties only. The licenses, password, and User Principal Name for a user can be updated through Set-MsolUserLicense, Set-MsolUserPassword and Set-MsolUserPrincipalName cmdlets respectively.

Set-MsolUserPassword

The Set-MsolUserPassword cmdlet is used to change the password of a user. This cmdlet can only be used for users with standard identities.

Set-MsolUserPrincipalName

The Set-MsolUserPrincipalName cmdlet is used to change the User Principal Name ([Template Token Value]) of a user. This cmdlet can be used to move a user between a federated and standard domain, which will result in their authentication type changing to that of the target domain.

Redo-MsolProvisionUser

The Redo-MsolProvisionUser cmdlet can be used to retry the provisioning of a user object in Windows Azure Active Directory when a previous attempt to create the user object resulted in a validation error.

Manage group and role membership

Command Description

Add-MsolGroupMember

The Add-MsolGroupMember cmdlet is used to add members to a security group. The new members can be either users or other security groups.

Get-MsolGroup

The Get-MsolGroup cmdlet is used to retrieve groups from Windows Azure AD. This cmdlet can be used to return a single group (if ObjectId is passed in), or to search within all groups.

Get-MsolGroupMember

The Get-MsolGroupMember cmdlet is used to retrieve members of the specified group. The members can be either users or groups.

New-MsolGroup

The New-MsolGroup cmdlet is used to add a new security group to Windows Azure AD.

Remove-MsolGroup

The Remove-MsolGroup cmdlet is used to delete a group from Windows Azure AD.

Remove-MsolGroupMember

The Remove-MsolGroupMember cmdlet is used to remove a member from a security group. This member can be either a user or a group.

Set-MsolGroup

The Set-MsolGroup cmdlet is used to update the properties of a security group.

Add-MsolRoleMember

The Add-MsolRoleMember cmdlet is used to add a member to a role. Currently, only users can be added to a role (adding a security group is not supported).

Get-MsolRole

The Get-MsolRole cmdlet can be used to retrieve a list of administrator roles.

Get-MsolUserRole

The Get-MsolUserRole cmdlet is used to retrieve all of the administrator roles that the specified user belongs to. This cmdlet will also return roles that the user is a member of through security group membership.

Get-MsolRoleMember

The Get-MsolRoleMember cmdlet is used to retrieve all members of the specified role.

Remove-MsolRoleMember

The Remove-MsolRoleMember cmdlet is used to remove a user from an administrator role.

Redo-MsolProvisionGroup

The Redo-MsolProvisionGroup cmdlet can be used to retry the provisioning of a group object in Windows Azure Active Directory when a previous attempt to create the group object resulted in a validation error.

For more information and commands please visit technet.

Pre-PowerShell 5.0

You must install the appropriate version of the Windows Azure AD Module for Windows PowerShell for your operating system from the Microsoft Download Center:

  • Windows Azure Active Directory Module for Windows PowerShell (32-bit version)
  • Windows Azure Active Directory Module for Windows PowerShell (64-bit version)
  • Then click the Windows Azure Active Directory Module for Windows PowerShell shortcut to open a Windows PowerShell workspace that has the cmdlets. Alternatively, you can load the cmdlets manually by typing import-module MSOnline at the Windows PowerShell command prompt.

    Once the modules are imported you can connect with your Azure credentials.

    $msolcred = get-credential
    connect-msolservice -credential $msolcred