AzureAD

The Azure Active Directory PowerShell for Graph module can be downloaded and installed from the PowerShell Gallery, www.powershellgallery.com. The gallery uses the PowerShellGet module. The PowerShellGet module requires PowerShell 3.0 or newer and requires one of the following operating systems:

Windows 10 Windows 8.1 Pro Windows 8.1 Enterprise Windows 7 SP1 Windows Server 2016 TP5 Windows Server 2012 R2 Windows Server 2008 R2 SP1

PowerShellGet also requires .NET Framework 4.5 or above. You can install .NET Framework 4.5 or above from here. For more information, please refer to this link For more detailed info on installation of the AzureAD cmdlets please see: Azure Active Directory PowerShell for Graph.

These are the cmdlets in the Azure Active Directory PowerShell for Graph module.

Administrative Units

Set-AzureADAdministrativeUnit

Updates an administrative unit.

Applications

Add-AzureADApplicationOwner

Adds an owner to an application.

Get-AzureADApplication

Gets an application.

Get-AzureADApplicationExtensionProperty

Gets application extension properties.

Get-AzureADApplicationKeyCredential

Gets the key credentials for an application.

Get-AzureADApplicationLogo

Retrieve the logo of an application

Get-AzureADApplicationOwner

Gets the owner of an application.

Get-AzureADApplicationPasswordCredential

Gets the password credential for an application.

Get-AzureADApplicationServiceEndpoint

Retrieve the service endpoint of an application

Get-AzureADDeletedApplication

Retrieve the deleted applications in the directory

New-AzureADApplication

Creates an application.

New-AzureADApplicationExtensionProperty

Creates an application extension property.

New-AzureADApplicationKeyCredential

Creates a key credential for an application.

New-AzureADApplicationPasswordCredential

Creates a password credential for an application.

Remove-AzureADApplication

Delete an application by objectId.

Remove-AzureADApplicationExtensionProperty

Removes an application extension property.

Remove-AzureADApplicationKeyCredential

Removes a key credential from an application.

Remove-AzureADApplicationOwner

Removes an owner from an application.

Remove-AzureADApplicationPasswordCredential

Removes a password credential from an application.

Set-AzureADApplication

Updates an application.

Set-AzureADApplicationLogo

Sets the logo for an Application

Certificate Authorities

Get-AzureADTrustedCertificateAuthority

Gets the trusted certificate authority.

New-AzureADTrustedCertificateAuthority

Creates a trusted certificate authority.

Remove-AzureADTrustedCertificateAuthority

Removes a trusted certificate authority.

Set-AzureADTrustedCertificateAuthority

Updates a trusted certificate authority.

Connect to your directory

Connect-AzureAD

Connects with an authenticated account to use Active Directory cmdlet requests.

Disconnect-AzureAD

Disconnects the current session from an Azure Active Directory tenant.

Contacts

Get-AzureADContact

Gets a contact from Azure Active Directory.

Get-AzureADContactDirectReport

Get the direct reports for a contact.

Get-AzureADContactManager

Gets the manager of a contact.

Get-AzureADContactMembership

Get a contact membership.

Get-AzureADContactThumbnailPhoto

Retrieves the thumbnail photo of a contact

Remove-AzureADContact

Removes a contact.

Remove-AzureADContactManager

Removes a contact's manager.

Select-AzureADGroupIdsContactIsMemberOf

Get groups in which a contact is a member.

Contracts

Get-AzureADContract

Gets a contract.

Deleted Objects

Restore-AzureADDeletedApplication

Restores a previously deleted application

Devices

Add-AzureADDeviceRegisteredOwner

Adds a registered owner for a device.

Add-AzureADDeviceRegisteredUser

Adds a registered user for a device.

Get-AzureADDevice

Gets a device from Active Directory.

Get-AzureADDeviceConfiguration

This cmdlet retrieves the device configuration object

Get-AzureADDeviceRegisteredOwner

Gets the registered owner of a device.

Get-AzureADDeviceRegisteredUser

Gets a registered user.

New-AzureADDevice

Creates a device.

Remove-AzureADDevice

Deletes a device.

Remove-AzureADDeviceRegisteredOwner

Removes the registered owner of a device.

Remove-AzureADDeviceRegisteredUser

Removes a registered user from a device.

Set-AzureADDevice

Updates a device.

Directory

Get-AzureADSubscribedSku

Gets subscribed SKUs to Microsoft services.

Get-AzureADTenantDetail

Gets the details of a tenant.

Set-AzureADTenantDetail

Set contact details for a tenant

Directory Objects

Get-AzureADObjectByObjectId

Retrieves the object(s) specified by the objectIds parameter

Directory Roles

Add-AzureADDirectoryRoleMember

Adds a member to a directory role.

Enable-AzureADDirectoryRole

Activates an existing directory role in Azure Active Directory.

Get-AzureADDirectoryRole

Gets a directory role.

Get-AzureADDirectoryRoleMember

Gets members of a directory role.

Get-AzureADDirectoryRoleTemplate

Gets directory role templates.

Remove-AzureADDirectoryRoleMember

Removes a member of a directory role.

Domains

Confirm-AzureADDomain

Validate the ownership of a domain.

Get-AzureADDomain

Gets a domain.

Get-AzureADDomainNameReference

This cmdlet retrieves the objects that are referenced by a given domain name

Get-AzureADDomainServiceConfigurationRecord

Gets the domain's service configuration records from the serviceConfigurationRecords navigation property.

Get-AzureADDomainVerificationDnsRecord

Retrieve the domain verification DNS record for a domain

New-AzureADDomain

Creates a domain.

Remove-AzureADDomain

Removes a domain.

Set-AzureADDomain

Updates a domain.

Extension Properties

Get-AzureADExtensionProperty

Gets extension properties registered with Azure AD.

Groups

Add-AzureADGroupMember

Adds a member to a group.

Add-AzureADGroupOwner

Adds an owner to a group.

Get-AzureADGroup

Gets a group.

Get-AzureADGroupAppRoleAssignment

Gets a group application role assignment.

Get-AzureADGroupMember

Gets a member of a group.

Get-AzureADGroupOwner

Gets an owner of a group.

New-AzureADGroup

Creates a group.

New-AzureADGroupAppRoleAssignment

Assign a group of users to an application role.

Remove-AzureADGroup

Removes a group.

Remove-AzureADGroupAppRoleAssignment

Delete a group application role assignment.

Remove-AzureADGroupMember

Removes a member from a group.

Remove-AzureADGroupOwner

Removes an owner from a group.

Select-AzureADGroupIdsGroupIsMemberOf

Gets group IDs that a group is a member of.

Set-AzureADGroup

Updates a specific group in Azure Active Directory

OAuth2

Get-AzureADOAuth2PermissionGrant

Gets OAuth2PermissionGrant entities.

Remove-AzureADOAuth2PermissionGrant

Removes an oAuth2PermissionGrant.

Others

Add-AzureADAdministrativeUnitMember

Adds an administrative unit member.

Add-AzureADApplicationPolicy

Adds an application policy.

Add-AzureADScopedRoleMembership

Adds a scoped role membership to an administrative unit.

Add-AzureADServicePrincipalPolicy

Adds a service principal policy.

Get-AzureADAdministrativeUnit

Gets an administrative unit.

Get-AzureADAdministrativeUnitMember

Gets a member of an administrative unit.

Get-AzureADApplicationPolicy

Gets an application policy.

Get-AzureADDirectorySetting

Gets a directory setting.

Get-AzureADDirectorySettingTemplate

Gets a directory setting template.

Get-AzureADMSGroup

Gets information about groups in Azure AD.

Get-AzureADObjectSetting

Gets an object setting.

Get-AzureADPolicy

Gets a policy.

Get-AzureADPolicyAppliedObject

Get the objects to which a policy is applied

Get-AzureADScopedRoleMembership

Gets a scoped role membership from an administrative unit.

Get-AzureADServicePrincipalPolicy

Get the service principal policy

New-AzureADAdministrativeUnit

Creates an administrative unit.

New-AzureADDirectorySetting

Creates a directory settings object.

New-AzureADMSGroup

Creates an Azure AD group.

New-AzureADObjectSetting

Creates a settings object.

New-AzureADPolicy

Creates a policy.

Remove-AzureADAdministrativeUnit

Removes an administrative unit.

Remove-AzureADAdministrativeUnitMember

Removes an administrative unit member.

Remove-AzureADDirectorySetting

Deletes a directory setting in Azure Active Directory.

Remove-AzureADMSGroup

Removes an Azure AD group.

Remove-AzureADObjectSetting

Deletes settings in Azure Active Directory.

Remove-AzureADPolicy

Removes a policy.

Remove-AzureADScopedRoleMembership

Removes a scoped role membership.

Set-AzureADDirectorySetting

Updates a directory setting in Azure Active Directory.

Set-AzureADMSGroup

Changes attribute values on an Azure AD group.

Set-AzureADObjectSetting

Updates object settings.

Set-AzureADPolicy

Updates a policy.

Service Principals

Add-AzureADServicePrincipalOwner

Adds an owner to a service principal.

Get-AzureADServiceAppRoleAssignment

Gets a service principal application role assignment.

Get-AzureADServicePrincipal

Gets a service principal.

Get-AzureADServicePrincipalCreatedObject

Get objects created by a service principal.

Get-AzureADServicePrincipalKeyCredential

Get key credentials for a service principal.

Get-AzureADServicePrincipalMembership

Get a service principal membership.

Get-AzureADServicePrincipalOAuth2PermissionGrant

Gets an oAuth2PermissionGrant for a service principal.

Get-AzureADServicePrincipalOwnedObject

Gets an object owned by a service principal.

Get-AzureADServicePrincipalOwner

Get the owner of a service principal.

Get-AzureADServicePrincipalPasswordCredential

Get credentials for a service principal.

New-AzureADServiceAppRoleAssignment

Assigns a service principal to an application role.

New-AzureADServicePrincipal

Creates a service principal.

New-AzureADServicePrincipalKeyCredential

Create a new key credential for a service principal

New-AzureADServicePrincipalPasswordCredential

Creates a password credential for a service principal.

Remove-AzureADServiceAppRoleAssignment

Removes a service principal application role assignment.

Remove-AzureADServicePrincipal

Removes a service principal.

Remove-AzureADServicePrincipalKeyCredential

Removes a key credential from a service principal.

Remove-AzureADServicePrincipalOwner

Removes an owner from a service principal.

Remove-AzureADServicePrincipalPasswordCredential

Removes a password credential from a service principal.

Select-AzureADGroupIdsServicePrincipalIsMemberOf

Selects the groups in which a service principal is a member.

Set-AzureADServicePrincipal

Updates a service principal.

Users

Get-AzureADUser

Gets a user.

Get-AzureADUserAppRoleAssignment

Get a user application role assignment.

Get-AzureADUserCreatedObject

Get objects created by the user.

Get-AzureADUserDirectReport

Get the user's direct reports.

Get-AzureADUserExtension

Gets a user extension.

Get-AzureADUserLicenseDetail

Retrieves license details for a user

Get-AzureADUserManager

Gets the manager of a user.

Get-AzureADUserMembership

Get user memberships.

Get-AzureADUserOAuth2PermissionGrant

Gets an oAuth2PermissionGrant object for a user

Get-AzureADUserOwnedDevice

Get registered devices owned by a user.

Get-AzureADUserOwnedObject

Get objects owned by a user.

Get-AzureADUserRegisteredDevice

Get devices registered by a user.

Get-AzureADUserThumbnailPhoto

Retrieve the thumbnail photo of a user

New-AzureADMSInvitation

This cmdlet is used to invite a new external user to your directory

New-AzureADUser

Creates an AD user.

New-AzureADUserAppRoleAssignment

Assigns a user to an application role.

Remove-AzureADUser

Removes a user.

Remove-AzureADUserAppRoleAssignment

Removes a user application role assignment.

Remove-AzureADUserExtension

Removes a user extension.

Remove-AzureADUserManager

Removes a user's manager.

Revoke-AzureADSignedInUserAllRefreshToken

Invalidates the refresh tokens issued to applications for the current user.

Revoke-AzureADUserAllRefreshToken

Invalidates the refresh tokens issued to applications for a user.

Select-AzureADGroupIdsUserIsMemberOf

Selects the groups that a user is a member of.

Set-AzureADUser

Updates a user.

Set-AzureADUserExtension

Sets a user extension.

Set-AzureADUserLicense

Adds or removes licenses for a Microsoft online service to the list of assigned licenses for a user.

Set-AzureADUserManager

Updates a user's manager.

Set-AzureADUserPassword

Sets the password of a user.

Set-AzureADUserThumbnailPhoto

Set the thumbnail photo for a user

Update-AzureADSignedInUserPassword

Updates the password for the signed-in user.