-
Notifications
You must be signed in to change notification settings - Fork 62
/
Copy pathCreate_Azure_AD_Sync_User.ps1
42 lines (30 loc) · 1.36 KB
/
Create_Azure_AD_Sync_User.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Set-Location c:\
Clear-Host
#We need the cmdlets
Install-Module -Name AzureAD -AllowClobber -Force -Verbose
#Sometimes the module must be imported
Import-Module AzureAD
#Username and PW for Login
$Credential = Get-Credential
#Lets connect to the Azure Active Directory
Connect-AzureAD -Credential $Credential
#View all accounts
Get-AzureADUser
#Some varibales
$userName = 'aadsyncuser'
$aadDomainName = ((Get-AzureAdTenantDetail).VerifiedDomains)[0].Name
#Create password profile
$passwordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$passwordProfile.Password = 'Pa55w.rd1234'
$passwordProfile.ForceChangePasswordNextLogin = $false
#Create the user
New-AzureADUser -AccountEnabled $true -DisplayName $userName -PasswordProfile $passwordProfile -MailNickName $userName -UserPrincipalName "$userName@$aadDomainName"
#Some more variables
$aadUser = Get-AzureADUser -ObjectId "$userName@$aadDomainName"
$aadRole = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Global administrator'}
#Set the role
Add-AzureADDirectoryRoleMember -ObjectId $aadRole.ObjectId -RefObjectId $aadUser.ObjectId
#Azure AD Role information
$CompanyAdminRole = Get-AzureADDirectoryRole | Where-Object {$_.DisplayName -eq "Global administrator"}
#Get members
Get-AzureADDirectoryRoleMember -ObjectId $CompanyAdminRole.ObjectId