Azure AD Scripting

Prerequisites:
The modifications are limited using the Azure management portal, you must use the Powershell module for Azure AD:
Manage Azure AD with Powershell: https://msdn.microsoft.com/en-us/library/azure/jj151815.aspx

First, install the Azure AD powershell cmdlets on a server. It requires the installation of Microsoft Online Services sign-in assistant.

Usage:
To check the version:
(get-item C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSOnline\Microsoft.Online.Administration.Automation.PSModule.dll).VersionInfo.FileVersion

To connect to Azure AD:
$msolcred = get-credential                    ; enter the global admin account
connect-msolservice -credential $msolcred

To remove a user: remove-msoluser

To remove a old synchronization user: remove-msoluser
a)    Get-msoluser  ; to display all users
b)    Select the userprincipalname to remove: Sync_SERVERADSYNC_7783219a5965@amadeusGAD.onmicrosoft.com
c)    Then remove the account:

d)    Get-msoluser   again to control if the user has been deleted

To search a user,
Get-msoluser ; to display all users

To remove a group: remove-msolgroup

But it works using the group’s objectid

To display all groups:
Get-msolgroup –all  ; to list all groups
Get-msolgroup –maxresults  10 ; to list the first 10 groups

To list the number of users and groups:

(Get-msoluser –all).count   ; for all users
And for groups:

To display only the users with license enabled:
Get-msoluser –userprincipalname <account> | ft displayname,licenses

get-msoluser | where {$_.islicensed -like “true”}

To list users with no licenses:
Get-msoluser –userprincipalname user1@mydomain.com | select userprincipalname,islicensed,usagelocation | ft –autosize

For all users:
Get-msoluser | where {$_.isLicensed –like “false”} | ft -autosize

Get-msoluser | where {$_.isLicensed –like “false”} | select userprincipalname,isLicensed,usagelocation | ft -autosize

To list all the users with license enabled:
Get-msoluser | where {$_.isLicensed –like “true”} | select userprincipalname,isLicensed,usagelocation | ft -autosize

To list the SKU available: get-msolaccountsku | ft -autosize

To assign a license to a user:
A)    First you must assign a usage location
get-msoluser -userprincipalname user2@mydomain.com | set-msoluser -usagelocation FR

B)    You can assign a License
Set-MsolUserLicense -UserPrincipalName user2@mydomain.com -AddLicenses “contoso:EMS”

To set a usagelocation FR to all users with no licenses:
Get-msoluser | where {$_.isLicensed -like “false”} | select userprincipalname,isLicensed,usagelocation | set-msoluser -usagelocation FR
And display the result:
Get-msoluser | where {$_.isLicensed -like “false”} | select userprincipalname,isLicensed,usagelocation | ft -autosize

Now assign the contoso:EMS license to all users without license not yet enabled:
Get-msoluser | where {$_.isLicensed -like “false”} | select userprincipalname,isLicensed,usagelocation | set-msoluserlicense -addlicenses “contoso:EMS”
And display the result: Get-msoluser | select userprincipalname,isLicensed,usagelocation | ft -autosize

To search a user based on his userprincipalname:
Get-msoluser –all | where {$_.userprincipalname –like “user1@mydomain.com”} | select userprincipalname,islicensed,usagelocation