Share via


az ad user

Manage Microsoft Entra users.

Commands

Name Description Type Status
az ad user create

Create a user.

Core GA
az ad user delete

Delete a user.

Core GA
az ad user get-member-groups

Get groups of which the user is a member.

Core GA
az ad user list

List users.

Core GA
az ad user show

Get the details of a user.

Core GA
az ad user update

Update a user.

Core GA

az ad user create

Create a user.

az ad user create --display-name
                  --password
                  --user-principal-name
                  [--force-change-password-next-sign-in {false, true}]
                  [--immutable-id]
                  [--mail-nickname]

Examples

Create a user

az ad user create --display-name myuser --password password --user-principal-name myuser@contoso.com

Required Parameters

--display-name

Object's display name or its prefix.

--password

The password that should be assigned to the user for authentication.

--user-principal-name

The user principal name (someuser@contoso.com). It must contain one of the verified domains for the tenant.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--force-change-password-next-sign-in

Marks this user as needing to update their password the next time they authenticate. If omitted, false will be used.

Property Value
Default value: False
Accepted values: false, true
--immutable-id

This property is used to associate an on-premises Active Directory user account to their Microsoft Entra user object. This property must be specified when creating a new user account in the Graph if you're using a federated domain for the user's userPrincipalName (UPN) property. NOTE: The $ and _ characters can't be used when specifying this property.

--mail-nickname

Mail alias. Defaults to user principal name.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az ad user delete

Delete a user.

az ad user delete --id

Examples

Delete a user.

az ad user delete --id myuser@contoso.com

Required Parameters

--id

The object ID or principal name of the user for which to get information.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az ad user get-member-groups

Get groups of which the user is a member.

az ad user get-member-groups --id
                             [--security-enabled-only {false, true}]

Examples

Get groups of which the user is a member

az ad user get-member-groups --id myuser@contoso.com

Required Parameters

--id

The object ID or principal name of the user for which to get information.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--security-enabled-only

True to specify that only security groups that the entity is a member of should be returned; false to specify that all groups and directory roles that the entity is a member of should be returned.

Property Value
Default value: False
Accepted values: false, true
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az ad user list

List users.

az ad user list [--display-name]
                [--filter]
                [--upn]

Examples

List all users.

az ad user list

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--display-name

Object's display name or its prefix.

--filter

OData filter, e.g. --filter "displayname eq 'test' and servicePrincipalType eq 'Application'".

--upn

User principal name, e.g. john.doe@contoso.com.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az ad user show

Get the details of a user.

az ad user show --id

Examples

Show a user.

az ad user show --id myuser@contoso.com

Required Parameters

--id

The object ID or principal name of the user for which to get information.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az ad user update

Update a user.

az ad user update --id
                  [--account-enabled {false, true}]
                  [--display-name]
                  [--force-change-password-next-sign-in {false, true}]
                  [--mail-nickname]
                  [--password]

Examples

Update a user.

az ad user update --id myuser@contoso.com --display-name username2

Required Parameters

--id

The object ID or principal name of the user for which to get information.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--account-enabled

Enable the user account.

Property Value
Accepted values: false, true
--display-name

Object's display name or its prefix.

--force-change-password-next-sign-in

If the user must change her password on the next login.

Property Value
Accepted values: false, true
--mail-nickname

Mail alias. Defaults to user principal name.

--password

User password.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False