ByteInTheSky

How to Add Azure Active Directory User Using PowerShell

Tagged: PowerShell

Problem

In this blog post, we will walk you through how to add Azure Active Directory (Azure AD) user using PowerShell.

Solution

As of this writing, there are two PowerShell modules that can be used to add Azure AD user.

  1. Az module
    In this module, we can use New-AzADUser cmdlet.
  2. AzureAD module
    In this module, we can use New-AzureADUser cmdlet.

It is possible that in the future one of the module will be merged to the other module.

This article requires us to install and connect to appropriate Azure AD tenant first. For complete detail to achieve this, you can read article how to switch Azure Active Directory tenant.

Using New-AzADUser cmdlet

To use this command, we must have installed Az module. Then, we connect to our Azure AD tenant or directory.

New-AzADUser has some mandatory properties such as MailNickname and Password. If you add user without these properties, then you will be forced and prompted to fill their value.


New-AzADUser -DisplayName 'Jason Kidd' -UserPrincipalName jason.kidd@byteinthesky.onmicrosoft.com
New-AzADUser-without-mailnickname-and-password

You can eagerly fill the password, but you cannot write the password plainly without being encrypted. Therefore, you have to use AsSecureString, so that the password will be encrypted.


New-AzADUser -DisplayName 'Dan Brown' -UserPrincipalName dan.brown@byteinthesky.onmicrosoft.com -MailNickname Dan -Password (Read-Host "Enter Password for User" -AsSecureString)
New-AzADUser-enter-password-AsSecureString

Using New-AzureADUser cmdlet

This command is similar to the previous one. You have to install AzureAD module first and connect before using New-AzureADUser.

Adding user using New-AzureADUser is little bit different with New-AzADUser that it has additional mandatory parameter which is AccountEnabled.

There is also no Password parameter but PasswordProfile or PasswordPolicies. So, if you want to enter password, you should use PasswordProfile as follows:


$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$PasswordProfile.Password = (Read-Host "Enter Password for User" -AsSecureString)

New-AzureADUser -DisplayName 'John Wick' -UserPrincipalName john.wick@byteinthesky.onmicrosoft.com -MailNickname John -AccountEnabled $true -PasswordProfile $PasswordProfile
New-AzureADUser-specify-password

Conclusion

To add new user to Azure Active Directory (Azure AD), you can use New-AzADUser or New-AzureADUser.

New-AzureADUser has additional mandatory parameter which is AccountEnabled. New-AzureADUser also doesn’t have Password parameter but PasswordProfile.

So, to specify password when using New-AzureADUser, you have to use PasswordProfile parameter.

← How to Get List of Azure Active Directory Users Using PowerShell
How to Force New Azure AD User to Change Password After Login Using PowerShell →