Update-AzADUser
Syntax
UPNOrObjectIdParameterSet (Default)
Update-AzADUser
-UPNOrObjectId <String>
[-AccountEnabled <Boolean>]
[-Password <SecureString>]
[-ForceChangePasswordNextLogin]
[-AgeGroup <String>]
[-City <String>]
[-CompanyName <String>]
[-ConsentProvidedForMinor <String>]
[-Country <String>]
[-DeletedDateTime <DateTime>]
[-Department <String>]
[-DisplayName <String>]
[-EmployeeHireDate <DateTime>]
[-EmployeeId <String>]
[-EmployeeType <String>]
[-ExternalUserState <String>]
[-ExternalUserStateChangeDateTime <DateTime>]
[-FaxNumber <String>]
[-GivenName <String>]
[-Id <String>]
[-Identity <IMicrosoftGraphObjectIdentity[]>]
[-IsResourceAccount]
[-JobTitle <String>]
[-Mail <String>]
[-MailNickname <String>]
[-OfficeLocation <String>]
[-OnPremisesImmutableId <String>]
[-OtherMail <String[]>]
[-PasswordPolicy <String>]
[-PasswordProfile <IMicrosoftGraphPasswordProfile>]
[-PostalCode <String>]
[-PreferredLanguage <String>]
[-ShowInAddressList]
[-State <String>]
[-StreetAddress <String>]
[-Surname <String>]
[-UsageLocation <String>]
[-UserType <String>]
[-DefaultProfile <PSObject>]
[-PassThru]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
ObjectIdParameterSet
Update-AzADUser
-ObjectId <String>
[-AccountEnabled <Boolean>]
[-Password <SecureString>]
[-ForceChangePasswordNextLogin]
[-AgeGroup <String>]
[-City <String>]
[-CompanyName <String>]
[-ConsentProvidedForMinor <String>]
[-Country <String>]
[-DeletedDateTime <DateTime>]
[-Department <String>]
[-DisplayName <String>]
[-EmployeeHireDate <DateTime>]
[-EmployeeId <String>]
[-EmployeeType <String>]
[-ExternalUserState <String>]
[-ExternalUserStateChangeDateTime <DateTime>]
[-FaxNumber <String>]
[-GivenName <String>]
[-Id <String>]
[-Identity <IMicrosoftGraphObjectIdentity[]>]
[-IsResourceAccount]
[-JobTitle <String>]
[-Mail <String>]
[-MailNickname <String>]
[-OfficeLocation <String>]
[-OnPremisesImmutableId <String>]
[-OtherMail <String[]>]
[-PasswordPolicy <String>]
[-PasswordProfile <IMicrosoftGraphPasswordProfile>]
[-PostalCode <String>]
[-PreferredLanguage <String>]
[-ShowInAddressList]
[-State <String>]
[-StreetAddress <String>]
[-Surname <String>]
[-UsageLocation <String>]
[-UserType <String>]
[-DefaultProfile <PSObject>]
[-PassThru]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Update-AzADUser
-InputObject <IMicrosoftGraphUser>
[-AccountEnabled <Boolean>]
[-Password <SecureString>]
[-ForceChangePasswordNextLogin]
[-AgeGroup <String>]
[-City <String>]
[-CompanyName <String>]
[-ConsentProvidedForMinor <String>]
[-Country <String>]
[-DeletedDateTime <DateTime>]
[-Department <String>]
[-DisplayName <String>]
[-EmployeeHireDate <DateTime>]
[-EmployeeId <String>]
[-EmployeeType <String>]
[-ExternalUserState <String>]
[-ExternalUserStateChangeDateTime <DateTime>]
[-FaxNumber <String>]
[-GivenName <String>]
[-Id <String>]
[-Identity <IMicrosoftGraphObjectIdentity[]>]
[-IsResourceAccount]
[-JobTitle <String>]
[-Mail <String>]
[-MailNickname <String>]
[-OfficeLocation <String>]
[-OnPremisesImmutableId <String>]
[-OtherMail <String[]>]
[-PasswordPolicy <String>]
[-PasswordProfile <IMicrosoftGraphPasswordProfile>]
[-PostalCode <String>]
[-PreferredLanguage <String>]
[-ShowInAddressList]
[-State <String>]
[-StreetAddress <String>]
[-Surname <String>]
[-UsageLocation <String>]
[-UserType <String>]
[-DefaultProfile <PSObject>]
[-PassThru]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
UPNParameterSet
Update-AzADUser
-UserPrincipalName <String>
[-AccountEnabled <Boolean>]
[-Password <SecureString>]
[-ForceChangePasswordNextLogin]
[-AgeGroup <String>]
[-City <String>]
[-CompanyName <String>]
[-ConsentProvidedForMinor <String>]
[-Country <String>]
[-DeletedDateTime <DateTime>]
[-Department <String>]
[-DisplayName <String>]
[-EmployeeHireDate <DateTime>]
[-EmployeeId <String>]
[-EmployeeType <String>]
[-ExternalUserState <String>]
[-ExternalUserStateChangeDateTime <DateTime>]
[-FaxNumber <String>]
[-GivenName <String>]
[-Id <String>]
[-Identity <IMicrosoftGraphObjectIdentity[]>]
[-IsResourceAccount]
[-JobTitle <String>]
[-Mail <String>]
[-MailNickname <String>]
[-OfficeLocation <String>]
[-OnPremisesImmutableId <String>]
[-OtherMail <String[]>]
[-PasswordPolicy <String>]
[-PasswordProfile <IMicrosoftGraphPasswordProfile>]
[-PostalCode <String>]
[-PreferredLanguage <String>]
[-ShowInAddressList]
[-State <String>]
[-StreetAddress <String>]
[-Surname <String>]
[-UsageLocation <String>]
[-UserType <String>]
[-DefaultProfile <PSObject>]
[-PassThru]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Examples
Example 1: Update user by user principal name
Update-AzADUser -UPNOrObjectId $upn -City $city
Update user by user principal name
Parameters
-AccountEnabled
true for enabling the account; otherwise, false.
Always true when combined with -Password
.
-AccountEnabled $false
is ignored when changing the account's password.
Parameter properties
Type: Boolean
Default value: None
Supports wildcards: False
DontShow: False
Aliases: EnableAccount
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-AgeGroup
Sets the age group of the user.
Allowed values: null, minor, notAdult and adult.
Refer to the legal age group property definitions for further information.
Supports $filter (eq, ne, NOT, and in).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-City
The city in which the user is located.
Maximum length is 128 characters.
Supports $filter (eq, ne, NOT, ge, le, in, startsWith).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-CompanyName
The company name which the user is associated.
This property can be useful for describing the company that an external user comes from.
The maximum length of the company name is 64 characters.Supports $filter (eq, ne, NOT, ge, le, in, startsWith).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: None
Supports wildcards: False
DontShow: False
Aliases: cf
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
Sets whether consent has been obtained for minors.
Allowed values: null, granted, denied and notRequired.
Refer to the legal age group property definitions for further information.
Supports $filter (eq, ne, NOT, and in).
Type: String
Default value: None
Supports wildcards: False
DontShow: False
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-Country
The country/region in which the user is located; for example, US or UK.
Maximum length is 128 characters.
Supports $filter (eq, ne, NOT, ge, le, in, startsWith).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
Type: PSObject
Default value: None
Supports wildcards: False
DontShow: False
Aliases: AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-DeletedDateTime
.
Parameter properties
Type: DateTime
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-Department
The name for the department in which the user works.
Maximum length is 64 characters.Supports $filter (eq, ne, NOT , ge, le, and in operators).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-DisplayName
The name displayed in the address book for the user.
This value is usually the combination of the user's first name, middle initial, and last name.
This property is required when a user is created and it cannot be cleared during updates.
Maximum length is 256 characters.
Supports $filter (eq, ne, NOT , ge, le, in, startsWith), $orderBy, and $search.
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-EmployeeHireDate
The date and time when the user was hired or will start work in case of a future hire.
Supports $filter (eq, ne, NOT , ge, le, in).
Parameter properties
Type: DateTime
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-EmployeeId
The employee identifier assigned to the user by the organization.
Supports $filter (eq, ne, NOT , ge, le, in, startsWith).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-EmployeeType
Captures enterprise worker type.
For example, Employee, Contractor, Consultant, or Vendor.
Supports $filter (eq, ne, NOT , ge, le, in, startsWith).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-ExternalUserState
For an external user invited to the tenant using the invitation API, this property represents the invited user's invitation status.
For invited users, the state can be PendingAcceptance or Accepted, or null for all other users.
Supports $filter (eq, ne, NOT , in).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-ExternalUserStateChangeDateTime
Shows the timestamp for the latest change to the externalUserState property.
Supports $filter (eq, ne, NOT , in).
Parameter properties
Type: DateTime
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-FaxNumber
The fax number of the user.
Supports $filter (eq, ne, NOT , ge, le, in, startsWith).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-ForceChangePasswordNextLogin
It must be specified if the user must change the password on the next successful login (true).
Default behavior is (false) to not change the password on the next successful login.
Parameter properties
Type: SwitchParameter
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-GivenName
The given name (first name) of the user.
Maximum length is 64 characters.
Supports $filter (eq, ne, NOT , ge, le, in, startsWith).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-Id
Read-only.
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-Identity
Represents the identities that can be used to sign in to this user account.
An identity can be provided by Microsoft (also known as a local account), by organizations, or by social identity providers such as Facebook, Google, and Microsoft, and tied to a user account.
May contain multiple items with the same signInType value.
Supports $filter (eq) only where the signInType is not userPrincipalName.
To construct, see NOTES section for IDENTITY properties and create a hash table.
Parameter properties
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
user input object
InputObjectParameterSet
Position: Named
Mandatory: True
Value from pipeline: True
Value from pipeline by property name: False
Value from remaining arguments: False
-IsResourceAccount
Do not use - reserved for future use.
Parameter properties
Type: SwitchParameter
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-JobTitle
The user's job title.
Maximum length is 128 characters.
Supports $filter (eq, ne, NOT , ge, le, in, startsWith).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-Mail
The SMTP address for the user, for example, admin@contoso.com.
Changes to this property will also update the user's proxyAddresses collection to include the value as an SMTP address.
While this property can contain accent characters, using them can cause access issues with other Microsoft applications for the user.
Supports $filter (eq, ne, NOT, ge, le, in, startsWith, endsWith).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-MailNickname
The mail alias for the user.
This property must be specified when a user is created.
Maximum length is 64 characters.
Supports $filter (eq, ne, NOT, ge, le, in, startsWith).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-ObjectId
The user principal name of the user to be updated.
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
ObjectIdParameterSet
Position: Named
Mandatory: True
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-OfficeLocation
The office location in the user's place of business.
Maximum length is 128 characters.
Supports $filter (eq, ne, NOT, ge, le, in, startsWith).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-OnPremisesImmutableId
This property is used to associate an on-premises Active Directory user account to their Azure AD user object.
This property must be specified when creating a new user account in the Graph if you are using a federated domain for the user's userPrincipalName (UPN) property.
NOTE: The $ and _ characters cannot be used when specifying this property.
Returned only on $select.
Supports $filter (eq, ne, NOT, ge, le, in)..
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-OtherMail
A list of additional email addresses for the user; for example: ['bob@contoso.com', 'Robert@fabrikam.com'].NOTE: While this property can contain accent characters, they can cause access issues to first-party applications for the user.Supports $filter (eq, NOT, ge, le, in, startsWith).
Parameter properties
Type: String [ ]
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-PassThru
Returns true when the command succeeds
Parameter properties
Type: SwitchParameter
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-Password
The password for the user.
This property is required when a user is created.
It can be updated, but the user will be required to change the password on the next login.
The password must satisfy minimum requirements as specified by the user's passwordPolicies property.
By default, a strong password is required.
When changing the password using this method, AccountEnabled is set to true.
Parameter properties
Type: SecureString
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-PasswordPolicy
Specifies password policies for the user.
This value is an enumeration with one possible value being DisableStrongPassword, which allows weaker passwords than the default policy to be specified.
DisablePasswordExpiration can also be specified.
The two may be specified together; for example: DisablePasswordExpiration, DisableStrongPassword.Supports $filter (ne, NOT).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-PasswordProfile
passwordProfile
To construct, see NOTES section for PASSWORDPROFILE properties and create a hash table.
Parameter properties
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-PostalCode
The postal code for the user's postal address.
The postal code is specific to the user's country/region.
In the United States of America, this attribute contains the ZIP code.
Maximum length is 40 characters.
Supports $filter (eq, ne, NOT, ge, le, in, startsWith).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-PreferredLanguage
The preferred language for the user.
Should follow ISO 639-1 Code; for example en-US.
Supports $filter (eq, ne, NOT, ge, le, in, startsWith).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-ShowInAddressList
true if the Outlook global address list should contain this user, otherwise false.
If not set, this will be treated as true.
For users invited through the invitation manager, this property will be set to false.
Supports $filter (eq, ne, NOT, in).
Parameter properties
Type: SwitchParameter
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-State
The state or province in the user's address.
Maximum length is 128 characters.
Supports $filter (eq, ne, NOT, ge, le, in, startsWith).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-StreetAddress
The street address of the user's place of business.
Maximum length is 1024 characters.
Supports $filter (eq, ne, NOT, ge, le, in, startsWith).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-Surname
The user's surname (family name or last name).
Maximum length is 64 characters.
Supports $filter (eq, ne, NOT, ge, le, in, startsWith).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-UPNOrObjectId
The user principal name or object id of the user to be updated.
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
UPNOrObjectIdParameterSet
Position: Named
Mandatory: True
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-UsageLocation
A two letter country code (ISO standard 3166).
Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries.
Examples include: US, JP, and GB.
Not nullable.
Supports $filter (eq, ne, NOT, ge, le, in, startsWith).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-UserPrincipalName
The user principal name (UPN) of the user.
The UPN is an Internet-style login name for the user based on the Internet standard RFC 822.
By convention, this should map to the user's email name.
The general format is alias@domain, where domain must be present in the tenant's collection of verified domains.
This property is required when a user is created.
The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: While this property can contain accent characters, they can cause access issues to first-party applications for the user.
Supports $filter (eq, ne, NOT, ge, le, in, startsWith, endsWith) and $orderBy.
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Aliases: UPN
Parameter sets
UPNParameterSet
Position: Named
Mandatory: True
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-UserType
A string value that can be used to classify user types in your directory, such as Member and Guest.
Supports $filter (eq, ne, NOT, in,).
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: None
Supports wildcards: False
DontShow: False
Aliases: wi
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
Notes