Connect with experts and redefine what’s possible at work – join us at the Microsoft 365 Community Conference May 6-8. Learn more >

AzureAD PowerShell Module

5 Topics

The term 'New-informationbarrierPolicy' is not recognized as the name of a cmdlet, function
Hello guys, Does any one can run the "New-InformationBarrierPolicy" cmdlets successfully with EXO V2 module? I've login successful and granted permission with Information Barrier Processor but still cannot run it.. From the error message seems no such cmdlets...
Little_Joe
Jan 14, 2024 Place Windows PowerShell
6.2KViews
0likes
18Comments
Need a PowerShell Script to add multiple users to Azure Ad using csv file.
Script that i have tried its showing the below error. And Unable to fix it. Myscript:- #Import-Module AzureAD #Already installed # Set the path to your CSV file $csvPath = "C:\Users\pathto\newuserscript.csv" # Set the desired password length $passwordLength = 10 # Read the CSV file $users = Import-Csv -Path $csvPath # Connect to Azure AD #Connect-AzureAD # Loop through each user in the CSV file foreach ($user in $users) { # Generate a random password $password = [System.Web.Security.Membership]::GeneratePassword($passwordLength, 2) # Create a new user object $newUserParams = @{ DisplayName = $user.DisplayName UserPrincipalName = $user.UserPrincipalName PasswordProfile = @{ Password = $password ForceChangePasswordNextSignIn = $true } } # Add the user to Azure AD New-AzureADUser @newUserParams # Output the user details and password to the console Write-Output "User created: $($user.DisplayName) ($($user.UserPrincipalName))" Write-Output "Password: $password" # Export the user details and password to a CSV file $output = [PSCustomObject]@{ DisplayName = $user.DisplayName UserPrincipalName = $user.UserPrincipalName Password = $password } $output | Export-Csv -Path "C:\Users\pathto\userlistpw.csv" -force -NoTypeInformation } Error:- Unable to find type [System.Web.Security.Membership]. At line:13 char:17 + $password = [System.Web.Security.Membership]::GeneratePassword($p ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (System.Web.Security.Membership:TypeName) [], RuntimeException + FullyQualifiedErrorId : TypeNotFound New-AzureADUser : Cannot bind argument to parameter 'DisplayName' because it is null. At line:26 char:17 + New-AzureADUser @newUserParams + ~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [New-AzureADUser], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.Open.AzureAD16.PowerShell.NewUser User created: () Password: Note:- My csv file contain only Display name , UPN , Block sign in column filled, Else other are blank. THANK YOU!!
Solved
Ajay_Kumar_Ghose
Jul 29, 2023 Place Windows PowerShell
13KViews
0likes
29Comments
Last Login dates for all Guests using PowerShell
So I need to be able to report on all guest accounts on my companies tenant, to see the last time they logged on. AzureADSignin Logs are no good as they only cover last 30 days, I know somewhere within Azure, I have found one guest account where the last login was during 2021, but I need to capture this for all guest accounts? Is this even possible? Thanks in advance for any help.
Solved
coxygt
Jun 27, 2023 Place Windows PowerShell
13KViews
0likes
3Comments
Get MFAStatus with API
Hi, I'm trying to get a report for the MFA status for all my tenant users. # Replace the values in the following variables with your own $clientId = "your_client_id_here" $clientSecret = "your_client_secret_here" $tenantId = "your_tenant_id_here" # Authenticate using Microsoft Graph API $tokenBody = @{ Grant_Type = "client_credentials" Scope = "https://graph.microsoft.com/.default" Client_Id = $clientId Client_Secret = $clientSecret } $tokenResponse = Invoke-RestMethod -Method POST -Uri "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" -Body $tokenBody $accessToken = $tokenResponse.access_token # Retrieve all users in the tenant $users = Invoke-RestMethod -Method GET -Uri "https://graph.microsoft.com/v1.0/users" -Headers @{Authorization = "Bearer $accessToken"} # Loop through each user and retrieve their MFA status foreach ($user in $users.value) { $userId = $user.id $mfaStatus = Invoke-RestMethod -Method GET -Uri "https://graph.microsoft.com/v1.0/users/$userId/authentication/strongAuthenticationMethods" -Headers @{Authorization = "Bearer $accessToken"} $mfaEnabled = $mfaStatus.value | Where-Object {$_.state -eq "enabled"} Write-Output "$($user.displayName) - MFA Enabled: $($mfaEnabled -ne $null)" } I got this script but I'm always getting an error when I'm trying to execute it ... error is : Line | 17 | $users = Invoke-RestMethod -Method GET -Uri "https://graph.microsoft. … | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | {"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the | operation.","innerError":{"date":"2023-03-28T00:21:46","request-id":"d929a2d8-ca16-44b4-af0b-4d514c15ea78","client-request-id":"d929a2d8-ca16-44b4-af0b-4d514c15ea78"}}} In my API permission, I've double check to be sur all permission are ok : UserAuthenticationMethod.Read.All or UserAuthenticationMethod.ReadWrite.All (for Microsoft Graph API v1.0) OR AuthenticationMethod.Read.All or AuthenticationMethod.ReadWrite.All (for Microsoft Graph API beta) User.Read.All or User.ReadWrite.All (for Microsoft Graph API v1.0) OR Directory.Read.All or Directory.ReadWrite.All (for Microsoft Graph API beta) I've check again my clientID-clientSecret-TenanID and seems to be good : How to be sure this is OK? Any log in AzureAD to check if at least my script is able to authenticate? Thanks in advance!
StevenRPF
Mar 30, 2023 Place Microsoft Graph
2.6KViews
0likes
10Comments
Insufficient privileges to change device owner
I have assigned some users the Cloud Device Administrator role, which says "Full access to manage devices in Azure AD." But when they try to update a device owner in AzureAD Powershell using the Add-AzureADDeviceRegisteredOwner or Remove-AzureADDeviceRegisteredOwner cmdlets, they get this error: Code: Authorization_RequestDenied Message: Insufficient privileges to complete the operation. As a global administrator, I can change device owners using these cmdlets, but clearly I don't want to give them that role. Is there another role or permission I can assign that will allow changing device owners?
Jay Carper
Apr 06, 2021 Place Azure
1.3KViews
0likes
0Comments