Useful Azure AD Powershell snippets

I’ve been doing a lot of Azure AD stuff lately, so here are some powershell snippets that have been coming in handy.

I always forget to Connect-AzureAD first, so don’t do that

Get extension properties of a user (e.g. created date)

Get-AzureADUser -SearchString ‘username or email addy’ | select -ExpandProperty ExtensionProperty

Get guest users that are not members of a specified group

$allGuests = Get-AzureADUser -Filter “usertype eq ‘guest’” -All $true
$groupMembers = Get-AzureADGroup -SearchString ‘group-name’ | Get-AzureADGroupMember -All $true
$allGuests | where {$groupMembers -notcontains $_ }

Guest users that have not accepted their invitations to join Azure AD

Get-AzureADUser -Filter “usertype eq ‘guest’” -All $true | where UserState -eq PendingAcceptance

Add a big list of users to a group

Assuming all the usernames are in a text-file, one line each:

$group = get-azureadgroup -SearchString “group name"
get-content .\users.txt | % { $user = Get-AzureADUser -SearchString $_; Add-AzureADGroupMember -ObjectId $group.ObjectId -RefObjectId $user.ObjectId }

Turn off password expiry (e.g. for a service account)

Set-AzureADUser -ObjectId $user.ObjectId -PasswordPolicies DisablePasswordExpiration