Windows Azure

You must install the appropriate version of the Windows Azure AD Module for Windows PowerShell for your operating system from the Microsoft Download Center:

  • Windows Azure Active Directory Module for Windows PowerShell (32-bit version)
  • Windows Azure Active Directory Module for Windows PowerShell (64-bit version)
  • Then click the Windows Azure Active Directory Module for Windows PowerShell shortcut to open a Windows PowerShell workspace that has the cmdlets. Alternatively, you can load the cmdlets manually by typing import-module MSOnline at the Windows PowerShell command prompt.

    Once the modules are imported you can connect with your Azure credentials.

    $msolcred = get-credential
    connect-msolservice -credential $msolcred
    

    When you’re connected you have these commands avalible:

    Manage users

    Command Description

    Convert-MsolFederatedUser

    The Convert-MsolFederatedUser cmdlet is used to update a user in a domain that was recently converted from single sign-on (also known as identity federation) to standard authentication type. A new password must be provided for the user.

    Get-MsolUser

    The Get-MsolUser cmdlet can be used to retrieve an individual user, or list of users. An individual user will be retrieved if the ObjectId or UserPrincipalName parameter is used.

    New-MsolUser

    The New-MsolUser cmdlet is used to create a new user in Windows Azure AD. In order to give the user access to services, they must also be assigned a license (using the LicenseAssignment parameter).

    Remove-MsolUser

    The Remove-MsolUser cmdlet is used to remove a user from Windows Azure AD. This cmdlet will delete the user, their licenses, and any other associated data.

    Restore-MsolUser

    The Restore-MsolUser cmdlet restores a user that is in the Deleted users view to their original state. Users will remain in the Deleted users view for 30 days.

    Set-MsolUser

    The Set-MsolUser cmdlet is used to update a user object. Note that this cmdlet should be used for basic properties only. The licenses, password, and User Principal Name for a user can be updated through Set-MsolUserLicense, Set-MsolUserPassword and Set-MsolUserPrincipalName cmdlets respectively.

    Set-MsolUserPassword

    The Set-MsolUserPassword cmdlet is used to change the password of a user. This cmdlet can only be used for users with standard identities.

    Set-MsolUserPrincipalName

    The Set-MsolUserPrincipalName cmdlet is used to change the User Principal Name ([Template Token Value]) of a user. This cmdlet can be used to move a user between a federated and standard domain, which will result in their authentication type changing to that of the target domain.

    Redo-MsolProvisionUser

    The Redo-MsolProvisionUser cmdlet can be used to retry the provisioning of a user object in Windows Azure Active Directory when a previous attempt to create the user object resulted in a validation error.

    Manage group and role membership

    Command Description

    Add-MsolGroupMember

    The Add-MsolGroupMember cmdlet is used to add members to a security group. The new members can be either users or other security groups.

    Get-MsolGroup

    The Get-MsolGroup cmdlet is used to retrieve groups from Windows Azure AD. This cmdlet can be used to return a single group (if ObjectId is passed in), or to search within all groups.

    Get-MsolGroupMember

    The Get-MsolGroupMember cmdlet is used to retrieve members of the specified group. The members can be either users or groups.

    New-MsolGroup

    The New-MsolGroup cmdlet is used to add a new security group to Windows Azure AD.

    Remove-MsolGroup

    The Remove-MsolGroup cmdlet is used to delete a group from Windows Azure AD.

    Remove-MsolGroupMember

    The Remove-MsolGroupMember cmdlet is used to remove a member from a security group. This member can be either a user or a group.

    Set-MsolGroup

    The Set-MsolGroup cmdlet is used to update the properties of a security group.

    Add-MsolRoleMember

    The Add-MsolRoleMember cmdlet is used to add a member to a role. Currently, only users can be added to a role (adding a security group is not supported).

    Get-MsolRole

    The Get-MsolRole cmdlet can be used to retrieve a list of administrator roles.

    Get-MsolUserRole

    The Get-MsolUserRole cmdlet is used to retrieve all of the administrator roles that the specified user belongs to. This cmdlet will also return roles that the user is a member of through security group membership.

    Get-MsolRoleMember

    The Get-MsolRoleMember cmdlet is used to retrieve all members of the specified role.

    Remove-MsolRoleMember

    The Remove-MsolRoleMember cmdlet is used to remove a user from an administrator role.

    Redo-MsolProvisionGroup

    The Redo-MsolProvisionGroup cmdlet can be used to retry the provisioning of a group object in Windows Azure Active Directory when a previous attempt to create the group object resulted in a validation error.

    For more information and commands please visit technet.