diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserAppRoleAssignment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserAppRoleAssignment.md index d6f4832d4..41762b63c 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserAppRoleAssignment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserAppRoleAssignment.md @@ -37,24 +37,36 @@ Get-EntraBetaUserAppRoleAssignment The `Get-EntraBetaUserAppRoleAssignment` cmdlet gets a user application role assignment. +To perform this operation in delegated scenarios using work or school accounts, the signed-in user must have one of the following least privileged roles, or a custom role with the necessary permissions: + +- Guest Inviter - Read app role assignments for users only +- Directory Readers +- Directory Synchronization Accounts - for Microsoft Entra Connect and Microsoft Entra Cloud Sync services +- Directory Writer +- Hybrid Identity Administrator +- Identity Governance Administrator +- Privileged Role Administrator +- User Administrator +- Application Administrator +- Cloud Application Administrator + ## Examples ### Example 1: Get a user application role assignment ```powershell Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All','Directory.Read.All' -$UserId = (Get-EntraBetaUser -Top 1).ObjectId -Get-EntraBetaUserAppRoleAssignment -ObjectId $UserId +$user = Get-EntraBetaUser -UserId 'SawyerM@contoso.com' +Get-EntraBetaUserAppRoleAssignment -ObjectId $user.Id ``` ```Output -DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName ---------------- -- --------- --------------- -------------------- ----------- ------------- ------------------- - 0ekrQWAUYUCO7cyiA_A1bC2dE3fH4i 00001111-aaaa-2222-bbbb-3333cccc4444 31-07-2023 04:29:57 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-1 - 0ekrQWAUYUCO7cyiA_C2dE3fH4iJ5k 11112222-bbbb-3333-cccc-4444dddd5555 12-07-2023 10:09:17 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-2 - 0ekrQWAUYUCO7cyiA_H4iJ5kL6mN7o 22223333-cccc-4444-dddd-5555eeee6666 13-09-2023 16:41:53 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-5 - 0ekrQWAUYUCO7cyiA_J5kL6mN7oP8q 33334444-dddd-5555-eeee-6666ffff7777 13-09-2023 17:28:17 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-7 - +DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName +--------------- -- --------- --------------- -------------------- ----------- ------------- ------------------- + 0ekrQWAUYUCO7cyiA_A1bC2dE3fH4i 00001111-aaaa-2222-bbbb-3333cccc4444 31-07-2023 04:29:57 Sawyer Miller aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-1 + 0ekrQWAUYUCO7cyiA_C2dE3fH4iJ5k 11112222-bbbb-3333-cccc-4444dddd5555 12-07-2023 10:09:17 Sawyer Miller aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-2 + 0ekrQWAUYUCO7cyiA_H4iJ5kL6mN7o 22223333-cccc-4444-dddd-5555eeee6666 13-09-2023 16:41:53 Sawyer Miller aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-5 + 0ekrQWAUYUCO7cyiA_J5kL6mN7oP8q 33334444-dddd-5555-eeee-6666ffff7777 13-09-2023 17:28:17 Sawyer Miller aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-7 ``` This example retrieves a user application role assignment for the user in $UserId. You can use the comand `Get-EntraBetaUser` to get Service principal Object ID. @@ -65,16 +77,17 @@ This example retrieves a user application role assignment for the user in $UserI ```powershell Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All','Directory.Read.All' -Get-EntraBetaUserAppRoleAssignment -ObjectId 'aaaaaaaa-bbbb-cccc-1111-222222222222' -All +$user = Get-EntraBetaUser -UserId 'SawyerM@contoso.com' +Get-EntraBetaUserAppRoleAssignment -ObjectId $user.Id -All ``` ```Output -DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName ---------------- -- --------- --------------- -------------------- ----------- ------------- ------------------- - 0ekrQWAUYUCO7cyiA_A1bC2dE3fH4i 00001111-aaaa-2222-bbbb-3333cccc4444 31-07-2023 04:29:57 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-1 - 0ekrQWAUYUCO7cyiA_C2dE3fH4iJ5k 11112222-bbbb-3333-cccc-4444dddd5555 12-07-2023 10:09:17 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-2 - 0ekrQWAUYUCO7cyiA_H4iJ5kL6mN7o 22223333-cccc-4444-dddd-5555eeee6666 13-09-2023 16:41:53 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-5 - 0ekrQWAUYUCO7cyiA_J5kL6mN7oP8q 33334444-dddd-5555-eeee-6666ffff7777 13-09-2023 17:28:17 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-7 +DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName +--------------- -- --------- --------------- -------------------- ----------- ------------- ------------------- + 0ekrQWAUYUCO7cyiA_A1bC2dE3fH4i 00001111-aaaa-2222-bbbb-3333cccc4444 31-07-2023 04:29:57 Sawyer Miller aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-1 + 0ekrQWAUYUCO7cyiA_C2dE3fH4iJ5k 11112222-bbbb-3333-cccc-4444dddd5555 12-07-2023 10:09:17 Sawyer Miller aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-2 + 0ekrQWAUYUCO7cyiA_H4iJ5kL6mN7o 22223333-cccc-4444-dddd-5555eeee6666 13-09-2023 16:41:53 Sawyer Miller aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-5 + 0ekrQWAUYUCO7cyiA_J5kL6mN7oP8q 33334444-dddd-5555-eeee-6666ffff7777 13-09-2023 17:28:17 Sawyer Miller aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-7 ``` This example demonstrates how to retrieve all application role assignment for the specified user. @@ -89,10 +102,10 @@ Get-EntraBetaUserAppRoleAssignment -ObjectId 'aaaaaaaa-bbbb-cccc-1111-2222222222 ``` ```Output -DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName ---------------- -- --------- --------------- -------------------- ----------- ------------- ------------------- - 0ekrQWAUYUCO7cyiA_A1bC2dE3fH4i 00001111-aaaa-2222-bbbb-3333cccc4444 31-07-2023 04:29:57 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-1 - 0ekrQWAUYUCO7cyiA_C2dE3fH4iJ5k 11112222-bbbb-3333-cccc-4444dddd5555 12-07-2023 10:09:17 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-2 +DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName +--------------- -- --------- --------------- -------------------- ----------- ------------- ------------------- + 0ekrQWAUYUCO7cyiA_A1bC2dE3fH4i 00001111-aaaa-2222-bbbb-3333cccc4444 31-07-2023 04:29:57 Sawyer Miller aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-1 + 0ekrQWAUYUCO7cyiA_C2dE3fH4iJ5k 11112222-bbbb-3333-cccc-4444dddd5555 12-07-2023 10:09:17 Sawyer Miller aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-2 ``` This example demonstrates how to retrieve top two application role assignment for the specified user. diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserDirectReport.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserDirectReport.md index c392a9b9a..8e094271a 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserDirectReport.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserDirectReport.md @@ -43,13 +43,16 @@ The `Get-EntraBetaUserDirectReport` cmdlet gets the direct reports for a user in ```powershell Connect-Entra -Scopes 'User.Read','User.Read.All' -Get-EntraBetaUserDirectReport -UserId 'SawyerM@contoso.com' +Get-EntraBetaUserDirectReport -UserId 'SawyerM@contoso.com' | + Select-Object Id, displayName, userPrincipalName, createdDateTime, accountEnabled, userType | + Format-Table -AutoSize ``` ```Output -Id DeletedDateTime --- --------------- -bbbbbbbb-1111-2222-3333-cccccccccccc +id displayName userPrincipalName createdDateTime accountEnabled userType +-- ----------- ----------------- --------------- -------------- -------- +bbbbbbbb-1111-2222-3333-cccccccccccc Christie Cline ChristieC@Contoso.com 10/7/2024 12:32:25 AM True Member +aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Isaiah Langer IsaiahL@Contoso.com 10/7/2024 12:33:16 AM True Member ``` This example demonstrates how to retrieve direct reports for a user in Microsoft Entra ID. @@ -60,14 +63,16 @@ This example demonstrates how to retrieve direct reports for a user in Microsoft ```powershell Connect-Entra -Scopes 'User.Read','User.Read.All' -Get-EntraBetaUserDirectReport -UserId 'SawyerM@contoso.com' -All +Get-EntraBetaUserDirectReport -UserId 'SawyerM@contoso.com' -All | + Select-Object Id, displayName, userPrincipalName, createdDateTime, accountEnabled, userType | + Format-Table -AutoSize ``` ```Output -Id DeletedDateTime --- --------------- -bbbbbbbb-1111-2222-3333-cccccccccccc -aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb +id displayName userPrincipalName createdDateTime accountEnabled userType +-- ----------- ----------------- --------------- -------------- -------- +bbbbbbbb-1111-2222-3333-cccccccccccc Christie Cline ChristieC@Contoso.com 10/7/2024 12:32:25 AM True Member +aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Isaiah Langer IsaiahL@Contoso.com 10/7/2024 12:33:16 AM True Member ``` This example demonstrates how to retrieve all direct reports for a user in Microsoft Entra ID. @@ -78,14 +83,16 @@ This example demonstrates how to retrieve all direct reports for a user in Micro ```powershell Connect-Entra -Scopes 'User.Read','User.Read.All' -Get-EntraBetaUserDirectReport -UserId 'SawyerM@contoso.com' -Top 2 +Get-EntraBetaUserDirectReport -UserId 'SawyerM@contoso.com' -Top 2 | + Select-Object Id, displayName, userPrincipalName, createdDateTime, accountEnabled, userType | + Format-Table -AutoSize ``` ```Output -Id DeletedDateTime --- --------------- -bbbbbbbb-1111-2222-3333-cccccccccccc -aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb +id displayName userPrincipalName createdDateTime accountEnabled userType +-- ----------- ----------------- --------------- -------------- -------- +bbbbbbbb-1111-2222-3333-cccccccccccc Christie Cline ChristieC@Contoso.com 10/7/2024 12:32:25 AM True Member +aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Isaiah Langer IsaiahL@Contoso.com 10/7/2024 12:33:16 AM True Member ``` This example demonstrates how to retrieve top five direct reports for a user in Microsoft Entra ID. diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserExtension.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserExtension.md index 2774efafd..2e991a6f0 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserExtension.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserExtension.md @@ -41,8 +41,7 @@ The `Get-EntraBetaUserExtension` cmdlet gets a user extension in Microsoft Entra ```powershell Connect-Entra -Scopes 'User.Read' -$UserId = (Get-EntraBetaUser -ObjectId 'SawyerM@contoso.com').ObjectId -Get-EntraBetaUserExtension -UserId $UserId +Get-EntraBetaUserExtension -UserId 'SawyerM@contoso.com' ``` ```Output @@ -55,7 +54,7 @@ createdDateTime : 18/07/2024 05:13:40 userIdentities : {@{issuer=SawyerM@contoso.com; signInType=userPrincipalName; issuerAssignedId=SawyerM@contoso.com}} ``` -This example shows how to retrieve the extension attributes for a specified user. You can use the command `Get-EntraBetaUser` to get user object Id. +This example shows how to retrieve the extension attributes for a specified user. - `-UserId` parameter specifies the user object Id. diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserLicenseDetail.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserLicenseDetail.md index 41e037b00..a44810761 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserLicenseDetail.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserLicenseDetail.md @@ -35,6 +35,14 @@ Get-EntraBetaUserLicenseDetail This cmdlet retrieves license details for a user. +In delegated scenarios with work or school accounts, the signed-in user needs a supported Microsoft Entra role or a custom role with the `microsoft.directory/users/licenseDetails/read` permission. The following least privileged roles support this operation: + +- Guest Inviter +- Directory Readers +- Directory Writers +- License Administrator +- User Administrator + ## Examples ### Example 1: Retrieve user license details diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserManager.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserManager.md index 1bfd165f6..824267da2 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserManager.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserManager.md @@ -43,21 +43,15 @@ The `Get-EntraBetaUserManager` cmdlet gets the manager of a user in Microsoft En ```powershell Connect-Entra -Scopes 'User.Read.All' -Get-EntraBetaUserManager -UserId 'SawyerM@contoso.com' +Get-EntraBetaUserManager -UserId 'SawyerM@contoso.com' | + Select-Object Id, displayName, userPrincipalName, createdDateTime, accountEnabled, userType | + Format-Table -AutoSize ``` ```Output -DeletedDateTime : -Id : 00aa00aa-bb11-cc22-dd33-44ee44ee44ee -@odata.context : https://graph.microsoft.com/beta/$metadata#directoryObjects/$entity -@odata.type : #microsoft.graph.user -accountEnabled : True -businessPhones : {+1 858 555 0109} -city : San Diego -createdDateTime : 2023-07-07T14:18:05Z -country : United States -department : Sales & Marketing -displayName : Sawyer Miller +id displayName userPrincipalName createdDateTime accountEnabled userType +-- ----------- ----------------- --------------- -------------- -------- +00aa00aa-bb11-cc22-dd33-44ee44ee44ee Patti Fernandez PattiF@Contoso.com 10/7/2024 12:32:01 AM True Member ``` This example demonstrates how to retrieve the manager of a specific user. diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserMembership.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserMembership.md index 3cc00741b..43a03f1ac 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserMembership.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserMembership.md @@ -43,18 +43,17 @@ The `Get-EntraBetaUserMembership` cmdlet gets user memberships in Microsoft Entr ```powershell Connect-Entra -Scopes 'User.Read' -Get-EntraBetaUserMembership -UserId 'SawyerM@contoso.com' +Get-EntraBetaUserMembership -UserId 'SawyerM@contoso.com' | + Select-Object Id, displayName, createdDateTime, '@odata.type' | + Format-Table -AutoSize ``` ```Output -Id DeletedDateTime --- --------------- -00aa00aa-bb11-cc22-dd33-44ee44ee44ee -11bb11bb-cc22-dd33-ee44-55ff55ff55ff -22cc22cc-dd33-ee44-ff55-66aa66aa66aa -33dd33dd-ee44-ff55-aa66-77bb77bb77bb -44ee44ee-ff55-aa66-bb77-88cc88cc88cc -55ff55ff-aa66-bb77-cc88-99dd99dd99dd +Id displayName createdDateTime @odata.type +-- ----------- --------------- ----------- +00aa00aa-bb11-cc22-dd33-44ee44ee44ee Contoso 2024-10-06T08:49:16Z #microsoft.graph.group +22cc22cc-dd33-ee44-ff55-66aa66aa66aa Contoso marketing 2024-10-07T01:17:28Z #microsoft.graph.group +55ff55ff-aa66-bb77-cc88-99dd99dd99dd Pacific Admin Unit #microsoft.graph.administrativeUnit ``` This example demonstrates how to retrieve user memberships in Microsoft Entra ID. @@ -90,18 +89,17 @@ This example demonstrates how to retrieve user memberships in Microsoft Entra ID ```powershell Connect-Entra -Scopes 'User.Read' -Get-EntraBetaUserMembership -UserId 'SawyerM@contoso.com' -All +Get-EntraBetaUserMembership -UserId 'SawyerM@contoso.com' -All | + Select-Object Id, displayName, createdDateTime, '@odata.type' | + Format-Table -AutoSize ``` ```Output -Id DeletedDateTime --- --------------- -00aa00aa-bb11-cc22-dd33-44ee44ee44ee -11bb11bb-cc22-dd33-ee44-55ff55ff55ff -22cc22cc-dd33-ee44-ff55-66aa66aa66aa -33dd33dd-ee44-ff55-aa66-77bb77bb77bb -44ee44ee-ff55-aa66-bb77-88cc88cc88cc -55ff55ff-aa66-bb77-cc88-99dd99dd99dd +Id displayName createdDateTime @odata.type +-- ----------- --------------- ----------- +00aa00aa-bb11-cc22-dd33-44ee44ee44ee Contoso 2024-10-06T08:49:16Z #microsoft.graph.group +22cc22cc-dd33-ee44-ff55-66aa66aa66aa Contoso marketing 2024-10-07T01:17:28Z #microsoft.graph.group +55ff55ff-aa66-bb77-cc88-99dd99dd99dd Pacific Admin Unit #microsoft.graph.administrativeUnit ``` This example demonstrates how to retrieve users all memberships in Microsoft Entra ID. @@ -110,15 +108,17 @@ This example demonstrates how to retrieve users all memberships in Microsoft Ent ```powershell Connect-Entra -Scopes 'User.Read' -Get-EntraBetaUserMembership -UserId 'SawyerM@contoso.com' -Top 3 +Get-EntraBetaUserMembership -UserId 'SawyerM@contoso.com' -Top 3 | + Select-Object Id, displayName, createdDateTime, '@odata.type' | + Format-Table -AutoSize ``` ```Output -Id DeletedDateTime --- --------------- -00aa00aa-bb11-cc22-dd33-44ee44ee44ee -11bb11bb-cc22-dd33-ee44-55ff55ff55ff -22cc22cc-dd33-ee44-ff55-66aa66aa66aa +Id displayName createdDateTime @odata.type +-- ----------- --------------- ----------- +00aa00aa-bb11-cc22-dd33-44ee44ee44ee Contoso 2024-10-06T08:49:16Z #microsoft.graph.group +22cc22cc-dd33-ee44-ff55-66aa66aa66aa Contoso marketing 2024-10-07T01:17:28Z #microsoft.graph.group +55ff55ff-aa66-bb77-cc88-99dd99dd99dd Pacific Admin Unit #microsoft.graph.administrativeUnit ``` This example demonstrates how to retrieve users top three memberships in Microsoft Entra ID. @@ -127,14 +127,21 @@ This example demonstrates how to retrieve users top three memberships in Microso ```powershell Connect-Entra -Scopes 'User.Read.All' -$groups = Get-EntraBetaUserMembership -ObjectId 'SawyerM@contoso.com' -$groups | Select-Object DisplayName, Id, GroupTypes, Visibility | Format-Table -AutoSize +Get-EntraBetaUserMembership -UserId 'SawyerM@contoso.com' | + Where-Object {$_.'@odata.type' -eq '#microsoft.graph.group'} | + Select-Object Id, displayName, createdDateTime, groupTypes, securityEnabled, visibility, '@odata.type' | + Format-Table -AutoSize ``` ```Output -DisplayName Id GroupTypes Visibility ------------ -- ---------- ---------- -Contoso Group bbbbbbbb-1111-2222-3333-cccccccccccc {Unified} Public +Id displayName createdDateTime groupTypes securityEnabled visibility @odata.type +-- ----------- --------------- ---------- --------------- ---------- ----------- +00aa00aa-bb11-cc22-dd33-44ee44ee44ee Contoso 2024-10-06T08:49:16Z {Unified} False Public #microsoft.graph.group +11bb11bb-cc22-dd33-ee44-55ff55ff55ff Sales and Marketing 2024-10-07T00:43:47Z {Unified} True Public #microsoft.graph.group +22cc22cc-dd33-ee44-ff55-66aa66aa66aa Retail 2024-10-07T00:44:06Z {Unified} True Private #microsoft.graph.groupp +33dd33dd-ee44-ff55-aa66-77bb77bb77bb sg-Sales and Marketing 2024-10-07T00:45:16Z {} True #microsoft.graph.group +44ee44ee-ff55-aa66-bb77-88cc88cc88cc All Employees 2024-10-07T00:57:05Z {} False #microsoft.graph.group +55ff55ff-aa66-bb77-cc88-99dd99dd99dd Communications 2024-10-07T01:12:09Z {Unified} False Private #microsoft.graph.group ``` This example demonstrates how to retrieve the groups that a user is a member of. diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserOwnedObject.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserOwnedObject.md index 4fbb8e049..549d581ef 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserOwnedObject.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserOwnedObject.md @@ -44,77 +44,61 @@ The `Get-EntraBetaUserOwnedObject` cmdlet gets objects owned by a user in Micros ```powershell Connect-Entra -Scopes 'User.Read' -Get-EntraBetaUserOwnedObject -UserId 'SawyerM@contoso.com' +Get-EntraBetaUserOwnedObject -UserId 'SawyerM@contoso.com' | + Select-Object Id, displayName, createdDateTime, '@odata.type' | + Format-Table -AutoSize ``` ```Output -Id DeletedDateTime --- --------------- -bbbbbbbb-1111-2222-3333-cccccccccccc +id displayName createdDateTime @odata.type +-- ----------- --------------- ----------- +aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Helpdesk Application 10/17/2024 5:05:54 AM #microsoft.graph.application +bbbbbbbb-1111-2222-3333-cccccccccccc Contoso Group 10/21/2024 6:25:19 PM #microsoft.graph.group +cccccccc-2222-3333-4444-dddddddddddd ClaimIssuancePolicy #microsoft.graph.tokenLifetimePolicy +ffffffff-4444-5555-6666-gggggggggggg Contoso Marketing App 10/23/2024 3:17:14 PM #microsoft.graph.application ``` This example retrieves objects owned by the specified user. - `-UserId` Parameter specifies the ID of a user as a UserPrincipalName or UserId. -### Example 2: Get objects owned by a user with additional details +### Example 2: Get all objects owned by a user ```powershell Connect-Entra -Scopes 'User.Read' -$ownedObjects = Get-EntraBetaUserOwnedObject -ObjectId 'SawyerM@contoso.com' - -$objectDetails = $ownedObjects | ForEach-Object { - $objectDetail = Get-EntraBetaObjectByObjectId -ObjectIds $_.Id - [PSCustomObject]@{ - odataType = $objectDetail.'@odata.type' - displayName = $objectDetail.displayName - Id = $objectDetail.Id - } -} -$objectDetails | Format-Table -Property odataType, displayName, Id -AutoSize +Get-EntraBetaUserOwnedObject -UserId 'SawyerM@contoso.com' -All | + Select-Object Id, displayName, createdDateTime, '@odata.type' | + Format-Table -AutoSize ``` ```Output -odataType displayName Id ---------- ----------- -- -#microsoft.graph.group Contoso FTE Group bbbbbbbb-1111-2222-3333-cccccccccccc -#microsoft.graph.group Digital Engineering Group aaaaaaaa-1111-1111-1111-000000000000 -``` - -This example retrieves objects owned by the specified user with more lookup details. - -### Example 3: Get all objects owned by a user - -```powershell -Connect-Entra -Scopes 'User.Read' -Get-EntraBetaUserOwnedObject -UserId 'SawyerM@contoso.com' -All -``` - -```Output -Id DeletedDateTime --- --------------- -bbbbbbbb-1111-2222-3333-cccccccccccc -aaaaaaaa-1111-1111-1111-000000000000 -cccccccc-2222-3333-4444-dddddddddddd +id displayName createdDateTime @odata.type +-- ----------- --------------- ----------- +aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Helpdesk Application 10/17/2024 5:05:54 AM #microsoft.graph.application +bbbbbbbb-1111-2222-3333-cccccccccccc Contoso Group 10/21/2024 6:25:19 PM #microsoft.graph.group +cccccccc-2222-3333-4444-dddddddddddd ClaimIssuancePolicy #microsoft.graph.tokenLifetimePolicy +ffffffff-4444-5555-6666-gggggggggggg Contoso Marketing App 10/23/2024 3:17:14 PM #microsoft.graph.application ``` This example retrieves all the objects owned by the specified user. - `-UserId` parameter specifies the ID of a user as a UserPrincipalName or UserId. -### Example 4: Get top three objects owned by a user +### Example 3: Get top three objects owned by a user ```powershell Connect-Entra -Scopes 'User.Read' -Get-EntraBetaUserOwnedObject -UserId 'SawyerM@contoso.com' -Top 3 +Get-EntraBetaUserOwnedObject -UserId 'SawyerM@contoso.com' -Top 3 | + Select-Object Id, displayName, createdDateTime, '@odata.type' | + Format-Table -AutoSize ``` ```Output -Id DeletedDateTime --- --------------- -bbbbbbbb-1111-2222-3333-cccccccccccc -aaaaaaaa-1111-1111-1111-000000000000 -cccccccc-2222-3333-4444-dddddddddddd +id displayName createdDateTime @odata.type +-- ----------- --------------- ----------- +aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Helpdesk Application 10/17/2024 5:05:54 AM #microsoft.graph.application +bbbbbbbb-1111-2222-3333-cccccccccccc Contoso Group 10/21/2024 6:25:19 PM #microsoft.graph.group +cccccccc-2222-3333-4444-dddddddddddd ClaimIssuancePolicy #microsoft.graph.tokenLifetimePolicy ``` This example retrieves the top three objects owned by the specified user. diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaUser.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaUser.md index f696db96b..d4649c525 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaUser.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaUser.md @@ -73,11 +73,11 @@ The `New-EntraBetaUser` cmdlet creates a user in Microsoft Entra ID. Specify the ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' -$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile -$PasswordProfile.Password = '' +$passwordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile +$passwordProfile.Password = '' $params = @{ DisplayName = 'New User' - PasswordProfile = $PasswordProfile + PasswordProfile = $passwordProfile UserPrincipalName = 'NewUser@contoso.com' AccountEnabled = $true MailNickName = 'Newuser' @@ -98,11 +98,11 @@ This command creates a new user. ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' -$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile -$PasswordProfile.Password = '' +$passwordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile +$passwordProfile.Password = '' $params = @{ DisplayName = 'New User' - PasswordProfile = $PasswordProfile + PasswordProfile = $passwordProfile UserPrincipalName = 'NewUser@contoso.com' AccountEnabled = $true MailNickName = 'Newuser' @@ -124,11 +124,11 @@ This command creates a new user. ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' -$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile -$PasswordProfile.Password = '' +$passwordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile +$passwordProfile.Password = '' $params = @{ DisplayName = 'New User' - PasswordProfile = $PasswordProfile + PasswordProfile = $passwordProfile UserPrincipalName = 'NewUser@contoso.com' AccountEnabled = $true MailNickName = 'Newuser' @@ -150,11 +150,11 @@ This command creates a new user. ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' -$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile -$PasswordProfile.Password = '' +$passwordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile +$passwordProfile.Password = '' $params = @{ DisplayName = 'New User' - PasswordProfile = $PasswordProfile + PasswordProfile = $passwordProfile UserPrincipalName = 'NewUser@contoso.com' AccountEnabled = $true MailNickName = 'Newuser' @@ -176,11 +176,11 @@ This command creates a new user. ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' -$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile -$PasswordProfile.Password = '' +$passwordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile +$passwordProfile.Password = '' $params = @{ DisplayName = 'New User' - PasswordProfile = $PasswordProfile + PasswordProfile = $passwordProfile UserPrincipalName = 'NewUser@contoso.com' AccountEnabled = $true MailNickName = 'Newuser' @@ -334,8 +334,7 @@ Accept wildcard characters: False ### -ImmutableId -This property is used to associate an on-premises user account to their Microsoft Entra ID user object. -This property must be specified when creating a new user account in the Graph if you're using a federated domain for the user's userPrincipalName (UPN) property. +This property links an on-premises user account to its Microsoft Entra ID object and is required when creating a new user in Microsoft Graph if the user's userPrincipalName (UPN) is in a federated domain. Important: The $ and _ characters can't be used when specifying this property. @@ -458,19 +457,19 @@ The parameter type for this parameter is "PasswordProfile". In order to pass a parameter of this type, you first need to create a variable in PowerShell with that type: -$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile +$passwordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile Then you can proceed to set the value of the password in this variable: -$PasswordProfile.Password = "\" +$passwordProfile.Password = "\" And finally you can pass this variable to the cmdlet: -New-EntraBetaUser -PasswordProfile $PasswordProfile ... +New-EntraBetaUser -PasswordProfile $passwordProfile ... Other attributes that can be set in the PasswordProfile are -- $PasswordProfile.EnforceChangePasswordPolicy - a boolean indicating that the change password policy is enababled or disabled for this user $PasswordProfile. +- $passwordProfile.EnforceChangePasswordPolicy - a boolean indicating that the change password policy is enababled or disabled for this user $passwordProfile. - ForceChangePasswordNextLogin - a boolean indicating that the user must change the password at the next sign in. diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaUserAppRoleAssignment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaUserAppRoleAssignment.md index 380480df0..729f73672 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaUserAppRoleAssignment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaUserAppRoleAssignment.md @@ -37,13 +37,16 @@ New-EntraBetaUserAppRoleAssignment The `New-EntraBetaUserAppRoleAssignment` cmdlet assigns a user to an application role in Microsoft Entra ID. -To grant an app role assignment to a user, you need three identifiers: +In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. Supported roles include: -- PrincipalId: The ID of the user to whom you are assigning the app role. - -- ResourceId: The ID of the resource servicePrincipal that defines the app role. - -- Id: The ID of the appRole (defined on the resource service principal) to assign to the user. +- Directory Synchronization Accounts (for Entra Connect and Cloud Sync) +- Directory Writer +- Hybrid Identity Administrator +- Identity Governance Administrator +- Privileged Role Administrator +- User Administrator +- Application Administrator +- Cloud Application Administrator ## Examples @@ -55,9 +58,9 @@ $appId = (Get-EntraApplication -SearchString '').AppId $user = Get-EntraBetaUser -searchstring 'NewUser' $servicePrincipal = Get-EntraBetaServicePrincipal -Filter "appId eq '$appId'" $params = @{ - ObjectId = $user.ObjectId - PrincipalId = $user.ObjectId - ResourceId = $servicePrincipal.ObjectId + ObjectId = $user.Id + PrincipalId = $user.Id + ResourceId = $servicePrincipal.Id Id = ([Guid]::Empty) } New-EntraBetaUserAppRoleAssignment @params @@ -69,10 +72,7 @@ Id AppRoleId ZwFW_R__GkeNdDsAcKvOoerWWY8NKDJGlIgS4FjeyXQ 00000000-0000-0000-0000-000000000000 08-08-2024 05:40:06 Conf Room Adams aaaaaaaa-bbbb-cccc-1111-222222222222 User ResourceDisplayName 07188127-baa9-4f… ``` -This command assigns a user to an application that doesn't have any roles. -You can use the command `Get-EntraBetaUser` to get user object ID. -You can use the command `Get-EntraBetaApplication` to get application ID. -You can use the command `Get-EntraBetaServicePrincipal` to get service principal object ID. +This command assigns a user to an application that doesn't have any roles. - `-ObjectId` parameter specifies the ID of a user to whom you are assigning the app role. - `-PrincipalId` parameter specifies the ID of a user to whom you are assigning the app role. @@ -83,17 +83,17 @@ You can use the command `Get-EntraBetaServicePrincipal` to get service principal ```powershell Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All' -$userName = 'SawyerM@contoso.com' -$appName = 'Box' -$appId = Get-EntraBetaApplication -Filter "DisplayName eq '$appName'" -$spo = Get-EntraBetaServicePrincipal -All | Where-Object {$_.AppId -eq $appId.AppId } -$user = Get-EntraBetaUser -Filter "userPrincipalName eq '$userName'" + +$servicePrincipal = Get-EntraBetaServicePrincipal -Filter "displayName eq 'Box'" +$user = Get-EntraBetaUser -UserId 'SawyerM@contoso.com' + $params = @{ - ObjectId = $user.ObjectId - PrincipalId = $user.ObjectId - ResourceId = $spo.ObjectId - Id = $appId.AppRoles.Id + ObjectId = $user.Id + PrincipalId = $user.Id + ResourceId = $servicePrincipal.Id + Id = $servicePrincipal.AppRoles[1].Id } + New-EntraBetaUserAppRoleAssignment @params ``` @@ -103,9 +103,7 @@ Id AppRoleId Idn1u1K7S0OWoJWIjkT69Stnjqd1iblKlg-GoqVkNlM cbbf6a32-6dcd-4f22-9be7-ffb128119fae 08-08-2024 08:13:26 Test One Updated bbbbbbbb-cccc-dddd-2222-333333333333 User M365 License Manager 0008861a-d455-4… ``` -This example demonstrates how to assign a user to an application role in Microsoft Entra ID. -You can use the command `Get-EntraBetaUser` to get user object ID. -You can use the command `Get-EntraBetaServicePrincipal` to get service principal object ID. +This example demonstrates how to assign a user to an application role in Microsoft Entra ID. - `-ObjectId` parameter specifies the ID of a user to whom you are assigning the app role. - `-PrincipalId` parameter specifies the ID of a user to whom you are assigning the app role. diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaUser.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaUser.md index 360fc1395..8d1d9fe01 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaUser.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaUser.md @@ -49,6 +49,15 @@ Remove-EntraBetaUser -UserId 'SawyerM@Contoso.com' This command removes the specified user in Microsoft Entra ID. +### Example 2: Remove a user based on search results + +```powershell +Connect-Entra -Scopes 'User.ReadWrite.All' +Get-EntraBetaUser -UserId 'SawyerM@Contoso.com' | Remove-EntraBetaUser +``` + +This command removes the specified user in Microsoft Entra ID. + ## Parameters ### -UserId diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaUserAppRoleAssignment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaUserAppRoleAssignment.md index 8aeebe6f3..101c11f60 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaUserAppRoleAssignment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaUserAppRoleAssignment.md @@ -34,17 +34,26 @@ Remove-EntraBetaUserAppRoleAssignment The `Remove-EntraBetaUserAppRoleAssignment` cmdlet removes a user application role assignment in Microsoft Entra ID. +In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. Supported roles include: + +- Directory Synchronization Accounts (for Entra Connect and Cloud Sync) +- Directory Writer +- Hybrid Identity Administrator +- Identity Governance Administrator +- Privileged Role Administrator +- User Administrator +- Application Administrator +- Cloud Application Administrator + ## Examples ### Example 1: Remove user app role assignment ```powershell Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All' -$RemoveAppRoleParams = @{ - ObjectId = 'SawyerM@Contoso.com' - AppRoleAssignmentId = 'C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w' -} -Remove-EntraBetaUserAppRoleAssignment @RemoveAppRoleParams +$assignment = Get-EntraBetaUserAppRoleAssignment -ObjectId 'SawyerM@Contoso.com' | + Where-Object {$_.ResourceDisplayName -eq 'Helpdesk Application' -and $_.PrincipalType -eq 'User'} +Remove-EntraBetaUserAppRoleAssignment -ObjectId 'SawyerM@Contoso.com' -AppRoleAssignmentId $assignment.Id ``` This example demonstrates how to Remove the user app role assignment in Microsoft Entra ID. diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaUserExtension.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaUserExtension.md index aeec817a8..e41a98253 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaUserExtension.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaUserExtension.md @@ -51,11 +51,7 @@ The `Remove-EntraBetaUserExtension` cmdlet removes a user extension from Microso ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' -$Params = @{ - ObjectId = 'SawyerM@Contoso.com' - ExtensionName = 'Test Extension' -} -Remove-EntraBetaUserExtension @Params +Remove-EntraBetaUserExtension -ObjectId 'SawyerM@Contoso.com' -ExtensionName 'Test Extension' ``` This example demonstrates how to remove a user extension from Microsoft Entra ID. diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaUserManager.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaUserManager.md index 728d68067..ff2ff9394 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaUserManager.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaUserManager.md @@ -40,14 +40,23 @@ The `Remove-EntraBetaUserManager` cmdlet removes a user's manager in Microsoft E ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' -$User = Get-EntraBetaUser -UserId 'SawyerM@Contoso.com' -Remove-EntraBetaUserManager -UserId $User.ObjectId +$user = Get-EntraBetaUser -UserId 'SawyerM@Contoso.com' +Remove-EntraBetaUserManager -UserId $user.Id ``` This example shows how to remove a user's manager. You can use `Get-EntraBetaUser` command to get the user's details. +### Example 2: Remove the manager of a user via pipelining + +```powershell +Connect-Entra -Scopes 'User.ReadWrite.All' +Get-EntraBetaUser -UserId 'SawyerM@Contoso.com' | Remove-EntraBetaUserManager +``` + +This example shows how to remove a user's manager. + ## Parameters ### -UserId diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaUser.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaUser.md index 467d9f405..0d1b399f5 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaUser.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaUser.md @@ -68,12 +68,7 @@ The `Set-EntraBetaUser` cmdlet updates a user in Microsoft Entra ID. Specify the ```powershell Connect-Entra -Scopes 'User.ReadWrite.All','Directory.AccessAsUser.All' -$user = Get-EntraBetaUser -UserId 'SawyerM@contoso.com' -$params = @{ - UserId = $user.ObjectId - DisplayName = 'Updated user Name' -} -Set-EntraBetaUser @params +Set-EntraBetaUser -UserId 'SawyerM@contoso.com' -DisplayName 'Updated user Name' ``` This example updates the specified user's Display name parameter. @@ -84,11 +79,7 @@ This example updates the specified user's Display name parameter. ```powershell Connect-Entra -Scopes 'User.ReadWrite.All','Directory.AccessAsUser.All' -$params = @{ - UserId = 'SawyerM@contoso.com' - AccountEnabled = $true -} -Set-EntraBetaUser @params +Set-EntraBetaUser -UserId 'SawyerM@contoso.com' -AccountEnabled $true ``` This example updates the specified user's AccountEnabled parameter. @@ -124,7 +115,7 @@ $params = @{ JobTitle = 'Manager' MailNickName = 'Add mailnickname' Mobile = '9984534564' - OtherMails = 'test12@M365x99297270.OnMicrosoft.com' + OtherMails = 'test12@Contoso.com' PasswordPolicies = 'DisableStrongPassword' State = 'UP' StreetAddress = 'Add address' diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaUserExtension.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaUserExtension.md index c23211770..4c4fc2664 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaUserExtension.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaUserExtension.md @@ -53,12 +53,9 @@ The `Set-EntraBetaUserExtension` cmdlet updates a user extension in Microsoft En ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' -$params = @{ - ObjectId = 'SawyerM@contoso.com' - ExtensionName = 'extension_e5e29b8a85d941eab8d12162bd004528_extensionAttribute8' - ExtensionValue = 'New Value' -} -Set-EntraBetaUserExtension @params +$extensionName = 'extension_e5e29b8a85d941eab8d12162bd004528_extensionAttribute8' +$extensionValue = 'New Value' +Set-EntraBetaUserExtension -ObjectId 'SawyerM@contoso.com' -ExtensionName $extensionName -ExtensionValue $extensionValue ``` This example shows how to update the value of the extension attribute for a specified user. diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaUserLicense.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaUserLicense.md index 3b653a5d4..3d55c7889 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaUserLicense.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaUserLicense.md @@ -42,7 +42,7 @@ For delegated scenarios, the calling user needs at least one of the following Mi - User Administrator **Note**: Before assigning a license, assign a usage location to the user using: -`Set-EntraUser -ObjectId user@contoso.com -UsageLocation ''`. +`Set-EntraBetaUser -UserId user@contoso.com -UsageLocation ''`. ## Examples @@ -50,16 +50,19 @@ For delegated scenarios, the calling user needs at least one of the following Mi ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' -$LicensedUser = Get-EntraBetaUser -ObjectId 'TemplateUser@contoso.com' -$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense -$License.SkuId = $LicensedUser.AssignedLicenses.SkuId -$Licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses -$Licenses.AddLicenses = $License -$Params = @{ - ObjectId = 'SawyerM@contoso.com' - AssignedLicenses = $Licenses + +$licensedUser = Get-EntraBetaUser -UserId 'TemplateUser@contoso.com' +$targetUser = Get-EntraBetaUser -UserId 'SawyerM@contoso.com' + +$sourceUserLicenses = $licensedUser.AssignedLicenses + +$licensesToAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses +foreach ($license in $sourceUserLicenses) { + $assignedLicense = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense + $assignedLicense.SkuId = $license.SkuId + $licensesToAssign.AddLicenses= $assignedLicense + Set-EntraBetaUserLicense -UserId $targetUser.Id -AssignedLicenses $licensesToAssign } -Set-EntraBetaUserLicense @Params ``` ```Output @@ -82,7 +85,7 @@ isLicenseReconciliationNeeded False This example demonstrates how to assign a license to a user based on a template user. -- `-ObjectId` parameter specifies the object Id of a user(as a UserPrincipalName or ObjectId). +- `-UserId` parameter specifies the object Id of a user(as a UserPrincipalName or ObjectId). - `-AssignedLicenses` parameter specifies a list of licenses to assign or remove. ### Example 2: Add a license to a user by copying license from another user @@ -105,6 +108,19 @@ $Params = @{ AssignedLicenses = $Licenses } Set-EntraBetaUserLicense @Params + +$licensedUser = Get-EntraUser -UserId 'AdeleV@contoso.com' +$user = Get-EntraUser -UserId 'SawyerM@contoso.com' +$license1 = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense +$license1.SkuId = $licensedUser.AssignedLicenses.SkuId[0] +$license2 = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense +$license2.SkuId = $licensedUser.AssignedLicenses.SkuId[1] +$addLicensesArray = @() +$addLicensesArray += $license1 +$addLicensesArray += $license2 +$licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses +$licenses.AddLicenses = $addLicensesArray +Set-EntraBetaUserLicense -UserId $user.Id -AssignedLicenses $licenses ``` ```Output @@ -127,19 +143,20 @@ isLicenseReconciliationNeeded False This example demonstrates how to assign a license to a user by copying license from another user. -- `-ObjectId` parameter specifies the object Id of a user(as a UserPrincipalName or ObjectId). +- `-UserId` parameter specifies the object Id of a user(as a UserPrincipalName or ObjectId). - `-AssignedLicenses` parameter specifies a list of licenses to assign or remove. ### Example 3: Remove an assigned User's License ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' -$UserPrincipalName = 'SawyerM@contoso.com' -$User = Get-EntraBetaUser -ObjectId $UserPrincipalName -$SkuId = (Get-EntraBetaUserLicenseDetail -ObjectId $UserPrincipalName).SkuId -$Licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses -$Licenses.RemoveLicenses = $SkuId -Set-EntraBetaUserLicense -ObjectId $User.ObjectId -AssignedLicenses $Licenses + +$userPrincipalName = 'SawyerM@contoso.com' +$user = Get-EntraBetaUser -UserId $userPrincipalName +$skuId = (Get-EntraBetaUserLicenseDetail -UserId $userPrincipalName).SkuId +$licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses +$licenses.RemoveLicenses = $skuId +Set-EntraBetaUserLicense -UserId $user.Id -AssignedLicenses $licenses ``` ```Output @@ -161,9 +178,40 @@ givenName Sawyer This example demonstrates how to remove a user's license by retrieving the user details. -- `-ObjectId` parameter specifies the object Id of a user(as a UserPrincipalName or ObjectId). +- `-UserId` parameter specifies the object Id of a user(as a UserPrincipalName or ObjectId). - `-AssignedLicenses` parameter specifies a list of licenses to assign or remove. +### Example 4: Bulk Assign Licenses to Multiple Users + +```powershell +Connect-Entra -Scopes 'Organization.ReadWrite.All' + +# Retrieve the SkuId for the desired license plans +$skuId1 = (Get-EntraBetaSubscribedSku | Where-Object { $_.SkuPartNumber -eq 'AAD_PREMIUM_P2' }).SkuId +$skuId2 = (Get-EntraBetaSubscribedSku | Where-Object { $_.SkuPartNumber -eq 'EMS' }).SkuId + +# Define the user to whom the licenses will be assigned +$users = ('AljosaH@Contoso.com','PalameeC@Contoso.com') + +# You can, alternatively, import users from a csv file. For this example, the CSV should have a column named 'user' +$users = Import-Csv -Path "C:\path\to\your\users.csv" | Select-Object -ExpandProperty user + +# Create license assignment objects +$license1 = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense +$license1.SkuId = $skuId1 + +$license2 = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense +$license2.SkuId = $skuId2 + +$licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses +$licenses.AddLicenses = $license1, $license2 + +# Assign the licenses to each user +foreach ($user in $users$users) { + Set-EntraBetaUserLicense -UserId $user -AssignedLicenses $licenses +} +``` + ## Parameters ### -AssignedLicenses diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaUserManager.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaUserManager.md index b7e37a4c6..6463bbb92 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaUserManager.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaUserManager.md @@ -41,11 +41,7 @@ The `Set-EntraBetaUserManager` cmdlet update the manager for a user in Microsoft ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' $manager = Get-EntraBetaUser -UserId 'Manager@contoso.com' -$params = @{ - UserId = 'bbbbbbbb-1111-2222-3333-cccccccccccc' - RefObjectId = '55ff55ff-aa66-bb77-cc88-99dd99dd99dd' -} -Set-EntraBetaUserManager @params +Set-EntraBetaUserManager -UserId 'SawyerM@contoso.com' -RefObjectId $manager.Id ``` This example demonstrates how to update the manager for the specified user. diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaUserThumbnailPhoto.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaUserThumbnailPhoto.md index 41b188663..363bf1f67 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaUserThumbnailPhoto.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaUserThumbnailPhoto.md @@ -63,11 +63,7 @@ Updating any user's photo in the organization requires the User.ReadWrite.All pe ```powershell Connect-Entra -Scopes 'User.ReadWrite','User.ReadWrite.All' -$params = @{ - UserId = 'SawyerM@contoso.com' - FilePath = 'D:\UserThumbnailPhoto.jpg' -} -Set-EntraBetaUserThumbnailPhoto @params +Set-EntraBetaUserThumbnailPhoto -UserId -FilePath 'D:\UserThumbnailPhoto.jpg' ``` This example sets the thumbnail photo of the user specified with the UserId parameter to the image specified with the FilePath parameter. diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Update-EntraBetaSignedInUserPassword.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Update-EntraBetaSignedInUserPassword.md index c444c40a7..ab971b96e 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Update-EntraBetaSignedInUserPassword.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Update-EntraBetaSignedInUserPassword.md @@ -42,13 +42,9 @@ Enable users to update their own passwords. Any user can change their password w ```powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All' -$CurrentPassword = ConvertTo-SecureString '' -AsPlainText -Force -$NewPassword = ConvertTo-SecureString '' -AsPlainText -Force -$params = @{ - CurrentPassword = $CurrentPassword - NewPassword = $NewPassword -} -Update-EntraBetaSignedInUserPassword @params +$currentPassword = ConvertTo-SecureString '' -AsPlainText -Force +$newPassword = ConvertTo-SecureString '' -AsPlainText -Force +Update-EntraBetaSignedInUserPassword -CurrentPassword $currentPassword -NewPassword $newPassword ``` This example shows how to update the password for the signed-in user. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserAppRoleAssignment.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserAppRoleAssignment.md index 5ad745b39..b3eef0565 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserAppRoleAssignment.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserAppRoleAssignment.md @@ -37,23 +37,36 @@ Get-EntraUserAppRoleAssignment The `Get-EntraUserAppRoleAssignment` cmdlet gets a user application role assignment. +To perform this operation in delegated scenarios using work or school accounts, the signed-in user must have one of the following least privileged roles, or a custom role with the necessary permissions: + +- Guest Inviter - Read app role assignments for users only +- Directory Readers +- Directory Synchronization Accounts - for Microsoft Entra Connect and Microsoft Entra Cloud Sync services +- Directory Writer +- Hybrid Identity Administrator +- Identity Governance Administrator +- Privileged Role Administrator +- User Administrator +- Application Administrator +- Cloud Application Administrator + ## Examples ### Example 1: Get a user application role assignment ```powershell Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All','Directory.Read.All' -$UserId = (Get-EntraUser -Top 1).ObjectId -Get-EntraUserAppRoleAssignment -ObjectId $UserId +$user = Get-EntraUser -UserId 'SawyerM@contoso.com' +Get-EntraUserAppRoleAssignment -ObjectId $user.Id ``` ```Output -DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName ---------------- -- --------- --------------- -------------------- ----------- ------------- ------------------- - 0ekrQWAUYUCO7cyiA_A1bC2dE3fH4i 00001111-aaaa-2222-bbbb-3333cccc4444 31-07-2023 04:29:57 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-1 - 0ekrQWAUYUCO7cyiA_C2dE3fH4iJ5k 11112222-bbbb-3333-cccc-4444dddd5555 12-07-2023 10:09:17 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-2 - 0ekrQWAUYUCO7cyiA_H4iJ5kL6mN7o 22223333-cccc-4444-dddd-5555eeee6666 13-09-2023 16:41:53 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-5 - 0ekrQWAUYUCO7cyiA_J5kL6mN7oP8q 33334444-dddd-5555-eeee-6666ffff7777 13-09-2023 17:28:17 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-7 +DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName +--------------- -- --------- --------------- -------------------- ----------- ------------- ------------------- + 0ekrQWAUYUCO7cyiA_A1bC2dE3fH4i 00001111-aaaa-2222-bbbb-3333cccc4444 31-07-2023 04:29:57 Sawyer Miller aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-1 + 0ekrQWAUYUCO7cyiA_C2dE3fH4iJ5k 11112222-bbbb-3333-cccc-4444dddd5555 12-07-2023 10:09:17 Sawyer Miller aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-2 + 0ekrQWAUYUCO7cyiA_H4iJ5kL6mN7o 22223333-cccc-4444-dddd-5555eeee6666 13-09-2023 16:41:53 Sawyer Miller aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-5 + 0ekrQWAUYUCO7cyiA_J5kL6mN7oP8q 33334444-dddd-5555-eeee-6666ffff7777 13-09-2023 17:28:17 Sawyer Miller aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-7 ``` @@ -65,16 +78,17 @@ This example retrieves a user application role assignment for the user in $UserI ```powershell Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All','Directory.Read.All' -Get-EntraUserAppRoleAssignment -ObjectId 'aaaaaaaa-bbbb-cccc-1111-222222222222' -All +$user = Get-EntraUser -UserId 'SawyerM@contoso.com' +Get-EntraUserAppRoleAssignment -ObjectId $user.Id -All ``` ```Output -DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName ---------------- -- --------- --------------- -------------------- ----------- ------------- ------------------- - 0ekrQWAUYUCO7cyiA_A1bC2dE3fH4i 00001111-aaaa-2222-bbbb-3333cccc4444 31-07-2023 04:29:57 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-1 - 0ekrQWAUYUCO7cyiA_C2dE3fH4iJ5k 11112222-bbbb-3333-cccc-4444dddd5555 12-07-2023 10:09:17 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-2 - 0ekrQWAUYUCO7cyiA_H4iJ5kL6mN7o 22223333-cccc-4444-dddd-5555eeee6666 13-09-2023 16:41:53 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-5 - 0ekrQWAUYUCO7cyiA_J5kL6mN7oP8q 33334444-dddd-5555-eeee-6666ffff7777 13-09-2023 17:28:17 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-7 +DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName +--------------- -- --------- --------------- -------------------- ----------- ------------- ------------------- + 0ekrQWAUYUCO7cyiA_A1bC2dE3fH4i 00001111-aaaa-2222-bbbb-3333cccc4444 31-07-2023 04:29:57 Sawyer Miller aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-1 + 0ekrQWAUYUCO7cyiA_C2dE3fH4iJ5k 11112222-bbbb-3333-cccc-4444dddd5555 12-07-2023 10:09:17 Sawyer Miller aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-2 + 0ekrQWAUYUCO7cyiA_H4iJ5kL6mN7o 22223333-cccc-4444-dddd-5555eeee6666 13-09-2023 16:41:53 Sawyer Miller aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-5 + 0ekrQWAUYUCO7cyiA_J5kL6mN7oP8q 33334444-dddd-5555-eeee-6666ffff7777 13-09-2023 17:28:17 Sawyer Miller aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-7 ``` This example demonstrates how to retrieve all application role assignment for the specified user. @@ -89,10 +103,10 @@ Get-EntraUserAppRoleAssignment -ObjectId 'aaaaaaaa-bbbb-cccc-1111-222222222222' ``` ```Output -DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName ---------------- -- --------- --------------- -------------------- ----------- ------------- ------------------- - 0ekrQWAUYUCO7cyiA_A1bC2dE3fH4i 00001111-aaaa-2222-bbbb-3333cccc4444 31-07-2023 04:29:57 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-1 - 0ekrQWAUYUCO7cyiA_C2dE3fH4iJ5k 11112222-bbbb-3333-cccc-4444dddd5555 12-07-2023 10:09:17 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-2 +DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName +--------------- -- --------- --------------- -------------------- ----------- ------------- ------------------- + 0ekrQWAUYUCO7cyiA_A1bC2dE3fH4i 00001111-aaaa-2222-bbbb-3333cccc4444 31-07-2023 04:29:57 Sawyer Miller aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-1 + 0ekrQWAUYUCO7cyiA_C2dE3fH4iJ5k 11112222-bbbb-3333-cccc-4444dddd5555 12-07-2023 10:09:17 Sawyer Miller aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-2 ``` This example demonstrates how to retrieve top two application role assignment for the specified user. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserDirectReport.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserDirectReport.md index 0a4ea05e0..1fa21bf93 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserDirectReport.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserDirectReport.md @@ -44,16 +44,16 @@ The `Get-EntraUserDirectReport` cmdlet gets the direct reports for a user in Mic ```powershell Connect-Entra -Scopes 'User.Read','User.Read.All' -Get-EntraUserDirectReport -UserId 'SawyerM@contoso.com' +Get-EntraUserDirectReport -UserId 'SawyerM@contoso.com' | + Select-Object Id, displayName, userPrincipalName, createdDateTime, accountEnabled, userType | + Format-Table -AutoSize ``` ```Output -Id DeletedDateTime --- --------------- -aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb -bbbbbbbb-1111-2222-3333-cccccccccccc -cccccccc-2222-3333-4444-dddddddddddd -dddddddd-3333-4444-5555-eeeeeeeeeeee +id displayName userPrincipalName createdDateTime accountEnabled userType +-- ----------- ----------------- --------------- -------------- -------- +bbbbbbbb-1111-2222-3333-cccccccccccc Christie Cline ChristieC@Contoso.com 10/7/2024 12:32:25 AM True Member +aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Isaiah Langer IsaiahL@Contoso.com 10/7/2024 12:33:16 AM True Member ``` This example demonstrates how to retrieve direct reports for a user in Microsoft Entra ID. @@ -64,14 +64,16 @@ This example demonstrates how to retrieve direct reports for a user in Microsoft ```powershell Connect-Entra -Scopes 'User.Read','User.Read.All' -Get-EntraUserDirectReport -UserId 'SawyerM@contoso.com' -All +Get-EntraUserDirectReport -UserId 'SawyerM@contoso.com' -All | + Select-Object Id, displayName, userPrincipalName, createdDateTime, accountEnabled, userType | + Format-Table -AutoSize ``` ```Output -Id DeletedDateTime --- --------------- -bbbbbbbb-1111-2222-3333-cccccccccccc -aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb +id displayName userPrincipalName createdDateTime accountEnabled userType +-- ----------- ----------------- --------------- -------------- -------- +bbbbbbbb-1111-2222-3333-cccccccccccc Christie Cline ChristieC@Contoso.com 10/7/2024 12:32:25 AM True Member +aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Isaiah Langer IsaiahL@Contoso.com 10/7/2024 12:33:16 AM True Member ``` This example demonstrates how to retrieve all direct reports for a user in Microsoft Entra ID. @@ -82,14 +84,16 @@ This example demonstrates how to retrieve all direct reports for a user in Micro ```powershell Connect-Entra -Scopes 'User.Read','User.Read.All' -Get-EntraUserDirectReport -UserId 'SawyerM@contoso.com' -Top 2 +Get-EntraUserDirectReport -UserId 'SawyerM@contoso.com' -Top 2 | + Select-Object Id, displayName, userPrincipalName, createdDateTime, accountEnabled, userType | + Format-Table -AutoSize ``` ```Output -Id DeletedDateTime --- --------------- -bbbbbbbb-1111-2222-3333-cccccccccccc -aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb +id displayName userPrincipalName createdDateTime accountEnabled userType +-- ----------- ----------------- --------------- -------------- -------- +bbbbbbbb-1111-2222-3333-cccccccccccc Christie Cline ChristieC@Contoso.com 10/7/2024 12:32:25 AM True Member +aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Isaiah Langer IsaiahL@Contoso.com 10/7/2024 12:33:16 AM True Member ``` This example demonstrates how to retrieve top five direct reports for a user in Microsoft Entra ID. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserExtension.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserExtension.md index 96b66cd87..726f190a3 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserExtension.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserExtension.md @@ -41,8 +41,7 @@ The Get-EntraUserExtension cmdlet gets a user extension in Microsoft Entra ID. ```powershell Connect-Entra -Scopes 'User.Read' -$UserId = (Get-EntraUser -ObjectId 'SawyerM@contoso.com').ObjectId -Get-EntraUserExtension -UserId $UserId +Get-EntraUserExtension -UserId 'SawyerM@contoso.com' ``` ```Output @@ -54,7 +53,7 @@ identities : {@{signInType=userPrincipalName; issuerAssignedId= userIdentities : {@{signInType=userPrincipalName; issuerAssignedId=SawyerM@contoso.com; issuer=SawyerM@contoso.com}} ``` -This example shows how to retrieve the extension attributes for a specified user. You can use the command `Get-EntraUser` to get user object Id. +This example shows how to retrieve the extension attributes for a specified user. - `-UserId` parameter specifies the user object Id. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserLicenseDetail.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserLicenseDetail.md index 6dbad4066..fe8f398da 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserLicenseDetail.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserLicenseDetail.md @@ -35,6 +35,14 @@ Get-EntraUserLicenseDetail This cmdlet retrieves license details for a user. +In delegated scenarios with work or school accounts, the signed-in user needs a supported Microsoft Entra role or a custom role with the `microsoft.directory/users/licenseDetails/read` permission. The following least privileged roles support this operation: + +- Guest Inviter +- Directory Readers +- Directory Writers +- License Administrator +- User Administrator + ## Examples ### Example 1: Retrieve user license details diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserManager.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserManager.md index a72d6f6dd..6601e70a0 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserManager.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserManager.md @@ -43,21 +43,15 @@ The `Get-EntraUserManager` cmdlet gets the manager of a user in Microsoft Entra ```powershell Connect-Entra -Scopes 'User.Read.All' -Get-EntraUserManager -UserId 'SawyerM@contoso.com' +Get-EntraUserManager -UserId 'SawyerM@contoso.com' | + Select-Object Id, displayName, userPrincipalName, createdDateTime, accountEnabled, userType | + Format-Table -AutoSize ``` ```Output -DeletedDateTime : -Id : 00aa00aa-bb11-cc22-dd33-44ee44ee44ee -@odata.context : https://graph.microsoft.com/beta/$metadata#directoryObjects/$entity -@odata.type : #microsoft.graph.user -accountEnabled : True -businessPhones : {+1 858 555 0109} -city : San Diego -createdDateTime : 2023-07-07T14:18:05Z -country : United States -department : Sales & Marketing -displayName : Sawyer Miller +id displayName userPrincipalName createdDateTime accountEnabled userType +-- ----------- ----------------- --------------- -------------- -------- +00aa00aa-bb11-cc22-dd33-44ee44ee44ee Patti Fernandez PattiF@Contoso.com 10/7/2024 12:32:01 AM True Member ``` This example demonstrates how to retrieve the manager of a specific user. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserMembership.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserMembership.md index 0f685737a..a6f214b55 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserMembership.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserMembership.md @@ -43,18 +43,17 @@ The `Get-EntraUserMembership` cmdlet gets user memberships in Microsoft Entra ID ```powershell Connect-Entra -Scopes 'User.Read' -Get-EntraUserMembership -UserId 'SawyerM@contoso.com' +Get-EntraUserMembership -UserId 'SawyerM@contoso.com' | + Select-Object Id, displayName, createdDateTime, '@odata.type' | + Format-Table -AutoSize ``` ```Output -Id DeletedDateTime --- --------------- -00aa00aa-bb11-cc22-dd33-44ee44ee44ee -11bb11bb-cc22-dd33-ee44-55ff55ff55ff -22cc22cc-dd33-ee44-ff55-66aa66aa66aa -33dd33dd-ee44-ff55-aa66-77bb77bb77bb -44ee44ee-ff55-aa66-bb77-88cc88cc88cc -55ff55ff-aa66-bb77-cc88-99dd99dd99dd +Id displayName createdDateTime @odata.type +-- ----------- --------------- ----------- +00aa00aa-bb11-cc22-dd33-44ee44ee44ee Contoso 2024-10-06T08:49:16Z #microsoft.graph.group +22cc22cc-dd33-ee44-ff55-66aa66aa66aa Contoso marketing 2024-10-07T01:17:28Z #microsoft.graph.group +55ff55ff-aa66-bb77-cc88-99dd99dd99dd Pacific Admin Unit #microsoft.graph.administrativeUnit ``` This example demonstrates how to retrieve user memberships in Microsoft Entra ID. @@ -90,18 +89,17 @@ This example demonstrates how to retrieve user memberships in Microsoft Entra ID ```powershell Connect-Entra -Scopes 'User.Read' -Get-EntraUserMembership -UserId 'SawyerM@contoso.com' -All +Get-EntraUserMembership -UserId 'SawyerM@contoso.com' -All | + Select-Object Id, displayName, createdDateTime, '@odata.type' | + Format-Table -AutoSize ``` ```Output -Id DeletedDateTime --- --------------- -00aa00aa-bb11-cc22-dd33-44ee44ee44ee -11bb11bb-cc22-dd33-ee44-55ff55ff55ff -22cc22cc-dd33-ee44-ff55-66aa66aa66aa -33dd33dd-ee44-ff55-aa66-77bb77bb77bb -44ee44ee-ff55-aa66-bb77-88cc88cc88cc -55ff55ff-aa66-bb77-cc88-99dd99dd99dd +Id displayName createdDateTime @odata.type +-- ----------- --------------- ----------- +00aa00aa-bb11-cc22-dd33-44ee44ee44ee Contoso 2024-10-06T08:49:16Z #microsoft.graph.group +22cc22cc-dd33-ee44-ff55-66aa66aa66aa Contoso marketing 2024-10-07T01:17:28Z #microsoft.graph.group +55ff55ff-aa66-bb77-cc88-99dd99dd99dd Pacific Admin Unit #microsoft.graph.administrativeUnit ``` This example demonstrates how to retrieve users all memberships in Microsoft Entra ID. @@ -110,15 +108,17 @@ This example demonstrates how to retrieve users all memberships in Microsoft Ent ```powershell Connect-Entra -Scopes 'User.Read' -Get-EntraUserMembership -UserId 'SawyerM@contoso.com' -Top 3 +Get-EntraUserMembership -UserId 'SawyerM@contoso.com' -Top 3 | + Select-Object Id, displayName, createdDateTime, '@odata.type' | + Format-Table -AutoSize ``` ```Output -Id DeletedDateTime --- --------------- -00aa00aa-bb11-cc22-dd33-44ee44ee44ee -11bb11bb-cc22-dd33-ee44-55ff55ff55ff -22cc22cc-dd33-ee44-ff55-66aa66aa66aa +Id displayName createdDateTime @odata.type +-- ----------- --------------- ----------- +00aa00aa-bb11-cc22-dd33-44ee44ee44ee Contoso 2024-10-06T08:49:16Z #microsoft.graph.group +22cc22cc-dd33-ee44-ff55-66aa66aa66aa Contoso marketing 2024-10-07T01:17:28Z #microsoft.graph.group +55ff55ff-aa66-bb77-cc88-99dd99dd99dd Pacific Admin Unit #microsoft.graph.administrativeUnit ``` This example demonstrates how to retrieve users top three memberships in Microsoft Entra ID. @@ -127,14 +127,21 @@ This example demonstrates how to retrieve users top three memberships in Microso ```powershell Connect-Entra -Scopes 'User.Read.All' -$groups = Get-EntraUserMembership -ObjectId 'SawyerM@contoso.com' -$groups | Select-Object DisplayName, Id, GroupTypes, Visibility | Format-Table -AutoSize +Get-EntraUserMembership -UserId 'SawyerM@contoso.com' | + Where-Object {$_.'@odata.type' -eq '#microsoft.graph.group'} | + Select-Object Id, displayName, createdDateTime, groupTypes, securityEnabled, visibility, '@odata.type' | + Format-Table -AutoSize ``` ```Output -DisplayName Id GroupTypes Visibility ------------ -- ---------- ---------- -Contoso Group bbbbbbbb-1111-2222-3333-cccccccccccc {Unified} Public +Id displayName createdDateTime groupTypes securityEnabled visibility @odata.type +-- ----------- --------------- ---------- --------------- ---------- ----------- +00aa00aa-bb11-cc22-dd33-44ee44ee44ee Contoso 2024-10-06T08:49:16Z {Unified} False Public #microsoft.graph.group +11bb11bb-cc22-dd33-ee44-55ff55ff55ff Sales and Marketing 2024-10-07T00:43:47Z {Unified} True Public #microsoft.graph.group +22cc22cc-dd33-ee44-ff55-66aa66aa66aa Retail 2024-10-07T00:44:06Z {Unified} True Private #microsoft.graph.groupp +33dd33dd-ee44-ff55-aa66-77bb77bb77bb sg-Sales and Marketing 2024-10-07T00:45:16Z {} True #microsoft.graph.group +44ee44ee-ff55-aa66-bb77-88cc88cc88cc All Employees 2024-10-07T00:57:05Z {} False #microsoft.graph.group +55ff55ff-aa66-bb77-cc88-99dd99dd99dd Communications 2024-10-07T01:12:09Z {Unified} False Private #microsoft.graph.group ``` This example demonstrates how to retrieve the groups that a user is a member of. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserOAuth2PermissionGrant.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserOAuth2PermissionGrant.md index f09862a9c..811da2d5b 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserOAuth2PermissionGrant.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserOAuth2PermissionGrant.md @@ -85,7 +85,7 @@ HXFXwKLgoUC4rwbZbCDIdffW8XpadQNIoHik9aQxrVHR6StBYBRhQI7tzKID_LIV 00001111-aaaa-2 This example retrieves the OAuth2 permission grants for a user using All parameter. -- `-ObjectId` parameter specifies the user ID. +- `-UserId` parameter specifies the user ID. ### Example 3: Retrieve top one OAuth2 permission grant diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserOwnedObject.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserOwnedObject.md index cc4f9de59..558bece1f 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserOwnedObject.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserOwnedObject.md @@ -44,85 +44,61 @@ The `Get-EntraUserOwnedObject` cmdlet gets objects owned by a user in Microsoft ```powershell Connect-Entra -Scopes 'User.Read' -Get-EntraUserOwnedObject -UserId 'SawyerM@contoso.com' +Get-EntraUserOwnedObject -UserId 'SawyerM@contoso.com' | + Select-Object Id, displayName, createdDateTime, '@odata.type' | + Format-Table -AutoSize ``` ```Output -Id DeletedDateTime --- --------------- -aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb -bbbbbbbb-1111-2222-3333-cccccccccccc -cccccccc-2222-3333-4444-dddddddddddd -dddddddd-3333-4444-5555-eeeeeeeeeeee -ffffffff-4444-5555-6666-gggggggggggg -hhhhhhhh-5555-6666-7777-iiiiiiiiiiii +id displayName createdDateTime @odata.type +-- ----------- --------------- ----------- +aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Helpdesk Application 10/17/2024 5:05:54 AM #microsoft.graph.application +bbbbbbbb-1111-2222-3333-cccccccccccc Contoso Group 10/21/2024 6:25:19 PM #microsoft.graph.group +cccccccc-2222-3333-4444-dddddddddddd ClaimIssuancePolicy #microsoft.graph.tokenLifetimePolicy +ffffffff-4444-5555-6666-gggggggggggg Contoso Marketing App 10/23/2024 3:17:14 PM #microsoft.graph.application ``` This example retrieves objects owned by the specified user. - `-UserId` Parameter specifies the ID of a user as a UserPrincipalName or UserId. -### Example 2: Get objects owned by a user with additional details +### Example 2: Get all objects owned by a user ```powershell Connect-Entra -Scopes 'User.Read' -$ownedObjects = Get-EntraUserOwnedObject -ObjectId 'SawyerM@contoso.com' - -$objectDetails = $ownedObjects | ForEach-Object { - $objectDetail = Get-EntraObjectByObjectId -ObjectIds $_.Id - [PSCustomObject]@{ - odataType = $objectDetail.'@odata.type' - displayName = $objectDetail.displayName - Id = $objectDetail.Id - } -} -$objectDetails | Format-Table -Property odataType, displayName, Id -AutoSize +Get-EntraUserOwnedObject -UserId 'SawyerM@contoso.com' -All | + Select-Object Id, displayName, createdDateTime, '@odata.type' | + Format-Table -AutoSize ``` ```Output -odataType displayName Id ---------- ----------- -- -#microsoft.graph.group Contoso FTE Group bbbbbbbb-1111-2222-3333-cccccccccccc -#microsoft.graph.group Digital Engineering Group aaaaaaaa-1111-1111-1111-000000000000 -``` - -This example retrieves objects owned by the specified user with more lookup details. - -### Example 3: Get all objects owned by a user - -```powershell -Connect-Entra -Scopes 'User.Read' -Get-EntraUserOwnedObject -UserId 'SawyerM@contoso.com' -All -``` - -```Output -Id DeletedDateTime --- --------------- -aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb -bbbbbbbb-1111-2222-3333-cccccccccccc -cccccccc-2222-3333-4444-dddddddddddd -dddddddd-3333-4444-5555-eeeeeeeeeeee -ffffffff-4444-5555-6666-gggggggggggg -hhhhhhhh-5555-6666-7777-iiiiiiiiiiii +id displayName createdDateTime @odata.type +-- ----------- --------------- ----------- +aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Helpdesk Application 10/17/2024 5:05:54 AM #microsoft.graph.application +bbbbbbbb-1111-2222-3333-cccccccccccc Contoso Group 10/21/2024 6:25:19 PM #microsoft.graph.group +cccccccc-2222-3333-4444-dddddddddddd ClaimIssuancePolicy #microsoft.graph.tokenLifetimePolicy +ffffffff-4444-5555-6666-gggggggggggg Contoso Marketing App 10/23/2024 3:17:14 PM #microsoft.graph.application ``` This example retrieves all the objects owned by the specified user. - `-UserId` parameter specifies the ID of a user as a UserPrincipalName or UserId. -### Example 4: Get top three objects owned by a user +### Example 3: Get top three objects owned by a user ```powershell Connect-Entra -Scopes 'User.Read' -Get-EntraUserOwnedObject -UserId 'SawyerM@contoso.com' -Top 3 +Get-EntraUserOwnedObject -UserId 'SawyerM@contoso.com' -Top 3 | + Select-Object Id, displayName, createdDateTime, '@odata.type' | + Format-Table -AutoSize ``` ```Output -Id DeletedDateTime --- --------------- -aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb -bbbbbbbb-1111-2222-3333-cccccccccccc -cccccccc-2222-3333-4444-dddddddddddd +id displayName createdDateTime @odata.type +-- ----------- --------------- ----------- +aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Helpdesk Application 10/17/2024 5:05:54 AM #microsoft.graph.application +bbbbbbbb-1111-2222-3333-cccccccccccc Contoso Group 10/21/2024 6:25:19 PM #microsoft.graph.group +cccccccc-2222-3333-4444-dddddddddddd ClaimIssuancePolicy #microsoft.graph.tokenLifetimePolicy ``` This example retrieves the top three objects owned by the specified user. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/New-EntraUser.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/New-EntraUser.md index 62a06bd34..0f85101f4 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/New-EntraUser.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/New-EntraUser.md @@ -74,11 +74,11 @@ The `New-EntraUser` cmdlet creates a user in Microsoft Entra ID. Specify the `Di ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' -$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile -$PasswordProfile.Password = '' +$passwordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile +$passwordProfile.Password = '' $userParams = @{ DisplayName = 'Avery Iona' - PasswordProfile = $PasswordProfile + PasswordProfile = $passwordProfile UserPrincipalName = 'AveryI@contoso.com' AccountEnabled = $true MailNickName = 'averyi' @@ -99,12 +99,12 @@ This command creates a new user. ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' -$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile -$PasswordProfile.Password = '' +$passwordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile +$passwordProfile.Password = '' $userParams = @{ DisplayName = 'Peyton Davis' - PasswordProfile = $PasswordProfile + PasswordProfile = $passwordProfile UserPrincipalName = 'PeytonD@contoso.com' AccountEnabled = $true MailNickName = 'PeytonD' @@ -126,12 +126,12 @@ This command creates a new user. ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' -$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile -$PasswordProfile.Password = '' +$passwordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile +$passwordProfile.Password = '' $userParams = @{ DisplayName = 'Blake Martin' - PasswordProfile = $PasswordProfile + PasswordProfile = $passwordProfile UserPrincipalName = 'BlakeM@contoso.com' AccountEnabled = $true MailNickName = 'BlakeM' @@ -153,11 +153,11 @@ This command creates a new user. ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' -$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile -$PasswordProfile.Password = '' +$passwordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile +$passwordProfile.Password = '' $userParams = @{ DisplayName = 'Parker Jones' - PasswordProfile = $PasswordProfile + PasswordProfile = $passwordProfile UserPrincipalName = 'ParkerJ@contoso.com' AccountEnabled = $true MailNickName = 'ParkerJ' @@ -179,12 +179,12 @@ This command creates a new user. ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' -$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile -$PasswordProfile.Password = '' +$passwordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile +$passwordProfile.Password = '' $UserParams = @{ DisplayName = 'Sawyer Miller' - PasswordProfile = $PasswordProfile + PasswordProfile = $passwordProfile UserPrincipalName = 'SawyerM@contoso.com' AccountEnabled = $true MailNickName = 'SawyerM' @@ -338,8 +338,7 @@ Accept wildcard characters: False ### -ImmutableId -This property is used to associate an on-premises user account to their Microsoft Entra ID user object. -This property must be specified when creating a new user account in the Graph if you're using a federated domain for the user's userPrincipalName (UPN) property. +This property links an on-premises user account to its Microsoft Entra ID object and is required when creating a new user in Microsoft Graph if the user's userPrincipalName (UPN) is in a federated domain. Important: The $ and _ characters can't be used when specifying this property. @@ -462,19 +461,19 @@ The parameter type for this parameter is "PasswordProfile". In order to pass a parameter of this type, you first need to create a variable in PowerShell with that type: -$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile +$passwordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile Then you can proceed to set the value of the password in this variable: -$PasswordProfile.Password = "\" +$passwordProfile.Password = "\" And finally you can pass this variable to the cmdlet: -New-EntraUser -PasswordProfile $PasswordProfile ... +New-EntraUser -PasswordProfile $passwordProfile ... Other attributes that can be set in the PasswordProfile are -- $PasswordProfile.EnforceChangePasswordPolicy - a boolean indicating that the change password policy is enababled or disabled for this user $PasswordProfile. +- $passwordProfile.EnforceChangePasswordPolicy - a boolean indicating that the change password policy is enababled or disabled for this user $passwordProfile. - ForceChangePasswordNextLogin - a boolean indicating that the user must change the password at the next sign in. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/New-EntraUserAppRoleAssignment.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/New-EntraUserAppRoleAssignment.md index 3ede3eecf..fee0543a4 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/New-EntraUserAppRoleAssignment.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/New-EntraUserAppRoleAssignment.md @@ -36,13 +36,16 @@ New-EntraUserAppRoleAssignment The `New-EntraUserAppRoleAssignment` cmdlet assigns a user to an application role in Microsoft Entra ID. -To grant an app role assignment to a user, you need three identifiers: +In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. Supported roles include: -- PrincipalId: The Id of the user to whom you are assigning the app role. - -- ResourceId: The Id of the resource servicePrincipal that has defined the app role. - -- Id: The Id of the appRole (defined on the resource service principal) to assign to the user. +- Directory Synchronization Accounts (for Entra Connect and Cloud Sync) +- Directory Writer +- Hybrid Identity Administrator +- Identity Governance Administrator +- Privileged Role Administrator +- User Administrator +- Application Administrator +- Cloud Application Administrator ## Examples @@ -55,9 +58,9 @@ $user = Get-EntraUser -SearchString '' $servicePrincipal = Get-EntraServicePrincipal -Filter "appId eq '$appId'" $params = @{ - ObjectId = $user.ObjectId - PrincipalId = $user.ObjectId - ResourceId = $servicePrincipal.ObjectId + ObjectId = $user.Id + PrincipalId = $user.Id + ResourceId = $servicePrincipal.Id Id = [Guid]::Empty } @@ -70,10 +73,7 @@ DeletedDateTime Id AppRoleId A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u 00aa00aa-bb11-cc22-dd33-44ee44ee44ee 18-06-2024 11:22:40 UserPrincipalName aaaaaaaa-bbbb-cccc-1111-222222222222 User App-DisplayName ``` -This command assigns a user to an application that doesn't have any roles. -You can use the command `Get-EntraUser` to get user object Id. -You can use the command `Get-EntraApplication` to get application Id. -You can use the command `Get-EntraServicePrincipal` to get service principal object Id. +This command assigns a user to an application that doesn't have any roles. - `-ObjectId` parameter specifies the Id of a user to whom you are assigning the app role. - `-PrincipalId` parameter specifies the Id of a user to whom you are assigning the app role. @@ -84,16 +84,15 @@ You can use the command `Get-EntraServicePrincipal` to get service principal obj ```powershell Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All' -$userName = 'SawyerM@contoso.com' -$appName = 'Box' -$spo = Get-EntraServicePrincipal -Filter "DisplayName eq '$appName'" -$user = Get-EntraUser -Filter "userPrincipalName eq '$userName'" + +$servicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq 'Box'" +$user = Get-EntraUser -UserId 'SawyerM@contoso.com' $params = @{ - ObjectId = $user.ObjectId - PrincipalId = $user.ObjectId - ResourceId = $spo.ObjectId - Id = $spo.AppRoles[1].Id + ObjectId = $user.Id + PrincipalId = $user.Id + ResourceId = $servicePrincipal.Id + Id = $servicePrincipal.AppRoles[1].Id } New-EntraUserAppRoleAssignment @params diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraUser.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraUser.md index 77c8786f2..8f6b2e5d1 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraUser.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraUser.md @@ -37,7 +37,6 @@ The `Remove-EntraUser` cmdlet removes a user in Microsoft Entra ID. Specify the The calling user must be assigned at least one of the following Microsoft Entra roles: - User Administrator - - Privileged Authentication Administrator ## Examples @@ -51,6 +50,15 @@ Remove-EntraUser -UserId 'SawyerM@Contoso.com' This command removes the specified user in Microsoft Entra ID. +### Example 2: Remove a user based on search results + +```powershell +Connect-Entra -Scopes 'User.ReadWrite.All' +Get-EntraUser -UserId 'SawyerM@Contoso.com' | Remove-EntraUser +``` + +This command removes the specified user in Microsoft Entra ID. + ## Parameters ### -UserId diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraUserAppRoleAssignment.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraUserAppRoleAssignment.md index 4a7f77cbf..9cc71862f 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraUserAppRoleAssignment.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraUserAppRoleAssignment.md @@ -35,17 +35,26 @@ Remove-EntraUserAppRoleAssignment The `Remove-EntraUserAppRoleAssignment` cmdlet removes a user application role assignment in Microsoft Entra ID. +In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. Supported roles include: + +- Directory Synchronization Accounts (for Entra Connect and Cloud Sync) +- Directory Writer +- Hybrid Identity Administrator +- Identity Governance Administrator +- Privileged Role Administrator +- User Administrator +- Application Administrator +- Cloud Application Administrator + ## Examples ### Example 1: Remove user app role assignment ```powershell Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All' -$RemoveAppRoleParams = @{ - ObjectId = 'SawyerM@Contoso.com' - AppRoleAssignmentId = 'C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w' -} -Remove-EntraUserAppRoleAssignment @RemoveAppRoleParams +$assignment = Get-EntraUserAppRoleAssignment -ObjectId 'SawyerM@Contoso.com' | + Where-Object {$_.ResourceDisplayName -eq 'Helpdesk Application' -and $_.PrincipalType -eq 'User'} +Remove-EntraUserAppRoleAssignment -ObjectId 'SawyerM@Contoso.com' -AppRoleAssignmentId $assignment.Id ``` This example demonstrates how to Remove the user app role assignment in Microsoft Entra ID. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraUserExtension.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraUserExtension.md index 7e0aae2e2..13b9f4fd2 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraUserExtension.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraUserExtension.md @@ -51,11 +51,8 @@ The `Remove-EntraUserExtension` cmdlet removes a user extension from Microsoft E ### Example 1: Remove the user extension ```powershell -$Params = @{ - ObjectId = 'SawyerM@Contoso.com' - ExtensionName = 'Test Extension' -} -Remove-EntraUserExtension @Params +Connect-Entra -Scopes 'User.ReadWrite.All' +Remove-EntraUserExtension -ObjectId 'SawyerM@Contoso.com' -ExtensionName 'Test Extension' ``` This example demonstrates how to remove a user extension from Microsoft Entra ID. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraUserManager.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraUserManager.md index 9d2fac8aa..b58f18798 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraUserManager.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraUserManager.md @@ -39,14 +39,23 @@ The `Remove-EntraUserManager` cmdlet removes a user's manager in Microsoft Entra ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' -$User = Get-EntraUser -UserId 'SawyerM@Contoso.com' -Remove-EntraUserManager -UserId $User.ObjectId +$user = Get-EntraUser -UserId 'SawyerM@Contoso.com' +Remove-EntraUserManager -UserId $user.Id ``` This example shows how to remove a user's manager. You can use `Get-EntraUser` command to get the user's details. +### Example 2: Remove the manager of a user via pipelining + +```powershell +Connect-Entra -Scopes 'User.ReadWrite.All' +Get-EntraUser -UserId 'SawyerM@Contoso.com' | Remove-EntraUserManager +``` + +This example shows how to remove a user's manager. + ## Parameters ### -UserId diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraUser.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraUser.md index 16500c066..4cec67c51 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraUser.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraUser.md @@ -68,12 +68,7 @@ The `Set-EntraUser` cmdlet updates a user in Microsoft Entra ID. Specify the `Us ```powershell Connect-Entra -Scopes 'User.ReadWrite.All','Directory.AccessAsUser.All' -$user = Get-EntraUser -UserId 'SawyerM@contoso.com' -$params = @{ - UserId = $user.Id - DisplayName = 'Updated user Name' -} -Set-EntraUser @params +Set-EntraUser -UserId 'SawyerM@contoso.com' -DisplayName 'Updated user Name' ``` This example updates the specified user's Display name parameter. @@ -84,11 +79,7 @@ This example updates the specified user's Display name parameter. ```powershell Connect-Entra -Scopes 'User.ReadWrite.All','Directory.AccessAsUser.All' -$params = @{ - UserId = 'SawyerM@contoso.com' - AccountEnabled = $true -} -Set-EntraUser @params +Set-EntraUser -UserId 'SawyerM@contoso.com' -AccountEnabled $true ``` This example updates the specified user's AccountEnabled parameter. @@ -114,7 +105,7 @@ This example updates the specified user's as minors with parental consent. ```powershell Connect-Entra -Scopes 'User.ReadWrite.All','Directory.AccessAsUser.All' $params = @{ - UserId = 'SawyerM@contoso.com' + UserId = 'SawyerM@Contoso.com' City = 'Add city name' CompanyName = 'Microsoft' Country = 'Add country name' @@ -124,7 +115,7 @@ $params = @{ JobTitle = 'Manager' MailNickName = 'Add mailnickname' Mobile = '9984534564' - OtherMails = 'test12@M365x99297270.OnMicrosoft.com' + OtherMails = 'sawyerm@Contoso.com' PasswordPolicies = 'DisableStrongPassword' State = 'UP' StreetAddress = 'Add address' diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraUserExtension.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraUserExtension.md index c5a2cd40e..4a73b4733 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraUserExtension.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraUserExtension.md @@ -40,12 +40,9 @@ The `Set-EntraUserExtension` cmdlet updates a user extension in Microsoft Entra ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' -$params = @{ - ObjectId = 'SawyerM@contoso.com' - ExtensionName = 'extension_e5e29b8a85d941eab8d12162bd004528_extensionAttribute8' - ExtensionValue = 'New Value' -} -Set-EntraUserExtension @params +$extensionName = 'extension_e5e29b8a85d941eab8d12162bd004528_extensionAttribute8' +$extensionValue = 'New Value' +Set-EntraUserExtension -ObjectId 'SawyerM@contoso.com' -ExtensionName $extensionName -ExtensionValue $extensionValue ``` This example shows how to update the value of the extension attribute for a specified user. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraUserLicense.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraUserLicense.md index ff516e155..aac93ffe5 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraUserLicense.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraUserLicense.md @@ -50,16 +50,19 @@ For delegated scenarios, the calling user needs at least one of the following Mi ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' -$LicensedUser = Get-EntraUser -ObjectId 'TemplateUser@contoso.com' -$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense -$License.SkuId = $LicensedUser.AssignedLicenses.SkuId -$Licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses -$Licenses.AddLicenses = $License -$Params = @{ - UserId = 'SawyerM@contoso.com' - AssignedLicenses = $Licenses + +$licensedUser = Get-EntraUser -UserId 'TemplateUser@contoso.com' +$targetUser = Get-EntraUser -UserId 'SawyerM@contoso.com' + +$sourceUserLicenses = $licensedUser.AssignedLicenses + +$licensesToAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses +foreach ($license in $sourceUserLicenses) { + $assignedLicense = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense + $assignedLicense.SkuId = $license.SkuId + $licensesToAssign.AddLicenses= $assignedLicense + Set-EntraUserLicense -UserId $targetUser.Id -AssignedLicenses $licensesToAssign } -Set-EntraUserLicense @Params ``` ```Output @@ -89,18 +92,18 @@ This example demonstrates how to assign a license to a user based on a template ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' -$LicensedUser = Get-EntraUser -ObjectId 'AdeleV@contoso.com' -$User = Get-EntraUser -ObjectId 'SawyerM@contoso.com' -$License1 = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense -$License1.SkuId = $LicensedUser.AssignedLicenses.SkuId[0] -$License2 = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense -$License2.SkuId = $LicensedUser.AssignedLicenses.SkuId[1] +$licensedUser = Get-EntraUser -UserId 'AdeleV@contoso.com' +$user = Get-EntraUser -UserId 'SawyerM@contoso.com' +$license1 = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense +$license1.SkuId = $licensedUser.AssignedLicenses.SkuId[0] +$license2 = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense +$license2.SkuId = $licensedUser.AssignedLicenses.SkuId[1] $addLicensesArray = @() -$addLicensesArray += $License1 -$addLicensesArray += $License2 -$Licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses -$Licenses.AddLicenses = $addLicensesArray -Set-EntraUserLicense -UserId $User.ObjectId -AssignedLicenses $Licenses +$addLicensesArray += $license1 +$addLicensesArray += $license2 +$licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses +$licenses.AddLicenses = $addLicensesArray +Set-EntraUserLicense -UserId $user.Id -AssignedLicenses $licenses ``` ```Output @@ -123,19 +126,19 @@ isLicenseReconciliationNeeded False This example demonstrates how to assign a license to a user by copying license from another user. -- `-ObjectId` parameter specifies the object Id of a user(as a UserPrincipalName or ObjectId). +- `-UserId` parameter specifies the object Id of a user(as a UserPrincipalName or ObjectId). - `-AssignedLicenses` parameter specifies a list of licenses to assign or remove. ### Example 3: Remove an assigned User's License ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' -$UserPrincipalName = 'SawyerM@contoso.com' -$User = Get-EntraUser -ObjectId $UserPrincipalName -$SkuId = (Get-EntraUserLicenseDetail -ObjectId $UserPrincipalName).SkuId -$Licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses -$Licenses.RemoveLicenses = $SkuId -Set-EntraUserLicense -UserId $User.ObjectId -AssignedLicenses $Licenses +$userPrincipalName = 'AveryI@M365x80713871.OnMicrosoft.com' +$user = Get-EntraUser -UserId $userPrincipalName +$skuId = (Get-EntraUserLicenseDetail -UserId $userPrincipalName).SkuId +$licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses +$licenses.RemoveLicenses = $skuId +Set-EntraUserLicense -UserId $user.Id -AssignedLicenses $licenses ``` ```Output @@ -157,9 +160,40 @@ givenName Sawyer This example demonstrates how to remove a user's license by retrieving the user details. -- `-ObjectId` parameter specifies the object Id of a user(as a UserPrincipalName or ObjectId). +- `-UserId` parameter specifies the object Id of a user(as a UserPrincipalName or ObjectId). - `-AssignedLicenses` parameter specifies a list of licenses to assign or remove. +### Example 4: Bulk Assign Licenses to Multiple Users + +```powershell +Connect-Entra -Scopes 'Organization.ReadWrite.All' + +# Retrieve the SkuId for the desired license plans +$skuId1 = (Get-EntraSubscribedSku | Where-Object { $_.SkuPartNumber -eq 'AAD_PREMIUM_P2' }).SkuId +$skuId2 = (Get-EntraSubscribedSku | Where-Object { $_.SkuPartNumber -eq 'EMS' }).SkuId + +# Define the user to whom the licenses will be assigned +$users = ('AljosaH@Contoso.com','PalameeC@Contoso.com') + +# You can, alternatively, import users from a csv file. For this example, the CSV should have a column named 'user' +$users = Import-Csv -Path "C:\path\to\your\users.csv" | Select-Object -ExpandProperty user + +# Create license assignment objects +$license1 = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense +$license1.SkuId = $skuId1 + +$license2 = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense +$license2.SkuId = $skuId2 + +$licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses +$licenses.AddLicenses = $license1, $license2 + +# Assign the licenses to each user +foreach ($user in $users$users) { + Set-EntraUserLicense -UserId $user -AssignedLicenses $licenses +} +``` + ## Parameters ### -AssignedLicenses diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraUserManager.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraUserManager.md index f73f6beb1..80adb416a 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraUserManager.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraUserManager.md @@ -41,11 +41,7 @@ The `Set-EntraUserManager` cmdlet update the manager for a user in Microsoft Ent ```powershell Connect-Entra -Scopes 'User.ReadWrite.All' $manager = Get-EntraUser -UserId 'Manager@contoso.com' -$params = @{ - UserId = 'SawyerM@contoso.com' - RefObjectId = $manager.ObjectId -} -Set-EntraUserManager @params +Set-EntraUserManager -UserId 'SawyerM@contoso.com' -RefObjectId $manager.Id ``` This example demonstrates how to update the manager for the specified user. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraUserThumbnailPhoto.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraUserThumbnailPhoto.md index 21eef3e9b..8a4ea1392 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraUserThumbnailPhoto.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraUserThumbnailPhoto.md @@ -55,7 +55,7 @@ Set-EntraUserThumbnailPhoto The `Set-EntraUserThumbnailPhoto` cmdlet is used to set the thumbnail photo for a user. -Updating any user's photo in the organization requires the User.ReadWrite.All permission. Updating only the signed-in user's photo requires the User.ReadWrite permission. +Updating any user's photo in the organization requires the `User.ReadWrite.All` permission. Updating only the signed-in user's photo requires the `User.ReadWrite` permission. ## Examples @@ -63,11 +63,7 @@ Updating any user's photo in the organization requires the User.ReadWrite.All pe ```powershell Connect-Entra -Scopes 'User.ReadWrite','User.ReadWrite.All' -$params = @{ - UserId = 'SawyerM@contoso.com' - FilePath = 'D:\UserThumbnailPhoto.jpg' -} -Set-EntraUserThumbnailPhoto @params +Set-EntraUserThumbnailPhoto -UserId -FilePath 'D:\UserThumbnailPhoto.jpg' ``` This example sets the thumbnail photo of the user specified with the UserId parameter to the image specified with the FilePath parameter. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Update-EntraSignedInUserPassword.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Update-EntraSignedInUserPassword.md index 1959f83ff..991841907 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Update-EntraSignedInUserPassword.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Update-EntraSignedInUserPassword.md @@ -43,13 +43,9 @@ Enable users to update their own passwords. Any user can change their password w ```powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All' -$CurrentPassword = ConvertTo-SecureString '' -AsPlainText -Force -$NewPassword = ConvertTo-SecureString '' -AsPlainText -Force -$params = @{ - CurrentPassword = $CurrentPassword - NewPassword = $NewPassword -} -Update-EntraSignedInUserPassword @params +$currentPassword = ConvertTo-SecureString '' -AsPlainText -Force +$newPassword = ConvertTo-SecureString '' -AsPlainText -Force +Update-EntraSignedInUserPassword -CurrentPassword $currentPassword -NewPassword $newPassword ``` This example shows how to update the password for the signed-in user.