If you ever used PowerShell, you already know that is a cool tool to use. And if you follow this blog regularly, you should remember that I wrote back an article, in January this year, about Azure AD PowerShell and how to use it. You can check that article here: https://spanougakis.com/2016/01/18/azure-ad-powershell-and-how-to-use-it/
And some time ago I’ve presented how to automate your day-to-day administration tasks in your on-premises AD environment using PowerShell, the recording of the presentation (in Greek) can be found here: http://systemplus.gr/adauto.html
But why do we need a new version of Azure AD PowerShell? This is because the new version will bring a lot of updates to existing cmdlets, mainly because they have to align with the new features and capabilities that Azure AD has to offer. These new capabilities will be included in the new Azure AD PowerShell module, Good news is that the module is available today, so you can start testing!
Azure AD PowerShell v2.0 installation
If you look for a download link, don’t bother, because there is an easier way to download and install it. Just run as an administrator a normal PowerShell window and type:
Install-Module -Name AzureADPreview
The next step should be to import the new module and then check the version that you’ve just installed, running the following commands:
Now let’s connect to Azure AD using the following commands:
connect-azuread –credential $azureadcred
The first command prompts for credentials and stores them as $azureadcred. The next command uses those credentials as $azureadcred to connect to the service.
You probably already noticed that there is a change in the names of all cmdlets: instead of typing “connect-msolservice”, we now have to type “connect-azuread”, so practically the entire MSOL module was renamed to AzureAD. If an existing cmdlet was named “New-MSOLUser”, which adds a new user to the directory, the new cmdlet’s name is “New-AzureADUser”.
For a full list of all available cmdlets and how to use them, please read the AzureAD PowerShell reference documentation here: https://msdn.microsoft.com/en-us/library/azure/mt757189.aspx
So let’s examine now some of the new functionality we get:
We can now search for data in our directory based on a string we specify:
Or you could search for a string “Athens”, to get information about the city where the users are located, based on the information we specified on the user accounts:
Note that the SearchString search scope for users currently covers the attributes “City”, “Country”, “Department”, “DisplayName”, “JobTitle”, “Mail”, “mailNickName”, “State”, and “UserPrincipalName.
Configurable Token Lifetimes that are also included in this version are covered in detail here https://azure.microsoft.com/en-us/documentation/articles/active-directory-configurable-token-lifetimes/ and probably this will be something we’ll discuss in a next blog post.
Manage Certificate Authority using PowerShell for Azure AD
- New-AzureADTrustedCertificateAuthority – Adds a new certificate authority for the tenant
- Get-AzureADTrustedCertificateAuthorities – Retrieves the list of certificate authority for the tenant
- Remove-AzureADTrustedCertificateAuthority – Removes a certificate authority for the tenant
- Set-AzureADTrustedCertificateAuthority – Modifying a certificate authority for the tenant
… and a good idea for another blog post, meanwhile you can find details here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-certificate-based-authentication-ios/#getting-started%20/
Managing Applications using PowerShell for Azure AD
Manage Directory Extensions in PowerShell
Manage Owners for an Application
Manage credentials for Applications in PowerShell
Take a look at this video by Nasos Kladakis, where you can see how you can use the new Azure AD PowerShell module to configure an application in your directory and assign users to roles for the new application.
Thanks for your time!