Why should I use it?

Question

Why should I use it?

Marin Marinov 161

Hi guys, according to Microsoft documentation the preferred method for user creation in Microsoft 365 using PowerShell is as follwed:

$PasswordProfile = @{
    Password = 'xWwvJ]6NMw+bWH-d'
    }
	 
	New-MgUser -DisplayName "Jane Doe" -GivenName "Jane" -Surname "Doe" -UserPrincipalName ******@testing1466.onmicrosoft.com -UsageLocation "US" -MailNickname "jdoe" -PasswordProfile $PasswordProfile -AccountEnabled

I can not understand what I should save the password in hash table before creating the account. can someone explain it to me?

Thank you!

Answer accepted by question author

2 additional answers

Your answer

Answer 1

Well, thats one of those , "thats the way it works in Graph" things :)

See:

https://office365itpros.com/2022/11/28/azure-ad-account-creation/

The New-MgUser cmdlet creates a new account. To run New-MgUser, we need a password profile. A password profile is a Microsoft Graph resource that contains a password and associated settings. It can be as simple as a password with no settings, but a password profile can also include settings like ForceChangePasswordNextSignIn to force a user account to change their password after they next sign into Azure AD.

https://learn.microsoft.com/en-us/graph/api/resources/passwordprofile?view=graph-rest-1.0&WT.mc_id=M365-MVP-9501

User's image

Answer 2

That will allow you set multiple values. A better example:

https://learn.microsoft.com/en-us/answers/questions/1338460/microsoft-graph-users-module-new-mguser-authentica

##Import the Microsoft Graph Users module
Import-Module Microsoft.Graph.Users

##Connect to Microsoft Graph with the user read/write permission
Connect-MgGraph -scope "User.ReadWrite.All,UserAuthenticationMethod.ReadWrite.All"

##Define the password profile settings within a hash table
$PasswordProfile = @{
    Password = "Helo123!"
    ForceChangePasswordNextSignIn = $true
    ForceChangePasswordNextSignInWithMfa = $true
}

$params = @{
	emailAddress = "******@text.com"
}

$userid = New-MgUser -DisplayName "New User2" -PasswordProfile $PasswordProfile -AccountEnabled -MailNickName "nuser2" -UserPrincipalName "******@M365xXXXXXXX.onmicrosoft.com

Answer 3

Marin Marinov 161

Hi , It looks like I did not explained the problem very well. I can not understand why I have to use hash table in this particular case. I tried it with -PasswordProfile "sldlksdfksfdksdf" instead of -PasswordProfile $PasswordProfile. However it does not work. It excepts only hash tables.

Marin Marinov 161 Reputation points

2023-12-15T15:14:35.1433333+00:00
O well, thank you for your answer. By the way it is listed in the limitation of MS Graph.

Limitations

There are limitations that currently exist in Microsoft Graph PowerShell, either by design or due to some functionality that is yet to be built in.

For the equivalent of -SearchString, use -Search and -ConsistencyLevel eventual in all cases. Note that the query may still work without eventual .You can also use -Filter instead. For example, Get-MgUser -Filter "DisplayName eq 'Lee Gu'" returns the user whose display name is equal to the specified string.

You need to use hash tables to pass nested parameters. See a sample of Nested parameters.

Pro-tip: Use the Microsoft Graph PowerShell -ConsistencyLevel parameter. It lets you do $count! To learn more about the -ConsistencyLevel parameter, see Advanced query parameters.

Share via

Why should I use it?

2 additional answers

Your answer