First you will need to install the AzureAD module from the PowerShell Gallery.
#have to connect to your environment
Connect-AzureAD
#return all AUs: properties of displayname, id, and description
Get-AzureADMSAdministrativeUnit
#get an AU by name (returns nothing if no matches)
Get-AzureADMSAdministrativeUnit -Filter "displayname eq 'lowe'"
#not sure how to do a "like" or "contains" query
#create new AU with a displayname and description
New-AzureADMSAdministrativeUnit -Description "146" -DisplayName "Lowe"
#it takes a few minutes for changes to show up in the Web UI
#get the members of an AU as users (with DisplayName and UPN)
Get-AzureADMSAdministrativeUnitMember -Id 71084ab0-34c8-4388-9793-21e7a9776f9c | foreach-object {Get-AzureADUser -ObjectId $_.id}
#add a member to an AU (each object has an ID property)
Add-AzureADMSAdministrativeUnitMember -Id 2518ab7d-6447-4824-88c2-94cc4bc4a75f -RefObjectId 009133a3-b732-4150-aa04-ca459f6027a1
#how to remove a member (without knowing the IDs)
$manualAU = Get-AzureADMSAdministrativeUnit -Filter "displayname eq 'manual'"
$johnny = Get-AzureADUser -ObjectId johnny@demo.onmicrosoft.com
Remove-AzureADMSAdministrativeUnitMember -Id $manualAU.Id -MemberId $johnny.ObjectId
#change displayname or description
Set-AzureADMSAdministrativeUnit -Id 36db27e3-b094-4813-a899-de7cadebf704 -Description "delete this one" -DisplayName "TBD"
#delete an AU (it will not ask you to confirm)
Remove-AzureADMSAdministrativeUnit -Id 36db27e3-b094-4813-a899-de7cadebf704
Unfortunately, none of these have WhatIf or Confirm, and I haven't seen any Verbose or Debug output for them.
(If you're new to PowerShell, let me remind you that you don't have to quote your parameter values if they don't have spaces; you can see sometimes I did, and sometimes I didn't.)
Please let me know if you have any questions! Thanks for reading!
No comments:
Post a Comment