Inhalt
Anzeigen
“install” & “connect”
Install the Microsoft Graph PowerShell module.
"Install-Module Microsoft.Graph -Force“- This module enables interaction with Microsoft ENTRA ID and other Microsoft services.
After installing the module, you will need to connect to Microsoft Graph. This typically requires you to authenticate with your Azure credentials.
- “
Connect-MgGraph -Scopes "User.ReadWrite.All", "Group.ReadWrite.All", "Directory.ReadWrite.All". - The
-Scopesparameters inConnect-MgGraphdefine the permissions that you assign to your session. The above areas should be sufficient for most of the actions listed below. However, you can customize them depending on your specific requirements.
Examples
New-MgUser
Creates a new user in Azure Active Directory.
New-MgUser -AccountEnabled $true -DisplayName "John Doe" -MailNickname "johndoe" -UserPrincipalName "johndoe@contoso.com" -PasswordProfile @{ Password = "xWwvJ]6NMw+bWH-d"; ForceChangePasswordNextSignIn = $true }- Creates a new user named John Doe, with an activated account, and an email address.
New-MgUser -DisplayName "Jane Doe" -UserPrincipalName "janedoe@contoso.com" -PasswordProfile @{ Password = "p@ssw0rd"; ForceChangePasswordNextSignInWithMfa = $true }- Creates a new user named Jane Doe with an email address and enforces the password change the next time you log in with MFA.
New-MgUser -UserPrincipalName 'user@domain.com' -DisplayName 'User Name' -MailNickname 'user' -AccountEnabled $true -PasswordProfile $PasswordProfile -UsageLocation 'DE'- Creates a new user and sets the location to Germany.
Get-MgUser
Retrieves user information from Azure Active Directory.
Get-MgUser -UserId 'user@domain.com'- Retrieves information about a specific user.
Get-MgUser -Filter "department eq 'IT' and jobTitle eq 'Manager'"- Retrieves users from the IT department with the position ‘Manager’.
Get-MgUser -All | Where-Object {$_.AccountEnabled -eq $false}- Retrieves all disabled user accounts.
Get-MgUser -Search "DisplayName:Andreas" -ConsistencyLevel eventual- Searches for users whose display name contains ‘Andreas’.
Get-MgUser -Top 10- Retrieves the first 10 user accounts.
Get-MgUser -Filter "CreatedDateTime ge 2023-01-01T00:00:00Z"- Retrieves users created after January 1, 2023.
Get-MgUser -Filter "signInActivity/lastSignInDateTime le 2023-01-01T00:00:00Z"- Retrieves users who last logged in before January 1, 2023.
Update-MgUser
Updates user attributes in Azure Active Directory.
- Update-MgUser -UserId ‘user@domain.com‘ -Department ‘IT’
- Updates a user’s department information.
Update-MgUser -UserId 'user@domain.com' -JobTitle 'Manager'- Changes a user’s job title.
Update-MgUser -UserId 'user@domain.com' -MobilePhone '+1234567890'- Updates a user’s mobile phone number.
Update-MgUser -UserId 'user@domain.com' -OfficeLocation 'Building 1'- Changes a user’s office location.
Update-MgUser -UserId 'user@domain.com' -PasswordProfile $PasswordProfile- Sets a new password for a user.
Update-MgUser -UserId 'user@domain.com' -UsageLocation 'DE'- Changes a user’s location to Germany.
Update-MgUser -UserId 'user@domain.com' -AccountEnabled $false- Deactivates the user account.
Remove-MgUser
Removes a user from Azure Active Directory.
Remove-MgUser -UserId 'user@domain.com'- Removes a specific user from Azure AD.
Remove-MgUser -UserId 'user@domain.com' -Confirm- Removes a user with a confirmation prompt.
Remove-MgUser -UserId 'user@domain.com' -WhatIf- Indicates what would happen if the command was executed without actually executing it.
Remove-MgUser -UserId 'user@domain.com' -PassThru- Returns
trueif the command was executed successfully.
Remove-MgUser -InputObject $User- Removes a user based on a user object.
New-MgGroup
Creates a new group in Azure Active Directory.
New-MgGroup -DisplayName "Project Team" -MailEnabled $false -MailNickname "projectteam" -SecurityEnabled $true- Creates a new security group named Project Team.
Get-MgGroup
Retrieves group information from Azure Active Directory.
Get-MgGroup -Filter "startswith(displayName, 'Project')"- Gets information about all groups whose names begin with Project.
Get-MgGroup -Top 5- Gets information about the first 5 groups in the directory.
Get-MgGroup -Filter "groupTypes/any(c:c eq 'Unified')"- Gets information about all Office 365 Groups.
Update-MgGroup
Updates group attributes in Azure Active Directory.
Update-MgGroup -GroupId $groupId -DisplayName "New Project Team"- Updates the name of a group in New Project Team.
Update-MgGroup -GroupId $groupId -Description "New description for the group"- Updates the description of a group.
Update-MgGroup -GroupId $groupId -Visibility "Private"- Changes the visibility of a group to Private.
Update-MgGroup -GroupId $groupId -MailNickname "newnickname"- Changes the mail nickname of a group.
Remove-MgGroup
Removes a group from Azure Active Directory.
Remove-MgGroup -GroupId $groupId- Removes the group with the specified group ID from Azure Active Directory.
Remove-MgGroup -GroupId (Get-MgGroup -Search "Old Project Team").Id- Look for a group named “Old Project Team” and remove it.
Set-MgUserLicense
Changes the licensing information for an Azure AD user.
Set-MgUserLicense -UserId 'user@domain.com' -AddLicenses @{SkuId = $SkuId} -RemoveLicenses @()- Assigns a license to a user.
Set-MgUserLicense -UserId 'user@domain.com' -AddLicenses $addLicenses -RemoveLicenses @()- Assigns multiple licenses to a user.
Set-MgUserLicense -UserId 'user@domain.com' -AddLicenses @{SkuId = $SkuId; DisabledPlans = $disabledPlans}- Assigns a license to a user with plans disabled.
Set-MgUserLicense -UserId 'user@domain.com' -AddLicenses @() -RemoveLicenses @($SkuId)- Removes a license from a user.
Set-MgUserLicense -UserId 'user@domain.com' -AddLicenses $mgUser.AssignedLicenses -RemoveLicenses @()- Copies license information from one user to another.