Monday, November 30, 2020

Demo of Azure AD Administrative Units

I recently learned about Administrative Units (AU) in Azure AD. So before long, I wanted to manipulate them in PowerShell. I found the documentation somewhat lacking. Here's a cheat sheet that I hope benefits you as much as it does me. 

First you will need to install the AzureAD module from the PowerShell Gallery.

#have to connect to your environment
Connect-AzureAD

#return all AUs: properties of displayname, id, and description
Get-AzureADMSAdministrativeUnit

#get an AU by name (returns nothing if no matches)
Get-AzureADMSAdministrativeUnit -Filter "displayname eq 'lowe'"
#not sure how to do a "like" or "contains" query
#create new AU with a displayname and description
New-AzureADMSAdministrativeUnit -Description "146" -DisplayName "Lowe"
#it takes a few minutes for changes to show up in the Web UI

#get the members of an AU as users (with DisplayName and UPN)
Get-AzureADMSAdministrativeUnitMember -Id 71084ab0-34c8-4388-9793-21e7a9776f9c | foreach-object {Get-AzureADUser -ObjectId $_.id}

#add a member to an AU (each object has an ID property)
Add-AzureADMSAdministrativeUnitMember -Id 2518ab7d-6447-4824-88c2-94cc4bc4a75f -RefObjectId 009133a3-b732-4150-aa04-ca459f6027a1

#how to remove a member (without knowing the IDs)
$manualAU = Get-AzureADMSAdministrativeUnit -Filter "displayname eq 'manual'"
$johnny = Get-AzureADUser -ObjectId johnny@demo.onmicrosoft.com
Remove-AzureADMSAdministrativeUnitMember -Id $manualAU.Id -MemberId $johnny.ObjectId

#change displayname or description
Set-AzureADMSAdministrativeUnit -Id 36db27e3-b094-4813-a899-de7cadebf704 -Description "delete this one" -DisplayName "TBD"

#delete an AU (it will not ask you to confirm)
Remove-AzureADMSAdministrativeUnit -Id 36db27e3-b094-4813-a899-de7cadebf704

Unfortunately, none of these have WhatIf or Confirm, and I haven't seen any Verbose or Debug output for them. 

(If you're new to PowerShell, let me remind you that you don't have to quote your parameter values if they don't have spaces; you can see sometimes I did, and sometimes I didn't.)

Please let me know if you have any questions! Thanks for reading!


Posted by at No comments:

Thursday, October 15, 2015

Modify DNS Entry

I learned today that it is a multistep process to use PowerShell to change the IP address of an A record in DNS. I think PowerShell should work in a flow with cmdlets, but there are some things, like this scenario, that don't fit right.

Here's the example:
$old = Get-DnsServerResourceRecord -Name mdm -ComputerName DNS1 -ZoneName contoso.com
$new = $old.clone() #so that there are two copies of the DNS record object
$new.RecordData.IPv4Address = [ipaddress] "10.11.12.13" #stores as System.Net.IPAddress object
Set-DnsServerResourceRecord -OldInputObject $old -NewInputObject $new -ComputerName DNS1 -ZoneName contoso.com #basically swapping old and new
#verify with:
Get-DnsServerResourceRecord -Name mdm -ComputerName DNS1 -ZoneName contoso.com

Some PowerShell is straightforward, and some takes a few steps to get a result.  Maybe you can write your own function that performs the same action (update IP address) in one line!  Try it!
Posted by at No comments:

Friday, August 14, 2015

Reorganize My Profile

As you may have guessed, I am testing a new PowerShell profile.  My old one had been around for a few years and was based in my knowledge and PowerShell's features at the time.  Here are the principles I am using for my new profile:
  • I'm organizing the functions I most often use into modules and leaving out special-purpose scripts. I'm putting all organization-related items in one module and trying to generalize all the other modules for sharing/publishing purposes. This includes using environment variables like $env:USERDNSDOMAIN
  • Instead of import statements or complicated ways to check for modules or elevated prompt, I am using Requires statements on each file (only one per file is allowed).  For more info, use  Get-Help about_requires
  • Since PowerShell 3, modules are loaded on-demand.  Any modules that show up in Get-Module -ListAvailable are included in this.  If a script or module requires a module that is available, then that module is imported automatically. 
  • To add a module to -ListAvailable, create a .PSM1 file and put it in Documents\WindowsPowerShell\Modules\modname, and the folder and PSM1 file names have to match.  I'm moving my modules here in this format.
  • Instead of typing the long path to my WindowsPowerShell folder, I created a PSDrive (map) called my:
    $null = New-PSDrive -Name my -Root (Split-Path -Path $PROFILE -Parent) -PSProvider FileSystem

So how do you organize your scripts? Leave a comment below!
Posted by at No comments:

Thursday, August 6, 2015

Test Profile

Want to test your new profile script without loading your existing one(s)?  Run this from the Run command:
powershell.exe /noexit /noprofile /file myfile.ps1

Here are some other parameters for powershell.exe
Find out more about profiles here.
Posted by at No comments:
Subscribe to: Posts (Atom)