AzureAD
Důležité
Moduly Azure AD a MSOnline PowerShellu jsou od 30. března 2024 zastaralé. Další informace najdete v zastaralé aktualizaci). Po tomto datu se podpora těchto modulů omezí na pomoc s migrací na sadu Microsoft Graph PowerShell SDK a opravy zabezpečení. Zastaralé moduly budou fungovat až do března 30 2025.
Pro interakci s ID Microsoft Entra (dříve Azure AD) doporučujeme migrovat na Microsoft Graph PowerShell . Běžné dotazy k migraci najdete v nejčastějších dotazech k migraci. Poznámka: Po 30. červnu 2024 může dojít k přerušení verzí 1.0.x msOnline.
Modul Azure Active Directory PowerShell pro Graph můžete stáhnout a nainstalovat z Galerie prostředí PowerShell. Galerie využívá modul PowerShellGet. Modul PowerShellGet vyžaduje PowerShell 3.0 nebo novější a vyžaduje jeden z následujících operačních systémů:
- Windows 10
- Windows 8.1 Pro
- Windows 8.1 Enterprise
- Windows 7 SP1
- Windows Server 2016 TP5
- Windows Server 2012 R2
- Windows Server 2008 R2 SP1
PowerShellGet také vyžaduje rozhraní .NET Framework 4.5 nebo novější. Rozhraní .NET Framework 4.5 nebo novější můžete nainstalovat odsud.
Podrobnější informace o instalaci rutin AzureAD najdete v tématu Azure Active Directory PowerShell pro Graph.
Toto jsou rutiny v modulu Azure Active Directory PowerShell pro Graph.
Jednotky pro správu
| Add-AzureADMSAdministrativeUnitMember |
Adds an administrative unit member. |
| Add-AzureADMSScopedRoleMembership |
Adds a scoped role membership to an administrative unit. |
| Get-AzureADMSAdministrativeUnit |
Gets an administrative unit. |
| Get-AzureADMSAdministrativeUnitMember |
Gets a member of an administrative unit. |
| Get-AzureADMSScopedRoleMembership |
Gets a scoped role membership from an administrative unit. |
| New-AzureADMSAdministrativeUnit |
Creates an administrative unit. |
| Remove-AzureADMSAdministrativeUnit |
Removes an administrative unit. |
| Remove-AzureADMSAdministrativeUnitMember |
Removes an administrative unit member. |
| Remove-AzureADMSScopedRoleMembership |
Removes a scoped role membership. |
Správa aplikací proxy aplikací
| Get-AzureADApplicationProxyApplication |
The Get-AzureADApplicationProxyApplication cmdlet retrieves an application configured for Application Proxy in Azure Active Directory. |
| Get-AzureADApplicationProxyApplicationConnectorGroup |
The Get-AzureADApplicationProxyApplicationConnectorGroup cmdlet retrieves the connector group assigned for a specific application. |
| New-AzureADApplicationProxyApplication |
The New-AzureADApplicationProxyApplication cmdlet creates a new application configured for Application Proxy in Azure Active Directory. |
| Remove-AzureADApplicationProxyApplication |
Deletes an Application Proxy application. |
| Remove-AzureADApplicationProxyApplicationConnectorGroup |
The Remove-AzureADApplicationProxyApplicationConnectorGroup cmdlet sets the connector group assigned for the specified application to 'Default' and removes the current assignment. |
| Set-AzureADApplicationProxyApplication |
The Set-AzureADApplicationProxyApplication allows you to modify and set configurations for an application in Azure Active Directory configured to use ApplicationProxy. |
| Set-AzureADApplicationProxyApplicationCustomDomainCertificate |
The Set-AzureADApplicationProxyApplicationCustomDomainCertificate cmdlet assigns a certificate to an application configured for Application Proxy in Azure Active Directory (AD). This will upload the certificate and allow the application to use Custom Domains. |
| Set-AzureADApplicationProxyApplicationSingleSignOn |
The Set-AzureADApplicationProxyApplicationSingleSignOn cmdlet allows you to set and modify single sign-on (SSO) settings for an application configured for Application Proxy in Azure Active Directory. |
Správa konektoru proxy aplikací
| Get-AzureADApplicationProxyConnector |
The Get-AzureADApplicationProxyApplicationConnector cmdlet a list of all connectors, or if specified, details of a specific connector. |
| Get-AzureADApplicationProxyConnectorGroup |
The Get-AzureADApplicationProxyConnectorGroup cmdlet retrieves a list of all connector groups, or if specified, details of a specific connector group. |
| Get-AzureADApplicationProxyConnectorGroupMembers |
The Get-AzureADApplicationProxyConnectorGroupMembers gets all the Application Proxy connectors associated with the given connector group. |
| Get-AzureADApplicationProxyConnectorMemberOf |
The Get-AzureADApplicationProxyConnectorMemberOf command gets the ConnectorGroup that the specified Connector is a member of. |
| New-AzureADApplicationProxyConnectorGroup |
The New-AzureADApplicationProxyConnectorGroup cmdlet creates a new Application Proxy Connector group. |
| Remove-AzureADApplicationProxyConnectorGroup |
The Remove-AzureADApplicationProxyConnectorGroup cmdlet deletes an Application Proxy Connector group. |
| Set-AzureADApplicationProxyApplicationConnectorGroup |
The Set-AzureADApplicationProxyApplicationConnectorGroup cmdlet assigns the given connector group to a specified application. |
| Set-AzureADApplicationProxyConnector |
The Set-AzureADApplicationProxyConnector cmdlet allows reassignment of the connector to another connector group. |
| Set-AzureADApplicationProxyConnectorGroup |
The Set-AzureADApplicationProxyConnectorGroup cmdlet allows you to change the name of a given Application Proxy connector group. |
Aplikace
| Add-AzureADApplicationOwner |
Adds an owner to an application. |
| Get-AzureADApplication |
Gets an application. |
| Get-AzureADApplicationExtensionProperty |
Gets application extension properties. |
| Get-AzureADApplicationKeyCredential |
Gets the key credentials for an application. |
| Get-AzureADApplicationLogo |
Retrieve the logo of an application |
| Get-AzureADApplicationOwner |
Gets the owner of an application. |
| Get-AzureADApplicationPasswordCredential |
Gets the password credential for an application. |
| Get-AzureADApplicationServiceEndpoint |
Retrieve the service endpoint of an application |
| Get-AzureADDeletedApplication |
Retrieves the list of previously deleted applications |
| New-AzureADApplication |
Creates an application. |
| New-AzureADApplicationExtensionProperty |
Creates an application extension property. |
| New-AzureADApplicationKeyCredential |
Creates a key credential for an application. |
| New-AzureADApplicationPasswordCredential |
Creates a password credential for an application. |
| Remove-AzureADApplication |
Delete an application by objectId. |
| Remove-AzureADApplicationExtensionProperty |
Removes an application extension property. |
| Remove-AzureADApplicationKeyCredential |
Removes a key credential from an application. |
| Remove-AzureADApplicationOwner |
Removes an owner from an application. |
| Remove-AzureADApplicationPasswordCredential |
Removes a password credential from an application. |
| Set-AzureADApplication |
Updates an application. |
| Set-AzureADApplicationLogo |
Sets the logo for an Application |
AzureAD
| Add-AzureADMSApplicationOwner |
Adds an owner for an application object. |
| Add-AzureADMSServicePrincipalDelegatedPermissionClassification |
Add a classification for a delegated permission. |
| Get-AzureADApplicationProxyConnectorGroupMember |
{{ Fill in the Synopsis }} |
| Get-AzureADCurrentSessionInfo |
This cmdlet will return the current session state |
| Get-AzureADMSApplication |
Retrieves the list of applications within the organization. |
| Get-AzureADMSApplicationExtensionProperty |
Retrieves the list of extension properties on an application object. |
| Get-AzureADMSApplicationOwner |
Retrieves the list of owners for an application object. |
| Get-AzureADMSConditionalAccessPolicy |
Gets an Azure Active Directory conditional access policy. |
| Get-AzureADMSDeletedDirectoryObject |
This cmdlet is used to retrieve a soft deleted directory object from the directory |
| Get-AzureADMSDeletedGroup |
This cmdlet is used to retrieve the soft deleted groups in a directory. |
| Get-AzureADMSIdentityProvider |
This cmdlet is used to retrieve the configured identity providers in the directory. |
| Get-AzureADMSNamedLocationPolicy |
Gets an Azure Active Directory named location policy. |
| Get-AzureADMSPermissionGrantConditionSet |
Get an Azure Active Directory permission grant condition set by id. |
| Get-AzureADMSPermissionGrantPolicy |
Gets a permission grant policy. |
| Get-AzureADMSServicePrincipalDelegatedPermissionClassification |
Retreive the delegated permission classification objects on a service principal. |
| Get-CrossCloudVerificationCode |
Gets the verification code used to validate the ownership of the domain in another connected cloud. Important: Only applies to a verified domain. |
| New-AzureADMSApplication |
Creates (registers) a new application object. |
| New-AzureADMSApplicationExtensionProperty |
Creates an extension property on an application object. |
| New-AzureADMSApplicationKey |
Adds a new key to an application. |
| New-AzureADMSApplicationPassword |
Adds a strong password to an application. |
| New-AzureADMSConditionalAccessPolicy |
Creates a new conditional access policy in Azure Active Directory. |
| New-AzureADMSIdentityProvider |
This cmdlet is used to configure a new identity provider in the directory. |
| New-AzureADMSNamedLocationPolicy |
Creates a new named location policy in Azure Active Directory. |
| New-AzureADMSPermissionGrantConditionSet |
Create a new Azure Active Directory permission grant condition set in a given policy. |
| New-AzureADMSPermissionGrantPolicy |
Creates a permission grant policy. |
| Remove-AzureADDeletedApplication |
{{ Fill in the Synopsis }} |
| Remove-AzureADMSApplication |
Deletes an application object. |
| Remove-AzureADMSApplicationExtensionProperty |
Deletes an extension property from an application object. |
| Remove-AzureADMSApplicationKey |
Removes a key from an application. |
| Remove-AzureADMSApplicationOwner |
Removes an owner from an application object. |
| Remove-AzureADMSApplicationPassword |
Remove a password from an application. |
| Remove-AzureADMSApplicationVerifiedPublisher |
Removes the verified publisher from an application. |
| Remove-AzureADMSConditionalAccessPolicy |
Deletes a conditional access policy in Azure Active Directory by Id. |
| Remove-AzureADMSDeletedDirectoryObject |
This cmdlet is used to permanently delete a previously deleted directory object |
| Remove-AzureADMSIdentityProvider |
This cmdlet is used to delete an identity provider in the directory. |
| Remove-AzureADMSNamedLocationPolicy |
Deletes an Azure Active Directory named location policy by PolicyId. |
| Remove-AzureADMSPermissionGrantConditionSet |
Delete an Azure Active Directory permission grant condition set by id |
| Remove-AzureADMSPermissionGrantPolicy |
Removes a permission grant policy. |
| Remove-AzureADMSServicePrincipalDelegatedPermissionClassification |
Remove delegated permission classification. |
| Restore-AzureADMSDeletedDirectoryObject |
This cmdlet is used to restore a previously deleted object. |
| Set-AzureADMSAdministrativeUnit |
Updates an administrative unit. |
| Set-AzureADMSApplication |
Updates the properties of an application object. |
| Set-AzureADMSApplicationLogo |
Sets the logo for an application object. |
| Set-AzureADMSApplicationVerifiedPublisher |
Sets the verified publisher of an application to a verified Microsoft Partner Network (MPN) identifier. |
| Set-AzureADMSConditionalAccessPolicy |
Updates a conditional access policy in Azure Active Directory by Id. |
| Set-AzureADMSIdentityProvider |
This cmdlet is used to update the properties of an existing identity provider configured in the directory. |
| Set-AzureADMSNamedLocationPolicy |
Updates a named location policy in Azure Active Directory by PolicyId. |
| Set-AzureADMSPermissionGrantConditionSet |
Update an existing Azure Active Directory permission grant condition set. |
| Set-AzureADMSPermissionGrantPolicy |
Updates a permission grant policy. |
Certifikační autority
| Get-AzureADTrustedCertificateAuthority |
Gets the trusted certificate authority. |
| New-AzureADTrustedCertificateAuthority |
Creates a trusted certificate authority. |
| Remove-AzureADTrustedCertificateAuthority |
Removes a trusted certificate authority. |
| Set-AzureADTrustedCertificateAuthority |
Updates a trusted certificate authority. |
Připojení k adresáři
| Connect-AzureAD |
Connects with an authenticated account to use Active Directory cmdlet requests. |
| Disconnect-AzureAD |
Disconnects the current session from an Azure Active Directory tenant. |
Kontakty
| Get-AzureADContact |
Gets a contact from Azure Active Directory. |
| Get-AzureADContactDirectReport |
Get the direct reports for a contact. |
| Get-AzureADContactManager |
Gets the manager of a contact. |
| Get-AzureADContactMembership |
Get a contact membership. |
| Get-AzureADContactThumbnailPhoto |
Retrieves the thumbnail photo of a contact |
| Remove-AzureADContact |
Removes a contact. |
| Remove-AzureADContactManager |
Removes a contact's manager. |
| Select-AzureADGroupIdsContactIsMemberOf |
Get groups in which a contact is a member. |
Kontrakty
| Get-AzureADContract |
Gets a contract. |
Odstraněné objekty
| Restore-AzureADDeletedApplication |
Restores a previously deleted application |
Zařízení
| Add-AzureADDeviceRegisteredOwner |
Adds a registered owner for a device. |
| Add-AzureADDeviceRegisteredUser |
Adds a registered user for a device. |
| Get-AzureADDevice |
Gets a device from Active Directory. |
| Get-AzureADDeviceConfiguration |
This cmdlet retrieves the device configuration object |
| Get-AzureADDeviceRegisteredOwner |
Gets the registered owner of a device. |
| Get-AzureADDeviceRegisteredUser |
Gets a registered user. |
| New-AzureADDevice |
Creates a device. |
| Remove-AzureADDevice |
Deletes a device. |
| Remove-AzureADDeviceRegisteredOwner |
Removes the registered owner of a device. |
| Remove-AzureADDeviceRegisteredUser |
Removes a registered user from a device. |
| Set-AzureADDevice |
Updates a device. |
Directory
| Get-AzureADSubscribedSku |
Gets subscribed SKUs to Microsoft services. |
| Get-AzureADTenantDetail |
Gets the details of a tenant. |
| Set-AzureADTenantDetail |
Set contact details for a tenant |
Adresářové objekty
| Get-AzureADObjectByObjectId |
Retrieves the object(s) specified by the objectIds parameter |
Role adresáře
| Add-AzureADDirectoryRoleMember |
Adds a member to a directory role. |
| Enable-AzureADDirectoryRole |
Activates an existing directory role in Azure Active Directory. |
| Get-AzureADDirectoryRole |
Gets a directory role. |
| Get-AzureADDirectoryRoleMember |
Gets members of a directory role. |
| Get-AzureADDirectoryRoleTemplate |
Gets directory role templates. |
| Get-AzureADMSRoleAssignment |
Gets information about role assignments in Azure AD. |
| Get-AzureADMSRoleDefinition |
Gets information about role definitions in Azure AD. |
| New-AzureADMSRoleAssignment |
Creates an Azure AD role assignment. |
| New-AzureADMSRoleDefinition |
Creates an Azure AD role definition. |
| Remove-AzureADDirectoryRoleMember |
Removes a member of a directory role. |
| Remove-AzureADMSRoleAssignment |
Removes an Azure AD role assignment. |
| Remove-AzureADMSRoleDefinition |
Removes an Azure AD role definition. |
| Set-AzureADMSRoleDefinition |
Update an existing Azure AD role definition. |
Domény
| Confirm-AzureADDomain |
Validate the ownership of a domain. |
| Get-AzureADDomain |
Gets a domain. |
| Get-AzureADDomainNameReference |
This cmdlet retrieves the objects that are referenced by a given domain name |
| Get-AzureADDomainServiceConfigurationRecord |
Gets the domain's service configuration records from the serviceConfigurationRecords navigation property. |
| Get-AzureADDomainVerificationDnsRecord |
Retrieve the domain verification DNS record for a domain |
| New-AzureADDomain |
Creates a domain. |
| Remove-AzureADDomain |
Removes a domain. |
| Set-AzureADDomain |
Updates a domain. |
Vlastnosti rozšíření
| Get-AzureADExtensionProperty |
Gets extension properties registered with Azure AD. |
Skupiny
| Add-AzureADGroupMember |
Adds a member to a group. |
| Add-AzureADGroupOwner |
Adds an owner to a group. |
| Add-AzureADMSLifecyclePolicyGroup |
Adds a group to a lifecycle policy |
| Get-AzureADGroup |
Gets a group (via Microsoft Graph). |
| Get-AzureADGroupAppRoleAssignment |
Gets a group application role assignment. |
| Get-AzureADGroupMember |
Gets a member of a group. |
| Get-AzureADGroupOwner |
Gets an owner of a group. |
| Get-AzureADMSGroup |
Gets information about groups in the Microsoft Entra ID (via MS Graph). |
| Get-AzureADMSGroupLifecyclePolicy |
Retrieves the properties and relationships of a groupLifecyclePolicies object in Azure Active Directory. If you specify no parameters, this cmdlet gets all groupLifecyclePolicies. |
| Get-AzureADMSLifecyclePolicyGroup |
Retrieves the lifecycle policy object to which a group belongs. |
| New-AzureADGroup |
Creates a group. |
| New-AzureADGroupAppRoleAssignment |
Assign a group of users to an application role. |
| New-AzureADMSGroup |
Creates an Azure AD group. |
| New-AzureADMSGroupLifecyclePolicy |
Creates a new groupLifecyclePolicy |
| Remove-AzureADGroup |
Removes a group. |
| Remove-AzureADGroupAppRoleAssignment |
Delete a group application role assignment. |
| Remove-AzureADGroupMember |
Removes a member from a group. |
| Remove-AzureADGroupOwner |
Removes an owner from a group. |
| Remove-AzureADMSGroup |
Removes an Azure AD group. |
| Remove-AzureADMSGroupLifecyclePolicy |
Deletes a groupLifecyclePolicies object |
| Remove-AzureADMSLifecyclePolicyGroup |
Removes a group from a lifecycle policy |
| Reset-AzureADMSLifeCycleGroup |
Renews a group by updating the RenewedDateTime property on a group to the current DateTime. |
| Select-AzureADGroupIdsGroupIsMemberOf |
Gets group IDs that a group is a member of. |
| Set-AzureADGroup |
Updates a specific group in Azure Active Directory |
| Set-AzureADMSGroup |
Sets the properties for an existing Azure AD group. |
| Set-AzureADMSGroupLifecyclePolicy |
Updates a specific group Lifecycle Policy in Azure Active Directory |
OAuth2
| Get-AzureADOAuth2PermissionGrant |
Gets OAuth2PermissionGrant entities. |
| Remove-AzureADOAuth2PermissionGrant |
Removes an oAuth2PermissionGrant. |
Zásady
| Get-AzureADMSAuthorizationPolicy |
Gets an authorization policy, which represents a policy that can control Azure Active Directory authorization settings. |
| Set-AzureADMSAuthorizationPolicy |
Updates an authorization policy, which represents a policy that can control Azure Active Directory authorization settings. |
Instanční objekty
| Add-AzureADServicePrincipalOwner |
Adds an owner to a service principal. |
| Get-AzureADServiceAppRoleAssignedTo |
Gets app role assignments for this app or service, granted to users, groups and other service principals. |
| Get-AzureADServiceAppRoleAssignment |
Gets a service principal application role assignment. |
| Get-AzureADServicePrincipal |
Gets a service principal. |
| Get-AzureADServicePrincipalCreatedObject |
Get objects created by a service principal. |
| Get-AzureADServicePrincipalKeyCredential |
Get key credentials for a service principal. |
| Get-AzureADServicePrincipalMembership |
Get a service principal membership. |
| Get-AzureADServicePrincipalOAuth2PermissionGrant |
Gets an oAuth2PermissionGrant object. |
| Get-AzureADServicePrincipalOwnedObject |
Gets an object owned by a service principal. |
| Get-AzureADServicePrincipalOwner |
Get the owner of a service principal. |
| Get-AzureADServicePrincipalPasswordCredential |
Get credentials for a service principal. |
| New-AzureADServiceAppRoleAssignment |
Assigns an app role to a user, a group, or another service principal. |
| New-AzureADServicePrincipal |
Creates a service principal. |
| New-AzureADServicePrincipalKeyCredential |
Create a new key credential for a service principal |
| New-AzureADServicePrincipalPasswordCredential |
Creates a password credential for a service principal. |
| Remove-AzureADServiceAppRoleAssignment |
Removes a service principal application role assignment. |
| Remove-AzureADServicePrincipal |
Removes a service principal. |
| Remove-AzureADServicePrincipalKeyCredential |
Removes a key credential from a service principal. |
| Remove-AzureADServicePrincipalOwner |
Removes an owner from a service principal. |
| Remove-AzureADServicePrincipalPasswordCredential |
Removes a password credential from a service principal. |
| Select-AzureADGroupIdsServicePrincipalIsMemberOf |
Selects the groups in which a service principal is a member. |
| Set-AzureADServicePrincipal |
Updates a service principal. |
Uživatelé
| Get-AzureADUser |
Gets a user. |
| Get-AzureADUserAppRoleAssignment |
Get a user application role assignment. |
| Get-AzureADUserCreatedObject |
Get objects created by the user. |
| Get-AzureADUserDirectReport |
Get the user's direct reports. |
| Get-AzureADUserExtension |
Gets a user extension. |
| Get-AzureADUserLicenseDetail |
Retrieves license details for a user |
| Get-AzureADUserManager |
Gets the manager of a user. |
| Get-AzureADUserMembership |
Get user memberships. |
| Get-AzureADUserOAuth2PermissionGrant |
Gets an oAuth2PermissionGrant object. |
| Get-AzureADUserOwnedDevice |
Get registered devices owned by a user. |
| Get-AzureADUserOwnedObject |
Get objects owned by a user. |
| Get-AzureADUserRegisteredDevice |
Get devices registered by a user. |
| Get-AzureADUserThumbnailPhoto |
Retrieve the thumbnail photo of a user |
| New-AzureADMSInvitation |
This cmdlet is used to invite a new external user to your directory. |
| New-AzureADUser |
Creates an Azure AD user. |
| New-AzureADUserAppRoleAssignment |
Assigns a user to an application role. |
| Remove-AzureADUser |
Removes a user. |
| Remove-AzureADUserAppRoleAssignment |
Removes a user application role assignment. |
| Remove-AzureADUserExtension |
Removes a user extension. |
| Remove-AzureADUserManager |
Removes a user's manager. |
| Revoke-AzureADSignedInUserAllRefreshToken |
Invalidates the refresh tokens issued to applications for the current user. |
| Revoke-AzureADUserAllRefreshToken |
Invalidates the refresh tokens issued to applications for a user. |
| Select-AzureADGroupIdsUserIsMemberOf |
Selects the groups that a user is a member of. |
| Set-AzureADUser |
Updates a user. |
| Set-AzureADUserExtension |
Sets a user extension. |
| Set-AzureADUserLicense |
Adds or removes licenses for a Microsoft online service to the list of assigned licenses for a user. Note The Set-AzureADUserLicense cmdlet is deprecated. Learn how to assign licenses with Microsoft Graph PowerShell. For more info, see the Assign License Microsoft Graph API. |
| Set-AzureADUserManager |
Updates a user's manager. |
| Set-AzureADUserPassword |
Sets the password of a user. |
| Set-AzureADUserThumbnailPhoto |
Set the thumbnail photo for a user |
| Update-AzureADSignedInUserPassword |
Updates the password for the signed-in user. |