az ad user

Manage Microsoft Entra users.

Commands

Name	Description	Type	Status
az ad user create	Create a user.	Core	GA
az ad user delete	Delete a user.	Core	GA
az ad user get-member-groups	Get groups of which the user is a member.	Core	GA
az ad user list	List users.	Core	GA
az ad user show	Get the details of a user.	Core	GA
az ad user update	Update a user.	Core	GA

az ad user create

Create a user.

az ad user create --display-name
                  --password
                  --user-principal-name
                  [--force-change-password-next-sign-in {false, true}]
                  [--immutable-id]
                  [--mail-nickname]

Examples

Create a user

az ad user create --display-name myuser --password password --user-principal-name myuser@contoso.com

Required Parameters

--display-name

Object's display name or its prefix.

--password

The password that should be assigned to the user for authentication.

--user-principal-name

The user principal name (someuser@contoso.com). It must contain one of the verified domains for the tenant.

Optional Parameters

--force-change-password-next-sign-in

Marks this user as needing to update their password the next time they authenticate. If omitted, false will be used.

Accepted values: false, true

Default value: False

--immutable-id

This property is used to associate an on-premises Active Directory user account to their Microsoft Entra user object. This property must be specified when creating a new user account in the Graph if you're using a federated domain for the user's userPrincipalName (UPN) property. NOTE: The $ and _ characters can't be used when specifying this property.

--mail-nickname

Mail alias. Defaults to user principal name.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az ad user delete

Delete a user.

az ad user delete --id

Examples

Delete a user.

az ad user delete --id myuser@contoso.com

Required Parameters

--id

The object ID or principal name of the user for which to get information.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az ad user get-member-groups

Get groups of which the user is a member.

az ad user get-member-groups --id
                             [--security-enabled-only {false, true}]

Examples

Get groups of which the user is a member

az ad user get-member-groups --id myuser@contoso.com

Required Parameters

--id

The object ID or principal name of the user for which to get information.

Optional Parameters

--security-enabled-only

True to specify that only security groups that the entity is a member of should be returned; false to specify that all groups and directory roles that the entity is a member of should be returned.

Accepted values: false, true

Default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az ad user list

List users.

az ad user list [--display-name]
                [--filter]
                [--upn]

Examples

List all users.

az ad user list

Optional Parameters

--display-name

Object's display name or its prefix.

--filter

OData filter, e.g. --filter "displayname eq 'test' and servicePrincipalType eq 'Application'".

--upn

User principal name, e.g. john.doe@contoso.com.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az ad user show

Get the details of a user.

az ad user show --id

Examples

Show a user.

az ad user show --id myuser@contoso.com

Required Parameters

--id

The object ID or principal name of the user for which to get information.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az ad user update

Update a user.

az ad user update --id
                  [--account-enabled {false, true}]
                  [--display-name]
                  [--force-change-password-next-sign-in {false, true}]
                  [--mail-nickname]
                  [--password]

Examples

Update a user.

az ad user update --id myuser@contoso.com --display-name username2

Required Parameters

--id

The object ID or principal name of the user for which to get information.

Optional Parameters

--account-enabled

Enable the user account.

Accepted values: false, true

--display-name

Object's display name or its prefix.

--force-change-password-next-sign-in

If the user must change her password on the next login.

Accepted values: false, true

--mail-nickname

Mail alias. Defaults to user principal name.

--password

User password.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.