Version 2 of the Azure Active Directory PowerShell Module is Generally Available – But be Careful

Azure AD PowerShell

What V2 of the Azure Active Directory PowerShell Module Means

Microsoft has given the Azure Active Directory PowerShell module an extensive upgrade and released Version 2 to general availability on December 5. The upgrade features a completely new naming convention as cmdlets are now prefixed with AzureAD rather than Msol (Microsoft Online).

The change in cmdlet naming is sufficient to mean that every script written to access Azure Active Directory needs to be rewritten before the new module can be deployed. Throw in some parameter changes and it’s clear that the work required to upgrade scripts to use the V2 module is more than a simple search and replace edit.

 

 

Microsoft makes a big thing that customers asked for “equivalent capabilities” between PowerShell and the Microsoft Graph API. The new module is based on the Graph API, which is the right thing to do, but I’m not sure that customers will welcome the disruption to operations that might occur as scripts are updated and tested against the new module.

No Need to Rush

Before you rush to install the new module, two really important points are made by Rob de Jong in the post announcing the release:

  • “The new Azure AD PowerShell v2.0 module don’t provide full functional parity with the older MSOL module yet. We’re working hard to make that happen in the coming months and will keep you updated on our progress.
  • We are not planning to publish new functionality in the MSOL PowerShell module. Over time we will implement all the functionality of the old MSOL cmdlets in the new module, and this new module contains quite a few new cmdlets that haven’t been available before.”

Although Microsoft says that V2 can now be used in production environments, the good news is that there’s no need to rush into an upgrade. The V1 module remains available and supported. Microsoft is working to upgrade the V2 module so that it will eventually have functional parity with V1, but that’s likely to take some months, possibly even mid-2017. Even when V2 reaches parity, the need will still exist to review, update, and test scripts as there’s no question of an automatic transition.

Revoking Refresh Tokens

One nice change included in the V2 module noted by MVP Vasil Michev is that the new module provides a way to revoke refresh tokens for Office 365, which is something you might like to do when an employee leaves the company and you want to cut off their access to Office 365 services. The cmdlet can be used to invalidate all refresh tokens and cookies for a user.

Downloading and Installing V2

The new module can be downloaded and installed from the PowerShell Gallery. There’s really no point in installing V2 on anything other than a test workstation so that you can become accustomed to the new naming convention and capabilities. Later, when V2 contains equivalent cmdlets to V1, you can start the process of reviewing and updating scripts.

A full list of the cmdlets currently included in the Azure Active Directory V2 PowerShell module is available online.

Change Can Be Bittersweet

Any change that requires code to be updated creates some challenges. Code that works perfectly with V1 might not do so well with V2. New bugs might be uncovered or introduced when scripts are updated. In short, change is a pain.

In this case, Microsoft is on the right path to keep PowerShell aligned with the Microsoft Graph. That’s a good strategic move, even if it means some pain for Office 365 tenants during the transition.

Follow Tony on Twitter @12Knocksinna.

Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle.