az ad user
Manage Microsoft Entra users.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az ad user create |
Create a user. |
Core | GA |
| az ad user delete |
Delete a user. |
Core | GA |
| az ad user get-member-groups |
Get groups of which the user is a member. |
Core | GA |
| az ad user list |
List users. |
Core | GA |
| az ad user show |
Get the details of a user. |
Core | GA |
| az ad user update |
Update a user. |
Core | GA |
az ad user create
Create a user.
az ad user create --display-name
--password
--user-principal-name
[--force-change-password-next-sign-in {false, true}]
[--immutable-id]
[--mail-nickname]Examples
Create a user
az ad user create --display-name myuser --password password --user-principal-name myuser@contoso.comRequired Parameters
Object's display name or its prefix.
The password that should be assigned to the user for authentication.
The user principal name (someuser@contoso.com). It must contain one of the verified domains for the tenant.
Optional Parameters
Marks this user as needing to update their password the next time they authenticate. If omitted, false will be used.
This property is used to associate an on-premises Active Directory user account to their Microsoft Entra user object. This property must be specified when creating a new user account in the Graph if you're using a federated domain for the user's userPrincipalName (UPN) property. NOTE: The $ and _ characters can't be used when specifying this property.
Mail alias. Defaults to user principal name.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az ad user delete
Delete a user.
az ad user delete --idExamples
Delete a user.
az ad user delete --id myuser@contoso.comRequired Parameters
The object ID or principal name of the user for which to get information.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az ad user get-member-groups
Get groups of which the user is a member.
az ad user get-member-groups --id
[--security-enabled-only {false, true}]Examples
Get groups of which the user is a member
az ad user get-member-groups --id myuser@contoso.comRequired Parameters
The object ID or principal name of the user for which to get information.
Optional Parameters
True to specify that only security groups that the entity is a member of should be returned; false to specify that all groups and directory roles that the entity is a member of should be returned.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az ad user list
List users.
az ad user list [--display-name]
[--filter]
[--upn]Examples
List all users.
az ad user listOptional Parameters
Object's display name or its prefix.
OData filter, e.g. --filter "displayname eq 'test' and servicePrincipalType eq 'Application'".
User principal name, e.g. john.doe@contoso.com.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az ad user show
Get the details of a user.
az ad user show --idExamples
Show a user.
az ad user show --id myuser@contoso.comRequired Parameters
The object ID or principal name of the user for which to get information.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az ad user update
Update a user.
az ad user update --id
[--account-enabled {false, true}]
[--display-name]
[--force-change-password-next-sign-in {false, true}]
[--mail-nickname]
[--password]Examples
Update a user.
az ad user update --id myuser@contoso.com --display-name username2Required Parameters
The object ID or principal name of the user for which to get information.
Optional Parameters
Enable the user account.
Object's display name or its prefix.
If the user must change her password on the next login.
Mail alias. Defaults to user principal name.
User password.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for