Manage Azure AD group and role membership

  • Articolo

Updated: July 30, 2015

Applies To: Azure, Azure Active Directory, Office 365, Windows Intune

Manage group and role membership

Use the following cmdlets to perform a variety of tasks related to group and role membership, including adding a user to a role or group, creating groups, and removing groups.

Windows PowerShell cmdlet Description

Add-MsolGroupMember

The Add-MsolGroupMember cmdlet is used to add members to a security group. The new members can be either users or other security groups.

Add-MsolRoleMember

The Add-MsolRoleMember cmdlet is used to add a member to a role. Currently, only users can be added to a role (adding a security group is not supported).

Get-MsolGroup

The Get-MsolGroup cmdlet is used to retrieve groups from Azure AD. This cmdlet can be used to return a single group (if ObjectId is passed in), or to search within all groups.

Get-MsolGroupMember

The Get-MsolGroupMember cmdlet is used to retrieve members of the specified group. The members can be either users or groups.

Get-MsolRole

The Get-MsolRole cmdlet can be used to retrieve a list of administrator roles.

Get-MsolRoleMember

The Get-MsolRoleMember cmdlet is used to retrieve all members of the specified role.

Get-MsolUserRole

The Get-MsolUserRole cmdlet is used to retrieve all of the administrator roles that the specified user belongs to. This cmdlet will also return roles that the user is a member of through security group membership.

New-MsolGroup

The New-MsolGroup cmdlet is used to add a new security group to Azure AD.

Redo-MsolProvisionGroup

The Redo-MsolProvisionGroup cmdlet can be used to retry the provisioning of a group object in Azure Active Directory when a previous attempt to create the group object resulted in a validation error.

Remove-MsolGroup

The Remove-MsolGroup cmdlet is used to delete a group from Azure AD.

Remove-MsolGroupMember

The Remove-MsolGroupMember cmdlet is used to remove a member from a security group. This member can be either a user or a group.

Remove-MsolRoleMember

The Remove-MsolRoleMember cmdlet is used to remove a user from an administrator role.

Set-MsolGroup

The Set-MsolGroup cmdlet is used to update the properties of a security group.

See Also

Concepts

Manage Azure AD using Windows PowerShell