By far the most flexible option for managing bulk users is through Windows PowerShell. There are currently three different PowerShell modules that can be used:
• MSOnline module
• Azure AD Module
• Azure AD Graph module
Note
Both the MSOnline module and Azure AD Module will eventually be deprecated and replaced by the Azure AD Graph module. The modules work similarly, though the cmdlet names, parameters, syntax, and overall capabilities are different.
Installing Modules
• Each of the modules can be installed running the Install-Module cmdlet from an elevated PowerShell prompt on your system:
• MSOnline: Install-Module MSOnline
• Azure AD: Install-Module AzureAD
• Microsoft Graph: Install-Module Microsoft.Graph
• Once the modules have been installed, you can begin connecting to Azure AD and performing operations.
Connecting to Azure AD
Each module uses a slightly different syntax for connecting to Azure AD. Let’s go over them here:
• MSOnline: Connect-MsolService
• Azure AD: Connect-AzureAD
• Microsoft Graph: Connect-MgGraph -Scopes “User.ReadWrite.All”
In each of these cases, you’ll need to provide credentials with the appropriate rights to create users (such as Global Administrator or User Administrator). In the case of the Microsoft Graph cmdlets, you’ll also need to consent to the permissions scope.
Working with PowerShell
When working with bulk users via PowerShell, you’re free to collect, organize, and manipulate the data in whatever way works best for you. For example, if you need to gather a list of user objects and their properties, you can use one of the modules’ Get-* cmdlets. You can choose to store, view, or manipulate the data in a variety of ways—for example, saving it to a variable, displaying it to the console (screen), exporting it to a file, or passing the data through to another command.
PowerShell supports a processing concept called piping. Piping can be used to redirect the output of one command into another command. It can be used to process intermediary computations or steps without writing data to disk.
Let’s look at some common examples of how you might interact with one or more objects in bulk.
Retrieving User Data
Let’s say you need to retrieve a list of all users in your organization that meet certain criteria (such as being members of the Project Management department).
Using the MSOnline cmdlets, you could accomplish this using the following Get-MsolUser cmdlet:
Get-Msoluser -MaxResults 10 -Department “Project Management” | Select DisplayName,UserPrincipalName,Department
Figure 2.37 – Get-MsolUser cmdlet
To perform the same action with the Azure AD module, you would need to modify the syntax slightly:
Get-AzureADUser -Top 10 -Filter “Department eq ‘Project Management'” | Select DisplayName,UserPrincipalName,Department
Figure 2.38 – Get-AzureADUser cmdlet
Finally, working with the Microsoft Graph module, you’d need to use the following syntax:
Get-MgUser -Filter “Department eq ‘Project Management'” -Top 10 -ConsistencyLevel Eventual -Property DisplayName,UserPrincipalName,Department | Select DisplayName,UserPrincipalName,Department
Figure 2.39 – Get-MgUser cmdlet
