I’ve been doing a lot of Azure AD stuff lately, so here are some powershell snippets that have been coming in handy.
I always forget to Connect-AzureAD first, so don’t do that
Get extension properties of a user (e.g. created date)
Get-AzureADUser -SearchString ‘username or email addy’ | select -ExpandProperty ExtensionPropertyGet guest users that are not members of a specified group
$allGuests = Get-AzureADUser -Filter “usertype eq ‘guest’” -All $true
$groupMembers = Get-AzureADGroup -SearchString ‘group-name’ | Get-AzureADGroupMember -All $true
$allGuests | where {$groupMembers -notcontains $_ }Guest users that have not accepted their invitations to join Azure AD
Get-AzureADUser -Filter “usertype eq ‘guest’” -All $true | where UserState -eq PendingAcceptanceAdd a big list of users to a group
Assuming all the usernames are in a text-file, one line each:
$group = get-azureadgroup -SearchString “group name"
get-content .\users.txt | % { $user = Get-AzureADUser -SearchString $_; Add-AzureADGroupMember -ObjectId $group.ObjectId -RefObjectId $user.ObjectId }Turn off password expiry (e.g. for a service account)
Set-AzureADUser -ObjectId $user.ObjectId -PasswordPolicies DisablePasswordExpiration