Prerequisites:
The modifications are limited using the Azure management portal, you must use the Powershell module for Azure AD:
Manage Azure AD with Powershell: https://msdn.microsoft.com/en-us/library/azure/jj151815.aspx
First, install the Azure AD powershell cmdlets on a server. It requires the installation of Microsoft Online Services sign-in assistant.
Usage:
To check the version:
(get-item C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSOnline\Microsoft.Online.Administration.Automation.PSModule.dll).VersionInfo.FileVersion
To connect to Azure AD:
$msolcred = get-credential ; enter the global admin account
connect-msolservice -credential $msolcred
To remove a user: remove-msoluser
To remove a old synchronization user: remove-msoluser
a) Get-msoluser ; to display all users
b) Select the userprincipalname to remove: Sync_SERVERADSYNC_7783219a5965@amadeusGAD.onmicrosoft.com
c) Then remove the account:
d) Get-msoluser again to control if the user has been deleted
To search a user,
Get-msoluser ; to display all users
To remove a group: remove-msolgroup
But it works using the group’s objectid
To display all groups:
Get-msolgroup –all ; to list all groups
Get-msolgroup –maxresults 10 ; to list the first 10 groups
To list the number of users and groups:
(Get-msoluser –all).count ; for all users
And for groups:
To display only the users with license enabled:
Get-msoluser –userprincipalname <account> | ft displayname,licenses
get-msoluser | where {$_.islicensed -like “true”}
To list users with no licenses:
Get-msoluser –userprincipalname user1@mydomain.com | select userprincipalname,islicensed,usagelocation | ft –autosize
For all users:
Get-msoluser | where {$_.isLicensed –like “false”} | ft -autosize
Get-msoluser | where {$_.isLicensed –like “false”} | select userprincipalname,isLicensed,usagelocation | ft -autosize
To list all the users with license enabled:
Get-msoluser | where {$_.isLicensed –like “true”} | select userprincipalname,isLicensed,usagelocation | ft -autosize
To list the SKU available: get-msolaccountsku | ft -autosize
To assign a license to a user:
A) First you must assign a usage location
get-msoluser -userprincipalname user2@mydomain.com | set-msoluser -usagelocation FR
B) You can assign a License
Set-MsolUserLicense -UserPrincipalName user2@mydomain.com -AddLicenses “contoso:EMS”
To set a usagelocation FR to all users with no licenses:
Get-msoluser | where {$_.isLicensed -like “false”} | select userprincipalname,isLicensed,usagelocation | set-msoluser -usagelocation FR
And display the result:
Get-msoluser | where {$_.isLicensed -like “false”} | select userprincipalname,isLicensed,usagelocation | ft -autosize
Now assign the contoso:EMS license to all users without license not yet enabled:
Get-msoluser | where {$_.isLicensed -like “false”} | select userprincipalname,isLicensed,usagelocation | set-msoluserlicense -addlicenses “contoso:EMS”
And display the result: Get-msoluser | select userprincipalname,isLicensed,usagelocation | ft -autosize
To search a user based on his userprincipalname:
Get-msoluser –all | where {$_.userprincipalname –like “user1@mydomain.com”} | select userprincipalname,islicensed,usagelocation
