Manage Azure AD users

Updated: July 30, 2015

Applies To: Azure, Azure Active Directory, Office 365, Windows Intune

Manage users

Use the following cmdlets to perform a variety of tasks related to managing users, passwords, and UPNs.

Windows PowerShell cmdlet Description

Convert-MsolFederatedUser

The Convert-MsolFederatedUser cmdlet is used to update a user in a domain that was recently converted from single sign-on (also known as identity federation) to standard authentication type. A new password must be provided for the user.

Get-MsolUser

The Get-MsolUser cmdlet can be used to retrieve an individual user, or list of users. An individual user will be retrieved if the ObjectId or UserPrincipalName parameter is used.

New-MsolUser

The New-MsolUser cmdlet is used to create a new user in Azure AD. In order to give the user access to services, they must also be assigned a license (using the LicenseAssignment parameter).

Remove-MsolUser

The Remove-MsolUser cmdlet is used to remove a user from Azure AD. This cmdlet will delete the user, their licenses, and any other associated data.

Restore-MsolUser

The Restore-MsolUser cmdlet restores a user that is in the Deleted users view to their original state. Users will remain in the Deleted users view for 30 days.

Set-MsolUser

The Set-MsolUser cmdlet is used to update a user object. Note that this cmdlet should be used for basic properties only. The licenses, password, and User Principal Name for a user can be updated through Set-MsolUserLicense, Set-MsolUserPassword and Set-MsolUserPrincipalName cmdlets respectively.

Set-MsolUserPassword

The Set-MsolUserPassword cmdlet is used to change the password of a user. This cmdlet can only be used for users with standard identities.

Set-MsolUserPrincipalName

The Set-MsolUserPrincipalName cmdlet is used to change the User Principal Name () of a user. This cmdlet can be used to move a user between a federated and standard domain, which will result in their authentication type changing to that of the target domain.

Redo-MsolProvisionUser

The Redo-MsolProvisionUser cmdlet can be used to retry the provisioning of a user object in Azure Active Directory when a previous attempt to create the user object resulted in a validation error.

See Also

Concepts

Manage Azure AD using Windows PowerShell