Microsoft Azure

Create Azure Active Directory Users Using PowerShell

Although you can use the Azure management portal to create users in Azure Active Directory (AAD), there are times when you just want to create a service account without having to log out and in as that new user to set a password. The good news is that PowerShell allows you to quickly do just that. The bad news is that there is a little bit of setup work required.

Creating AD Users Using the GUI

It’s pretty easy to create a new user in the management portal: browse into Active Directory, the directory of choice, Users, and then click Add User. That process is pretty simple if you’re setting up access rights to Azure for another user. But what if you want to create lots of users? Using the GUI will be slow.

One of the downsides of using the GUI is that the user is created with a temporary password and the user must log in to set a new password. That’s a bit inconvenient if you just want to set up a service account.

Create Azure Active Directory Users Using PowerShell
A new AAD user requires a logon to change their temporary password [Image credit: Aidan Finn]
The answer to these concerns is … you guessed it … PowerShell.

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

System Requirements

There are a number of requirements that you must put in place in order to be able to create users in Azure Active Directory using PowerShell.

  1. Download and install the Microsoft Online Services Sign-In Assistant for IT Professionals RTW on your PC.
  2. You’ll also need to download and install the Azure Active Directory Module for Windows PowerShell (64-bit version) on your PC.
  3. Use a native Azure Active Directory administrator account to get rights in your AAD directory. A Microsoft Account will not work.

Creating the User

Open up the Windows Azure Active Directory for Windows PowerShell console and then run the following cmdlets to sign into your Azure Active Directory. Supply the name and password of your AAD native administrator user account – remember that this must not be a Microsoft Account.

$msolcred = Get-Credential

Connect-MsolService -Credential $msolcred

You now can create a new user. The following example will create a user with a permanent password that does not need to be changed according to the password policy of the domain:

New-MsolUser -UserPrincipalName [email protected] -DisplayName “RemoteApp2” -FirstName “Remote” -LastName “App2” -Password Password00 -PasswordNeverExpires $true -AlternateEmailAddresses [email protected]

 

The new account is set up as a normal user account. This might be fine for bulk addition of user accounts in your AAD domain, but that won’t be enough for a service account. You might need to add the user to a group or role in the domain, such as Global Admin (a role). The following example will configure the new user as a Global Admin, which is a role called Company Administrators:

Add-MsolRoleMember -RoleName "Company Administrator" -RoleMemberEmailAddress [email protected]

Now you have the means to quickly create new users in Azure Active Directory.

 

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.
Don't leave your business open to attack! Come learn how to protect your AD in this FREE masterclass!REGISTER NOW - Thursday, December 2, 2021 @ 1 pm ET

Active Directory (AD) is leveraged by over 90% of enterprises worldwide as the authentication and authorization hub of their IT infrastructure—but its inherent complexity leaves it prone to misconfigurations that can allow attackers to slip into your network and wreak havoc. 

Join this session with Microsoft MVP and MCT Sander Berkouwer, who will explore:

  • Whether you should upgrade your domain controllers to Windows Server
    2019 and beyond
  • Achieving mission impossible: updating DCs within 48 hours
  • How to disable legacy protocols and outdated compatibility options in
    Active Directory

Sponsored by: