Active Directory Bulk Changes With Powershell
Managing users in Active Directory is a large part of any Office 365 administrator’s job. Office 365 administrators frequently need to take actions on a large number of Azure Active Directory (Azure AD) users at a time: creating users in bulk, changing details for many users at once, finding groups of users that have a certain attribute, and so on.
One of the most efficient ways to perform these types of batch or bulk actions in Azure AD is via PowerShell, interactively via the command prompt or automatically with PowerShell scripts. PowerShell allows Office 365 administrators to perform actions that are often unavailable or difficult to do through the admin center UI.
Once you’ve installed and set up the Azure Active Directory module for PowerShell, you can authenticate through Azure AD and begin using the cmdlets. PowerShell actions can range from simple to complex, and there are often multiple, configurable ways to take the same action. Below are several common examples of bulk user management in Office 365 that can be performed via PowerShell.
Create users in bulk using Powershell
To create users with a PowerShell cmdlet, first you will need a CSV file with users’ details, such as email addresses, first name, last name, etc. Optionally, you can also define passwords for all new users at this stage, as well as a range of other attributes. When your CSV file is ready, you will use a command like this, changing the variables (shown for example only):
import-csv $path | foreach {
New-Msoluser -userPrincipalName $_.UserPrincipalName -displayname $_.displayname -firstname $_.firstname -lastname $_.lastname -password $_.Password -usagelocation “us”
}
At this stage, you can also assign licenses to users and check the license status.
Find users that meet certain criteria using Powershell
PowerShell can be used to search for Active Directory objects that have a certain attribute, which often translates into users meeting a certain criteria. You might use the Search-ADAccount cmdlet to find a set of users in your domain who don’t have a telephone number assigned.
Change user attributes in bulk using Powershell
After you’ve found users that meet a certain criteria, you may have to move or change their attributes. PowerShell can be used to change the data in Azure AD; for example, if you’ve moved to a new office and need to change the city and zip code associated with your users, you can use PowerShell. Depending on your situation, it may be helpful to create a CSV file for PowerShell to read to make the bulk updates.
Create external email contacts in bulk using Powershell
PowerShell will allow you to create external contacts in bulk and add information to the properties of each. If you have a CSV file of external contact details, you can add those contacts to the shared address book in Exchange Online, and even create distribution groups out of those external contacts. If necessary, you can use PowerShell to bulk create the external contacts and also hide them from the organization’s shared address book.
Reset Active Directory passwords in bulk using Powershell
If you have a list of user accounts that need a password reset, PowerShell allows you to perform that action in bulk, with scripts that can reset the password for all users and also expire the password so it must be changed the next time the user logs in.
These topics don’t represent the only things you can do in bulk with Azure AD using PowerShell. Visit the Microsoft Script Center for more information.