New-​Azure​AD​User

Creates an AD user.

Syntax

New-AzureADUser
   -AccountEnabled <Boolean>
   [-City <String>]
   [-Country <String>]
   [-CreationType <String>]
   [-Department <String>]
   -DisplayName <String>
   [-ExtensionProperty <System.Collections.Generic.Dictionary`2[System.String,System.String]>]
   [-GivenName <String>]
   [-ImmutableId <String>]
   [-IsCompromised <Boolean>]
   [-JobTitle <String>]
   [-MailNickName <String>]
   [-Mobile <String>]
   [-OtherMails <System.Collections.Generic.List`1[System.String]>]
   [-PasswordPolicies <String>]
   -PasswordProfile <PasswordProfile>
   [-PhysicalDeliveryOfficeName <String>]
   [-PostalCode <String>]
   [-PreferredLanguage <String>]
   [-ShowInAddressList <Boolean>]
   [-SignInNames <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.SignInName]>]
   [-State <String>]
   [-StreetAddress <String>]
   [-Surname <String>]
   [-TelephoneNumber <String>]
   [-UsageLocation <String>]
   [-UserPrincipalName <String>]
   [-UserType <String>]
   [-FacsimileTelephoneNumber <String>]
   [<CommonParameters>]

Description

The New-AzureADUser cmdlet creates a user in Azure Active Directory (AD).

Examples

Example 1: Create a user

$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile

$PasswordProfile.Password = "Password"

New-AzureADUser -DisplayName "New User" -PasswordProfile $PasswordProfile -UserPrincipalName "NewUser@contoso.com" -AccountEnabled $true -MailNickName "Newuser"

ObjectId DisplayName UserPrincipalName UserType -------- ----------- ----------------- -------- 5e8b0f4d-2cd4-4e17-9467-b0f6a5c0c4d0 New user NewUser@contoso.com Member

This command creates a new user.

Required Parameters

-AccountEnabled

Indicates whether the user's account is enabled.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DisplayName

Specifies the user's display name.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PasswordProfile

Specifies the user's password profile. Note that the parameter type for this parameter is "PasswordProfile". in order to pass a parameter of this type, you first need to create a vairable in PowerShell with that type: $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile

Then you can proceed to set the value of the password in this variable:

$PasswordProfile.Password = ""

And finally you can pass this variable to the cmdlet:

New-AzureADUser -PasswordProfile $PasswordProfile ...

Other attributes that can be set in the PasswordProfile are$PasswordProfile.EnforceChangePasswordPolicy - a boolean indicating that the change password policy is enababled or disabled for this user $PasswordProfile.ForceChangePasswordNextLogin - a boolean indicating that the user must change the password at the next sign in

Type:PasswordProfile
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Optional Parameters

-City

Specifies the user's city.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Country

Specifies the user's country.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-CreationType

Indicates whether the user account is a local account for an Azure Active Directory B2C tenant. Possible values are "LocalAccount" and null. When creating a local account, the property is required and you must set it to "LocalAccount". When creating a work or school account, do not specify the property or set it to null.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Department

Specifies the user's department.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ExtensionProperty
Type:System.Collections.Generic.Dictionary`2[System.String,System.String]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-FacsimileTelephoneNumber

The Facsimile TelephoneNumber of the user

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-GivenName

Specifies the user's given name.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ImmutableId

This property is used to associate an on-premises Active Directory user account to their Azure AD user object. This property must be specified when creating a new user account in the Graph if you are using a federated domain for the user's userPrincipalName (UPN) property.Important: The $ and _ characters cannot be used when specifying this property.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-IsCompromised

Indicates whether this user is compromised.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-JobTitle

Specifies the user's job title.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-MailNickName

Specifies the user's mail nickname.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Mobile

Specifies the user's mobile phone number.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-OtherMails

A list of additional email addresses for the user; for example: "bob@contoso.com", "Robert@fabrikam.com".

Type:System.Collections.Generic.List`1[System.String]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PasswordPolicies

Specifies password policies for the user. This value is an enumeration with one possible value being "DisableStrongPassword", which allows weaker passwords than the default policy to be specified. "DisablePasswordExpiration" can also be specified. The two may be specified together; for example: "DisablePasswordExpiration, DisableStrongPassword".

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PhysicalDeliveryOfficeName

Specifies the user's physical delivery office name.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PostalCode

Specifies the user's postal code.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PreferredLanguage

Specifies the user's preferred language.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ShowInAddressList

If True, show this user in the address list.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SignInNames

Specifies the collection of sign-in names for a local account in an Azure Active Directory B2C tenant. Each sign-in name must be unique across the company/tenant. The property must be specified when you create a local account user; do not specify it when you create a work or school account.

Type:System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.SignInName]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-State

Specifies the user's state.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-StreetAddress

Specifies the user's street address.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Surname

Specifies the user's surname.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-TelephoneNumber

Specifies a telephone number.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-UsageLocation

A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: "US", "JP", and "GB".

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-UserPrincipalName

The user principal name (UPN) of the user. The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is "alias@domain". For work or school accounts, the domain must be present in the tenant's collection of verified domains. This property is required when a work or school account is created; it is optional for local accounts.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-UserType

A string value that can be used to classify user types in your directory, such as "Member" and "Guest".

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False