Share via

How do i run a bulk update for the 'Employee Type' and 'Employee Hire Date' attribute for users in you tenant using a CSV file in MS graph PowerShell

Paul Nwanochiri 20 Reputation points Microsoft External Staff
2023-12-29T12:49:44.5433333+00:00

According to this article (https://learn.microsoft.com/en-us/answers/questions/1004754/set-employee-type-from-powershell) it was explained how to Update Employee Type Attribute on Cloud Only Users using Graph PowerShell. I tried but it did not work for me. I got an error on Graph shell running the script on the article.

Connect-MgGraph -Scopes User.ReadWrite.All

Select-MgProfile -Name beta

Get-MgUser -UserId ******@contoso.com | Select -Property EmployeeType

Update-MgUser -UserId ******@contoso.com -EmployeeType FTE

Meanwhile the user i used to run this has (App admin role, global admin role and i have given the MS graph PowerShell the admin consent) Please find the error details on bottom.

However, my main concern is how to run a bulk update for the 'Employee Type' and 'Employee Hire Date' attribute for users in you tenant using a CSV file in MS graph PowerShell or Graph API.

I also need the required permission needed to perform this task.

Please find the error of the i got when i run the script to Update Employee Type Attribute on Cloud Only Users using Graph PowerShell.

Select-MgProfile : The term 'Select-MgProfile' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or 
if a path was included, verify that the path is correct and try again.
At line:2 char:1
+ Select-MgProfile -Name beta
+ ~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Select-MgProfile:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

 
EmployeeType
------------
Update-MgUser : Insufficient privileges to complete the operation.
Status: 403 (Forbidden)
ErrorCode: Authorization_RequestDenied
Date: 2023-12-29T12:30:59
Headers:
Transfer-Encoding             : chunked
Vary                          : Accept-Encoding
Strict-Transport-Security     : max-age=31536000
request-id                    : 45a5be83-7dbd-4720-9d94-249608cc7773
client-request-id             : 88f90e57-c05c-4cd3-ac1c-b1df255f1982
x-ms-ags-diagnostic           : {"ServerInfo":{"DataCenter":"East US 2","Slice":"E","Ring":"5","ScaleUnit":"001","RoleInstance":"BN1PEPF00004329"}}
x-ms-resource-unit            : 1
Cache-Control                 : no-cache
Date                          : Fri, 29 Dec 2023 12:30:59 GMT
At line:4 char:1
+ Update-MgUser -UserId ******@owoeyeayo6outlook.onmicrosoft.com -Employ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: ({ UserId = Pabl...softGraphUser }:<>f__AnonymousType42`2) [Update-MgUser_UpdateExpanded], Exception
    + FullyQualifiedErrorId : Authorization_RequestDenied,Microsoft.Graph.PowerShell.Cmdlets.UpdateMgUser_UpdateExpanded
Windows for business | Windows Server | User experience | PowerShell
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Community Center | Discuss the Q&A site | Get started on Q&A
Microsoft Security | Microsoft Graph
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sourabh Gupta 800 Reputation points Microsoft External Staff
    2023-12-30T11:24:52.4933333+00:00

    Hi Paul Nwanochiri,

    Thanks for reaching out.

    Update-MgUser is a graph command and based upon the link you have attached is meant for cloud users only, could you please check if the user is cloud user only. if not, you can use permissions Directory.ReadWrite.All, User.ReadWrite.All (application)

    In case nothing works, maybe you can also give a try to use the following permission.

     Import-Module Microsoft.Graph.Users
 Connect-MgGraph -Scopes "Directory.AccessAsUser.All"

    Be Careful with this permission, this will allow you to do anything a signed in user can do.

    For bulk update using csv, you can write down a script similar to something below by updating the $params object for your use case.

    # Install the required modules - if not already installed
#Install-Module -Name Microsoft.Graph 

Import-Module Microsoft.Graph.Users

Connect-MgGraph -Scopes "Directory.AccessAsUser.All"

# Import users from CSV
$csvPath = "PATH\passwordReset.csv" #Containing Username and Password
Import-Csv $csvPath | ForEach-Object {
	$upn = $_."Username" + "@DOAMIN.org.uk"
	$params = @{
			passwordProfile = @{
				forceChangePasswordNextSignIn = $true
				password = $_."Password"
			}
			accountEnabled = $true
		}
	try {
		Update-MgUser -UserId $upn -BodyParameter $params
		Write-Host "Azure Password has been reset for: $upn"
	} catch {
		Write-Host "Failed to reset password for: $upn"
		Write-Host $_.Exception.Message
	}
}

    For specific details about how to update a specific property you can refer to the following link https://learn.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=powershell#request

    Refer to the below screenshot for your specific properties update on the same link.

    User's image

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.