az ad user
Manage Microsoft Entra users.
Commands
Name | Description | Type | Status |
---|---|---|---|
az ad user create |
Create a user. |
Core | GA |
az ad user delete |
Delete a user. |
Core | GA |
az ad user get-member-groups |
Get groups of which the user is a member. |
Core | GA |
az ad user list |
List users. |
Core | GA |
az ad user show |
Get the details of a user. |
Core | GA |
az ad user update |
Update a user. |
Core | GA |
az ad user create
Create a user.
az ad user create --display-name
--password
--user-principal-name
[--force-change-password-next-sign-in {false, true}]
[--immutable-id]
[--mail-nickname]
Examples
Create a user
az ad user create --display-name myuser --password password --user-principal-name myuser@contoso.com
Required Parameters
Object's display name or its prefix.
The password that should be assigned to the user for authentication.
The user principal name (someuser@contoso.com). It must contain one of the verified domains for the tenant.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Marks this user as needing to update their password the next time they authenticate. If omitted, false will be used.
Property | Value |
---|---|
Default value: | False |
Accepted values: | false, true |
This property is used to associate an on-premises Active Directory user account to their Microsoft Entra user object. This property must be specified when creating a new user account in the Graph if you're using a federated domain for the user's userPrincipalName (UPN) property. NOTE: The $ and _ characters can't be used when specifying this property.
Mail alias. Defaults to user principal name.
Global Parameters
Increase logging verbosity to show all debug logs.
Property | Value |
---|---|
Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
Property | Value |
---|---|
Default value: | False |
Output format.
Property | Value |
---|---|
Default value: | json |
Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
Property | Value |
---|---|
Default value: | False |
az ad user delete
Delete a user.
az ad user delete --id
Examples
Delete a user.
az ad user delete --id myuser@contoso.com
Required Parameters
The object ID or principal name of the user for which to get information.
Global Parameters
Increase logging verbosity to show all debug logs.
Property | Value |
---|---|
Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
Property | Value |
---|---|
Default value: | False |
Output format.
Property | Value |
---|---|
Default value: | json |
Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
Property | Value |
---|---|
Default value: | False |
az ad user get-member-groups
Get groups of which the user is a member.
az ad user get-member-groups --id
[--security-enabled-only {false, true}]
Examples
Get groups of which the user is a member
az ad user get-member-groups --id myuser@contoso.com
Required Parameters
The object ID or principal name of the user for which to get information.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
True to specify that only security groups that the entity is a member of should be returned; false to specify that all groups and directory roles that the entity is a member of should be returned.
Property | Value |
---|---|
Default value: | False |
Accepted values: | false, true |
Global Parameters
Increase logging verbosity to show all debug logs.
Property | Value |
---|---|
Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
Property | Value |
---|---|
Default value: | False |
Output format.
Property | Value |
---|---|
Default value: | json |
Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
Property | Value |
---|---|
Default value: | False |
az ad user list
List users.
az ad user list [--display-name]
[--filter]
[--upn]
Examples
List all users.
az ad user list
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Object's display name or its prefix.
OData filter, e.g. --filter "displayname eq 'test' and servicePrincipalType eq 'Application'".
User principal name, e.g. john.doe@contoso.com.
Global Parameters
Increase logging verbosity to show all debug logs.
Property | Value |
---|---|
Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
Property | Value |
---|---|
Default value: | False |
Output format.
Property | Value |
---|---|
Default value: | json |
Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
Property | Value |
---|---|
Default value: | False |
az ad user show
Get the details of a user.
az ad user show --id
Examples
Show a user.
az ad user show --id myuser@contoso.com
Required Parameters
The object ID or principal name of the user for which to get information.
Global Parameters
Increase logging verbosity to show all debug logs.
Property | Value |
---|---|
Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
Property | Value |
---|---|
Default value: | False |
Output format.
Property | Value |
---|---|
Default value: | json |
Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
Property | Value |
---|---|
Default value: | False |
az ad user update
Update a user.
az ad user update --id
[--account-enabled {false, true}]
[--display-name]
[--force-change-password-next-sign-in {false, true}]
[--mail-nickname]
[--password]
Examples
Update a user.
az ad user update --id myuser@contoso.com --display-name username2
Required Parameters
The object ID or principal name of the user for which to get information.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Enable the user account.
Property | Value |
---|---|
Accepted values: | false, true |
Object's display name or its prefix.
If the user must change her password on the next login.
Property | Value |
---|---|
Accepted values: | false, true |
Mail alias. Defaults to user principal name.
User password.
Global Parameters
Increase logging verbosity to show all debug logs.
Property | Value |
---|---|
Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
Property | Value |
---|---|
Default value: | False |
Output format.
Property | Value |
---|---|
Default value: | json |
Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
Property | Value |
---|---|
Default value: | False |