Skip to main content

Useful Azure AD Powershell snippets

I've been doing a lot of Azure AD stuff lately, so here are some powershell snippets that have been coming in handy.

I always forget to Connect-AzureAD first, so don't do that

Get extension properties of a user (e.g. created date)


Get-AzureADUser -SearchString 'username or email addy' | select -ExpandProperty ExtensionProperty

Get guest users that are not members of a specified group


$allGuests = Get-AzureADUser -Filter "usertype eq 'guest'" -All $true
$groupMembers = Get-AzureADGroup -SearchString 'group-name' | Get-AzureADGroupMember -All $true
$allGuests | where {$groupMembers -notcontains $_ }


Guest users that have not accepted their invitations to join Azure AD


Get-AzureADUser -Filter "usertype eq 'guest'" -All $true | where UserState -eq PendingAcceptance

Add a big list of users to a group

Assuming all the usernames are in a text-file, one line each:

$group = get-azureadgroup -SearchString "group name"
get-content .\users.txt | % { $user = Get-AzureADUser -SearchString $_; Add-AzureADGroupMember -ObjectId $group.ObjectId -RefObjectId $user.ObjectId }


Turn off password expiry (e.g. for a service account)

Set-AzureADUser -ObjectId $user.ObjectId -PasswordPolicies DisablePasswordExpiration


Comments

Popular posts from this blog

'A section using configSource may contain no other attributes or elements' error after installing Application Insights

After installing the Application Insights nuget package to an Umbraco solution, you'll get this error:

A section using 'configSource' may contain no other attributes or elements

<ExamineLuceneIndexSets configSource="config\ExamineIndex.config" />
     <log4net configSource="config\log4net.config">
         <root>
             <level value="ALL" />
             <appender-ref ref="aiAppender" />
Source File: \project\web.config

This happens because part of the Application Insights installation process adds a <log4net> section to web.config.  Which would make sense, except Umbraco already has a <log4net> section in /config/log4net.config.  So as you can imagine, the solution is to manually move everything its added into that file. Unfortunately you can't just copy/paste the whole lot, but it's not particularly complicated:


Move <appender-ref ref="aiAppender" /> into the lo…

Handling double-quoted CSVs in Azure Data Factory Pipelines

Azure Data Factory by default uses a backslash as the escape character for CSVs, but we ran into an issue with this today processing one of the CSV files from data.gov.au.  As with most CSVs they use quotes around values as normal and with double-quotes for empty values, but they also use double-quotes to escape quotes within non-empty values. This probably sounds confusing, so here's an example:

"column 1","column 2","","column 4 value is ""sort of"" like this"

The ADF pipeline failed because the double-quotes don't get escaped correctly:
ErrorCode=UserErrorSourceDataContainsMoreColumnsThanDefined, found more columns than expected column count.

The solution was to change the "Escape character" property on the dataset, by clicking the "Edit" button beneath it and manually entering "", since "" isn't in the list of escape characters.  I didn't think this would work at fir…

How to make yourself a Dynamics CRM 2011 Deployment Administrator

Today I needed to deactivate one of our Dynamics organisations, but when I opened the Dynamics Deployment Manager, I received the following error:

"Only the Deployment Administrators are able to use Deployment Manager. You are not a Deployment Administrator."
Bummer. I did a bit of Googling and found this post by Ronald Lemmen (thanks for pointing me in the right direction!).  Since the Dynamics Deployment Manager is obviously checking the MSCRM_CONFIG database for this information I attached a database trace to it and found that it's executing these queries (among many others):

exec sp_executesql N'SELECT  Id, [DefaultOrganizationId], [IsDisabled], [Name]   FROM [SystemUser]   WHERE ((([Name] = @Name0)) ) AND (IsDeleted = 0) ', N'@Name0 nvarchar(41)',@Name0=N'{My windows domain account}'
exec sp_executesql N'SELECT  Id, [Name], [UniqueifierId]   FROM [SecurityRole]   WHERE ((([Name] = @Name0)) ) AND (IsDeleted = 0) ', N'@Name0 nvarchar…