–A–

Az module, uninstall

I wanted to uninstall the Az module after I got

–B–

–C–

connect

$User = "Barney.Rubble@yourDomain.com"
$PWord = ConvertTo-SecureString -String "topSecret" -AsPlainText -Force
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $PWord
Connect-AzAccount -Credential $cred

–D–

–E–

–F–

–G–

Get-AzureADUser: The term 'Get-AzureADUser' is not recognized as a name of a cmdlet, function, script file, or executable program.

Install-Module AzureAD -Force

and then

Import-Module AzureAD -Force

Instead, use Get-MgUser:

Get-MgUser -ConsistencyLevel eventual -Count userCount -Search "DisplayName:Marley, Bob"

That is, after you:

Install-Module -Name Microsoft.Graph -RequiredVersion 1.27.0
Import-Module -Name Microsoft.Graph

first, if necessary

the Get-AzureADUser command doesn't work anymore. Now that you've installed, imported the Microsoft.Graph module, now instead, use Get-MgUser:

Get-MgUser -ConsistencyLevel eventual -Count userCount -Search "DisplayName:Marley, Bob"

Get-AzureADUser says to Connect-AzureAD but that module does not support PowerShell Core Edition

You run Get-AzureADUser (with or without parameters) it returns

Get-AzureADUser: You must call the Connect-AzureAD cmdlet before calling any other cmdlets.

So, you dutifully

Connect-AzureAD

but it returns

Connect-AzureAD: This module does not support PowerShell Core edition. Retry the operation with PowerShell Desktop edition (Windows PowerShell).

By this, they mean:

Import-Module AzureAD -UseWindowsPowerShell

But this still fails with “The specified module 'AzureAD' was not loaded because no valid module file was found in any module directory.”

use

Connect-MgGraph

instead. That is, after you:

Install-Module -Name Microsoft.Graph -RequiredVersion 1.27.0
Import-Module -Name Microsoft.Graph

first, if necessary

The Get-AzureADUser command doesn't work anymore. Now that you've installed, imported the Microsoft.Graph module, now instead, use Get-MgUser:

Get-MgUser -ConsistencyLevel eventual -Count userCount -Search "DisplayName:Marley, Bob"

–H–

–I–

–J–

–K–

–L–

–M–

–N–

–O–

–P–

permission grant, delegated - create new

$params = @{
    ClientId = "ef969797-201d-4f6b-960c-e9ed5f31dab5"
    ConsentType = "AllPrincipals"
    ResourceId = "943603e4-e787-4fe9-93d1-e30f749aae39"
    Scope = "AdministrativeUnit.Read.All AdministrativeUnit.ReadWrite.All"
}
New-MgOauth2PermissionGrant -BodyParameter $params

where

• ClientId – The id of the client service principal for the application which is authorized to act on behalf of a signed-in user when accessing an API. Not sure about this. I've just been using the same ID as the PrincipalID below.
• ConsentType – either AllPrincipals or Principal. If you select Principal, you must supply additioanl parameter PrincipalID and set that equal to a users's ID
• PrincipalId – User ID of who needs permission. You only need to specify this parameter if ConsentType above is Principal
• ResourceId – The id of the resource service principal to which access is authorized. Not sure about this. Subscription ID doesn't seem to work.
• Scope – space-delimited permissions. A list of permissions required to run a commandcan be generated by permission required to run a command, list, for example.

permission required to run a command, list

here's what you need to be able to manage administrative units, for example:

Find-MgGraphCommand -command Get-MgDirectoryAdministrativeUnit | Select -First 1 -ExpandProperty Permissions

–Q–

–R–

resource groups, exists?

$ResourceGroupName = "BobsBigOlResourceGroup"
Get-AzResourceGroup -Name $ResourceGroupName -ErrorVariable notPresent -ErrorAction SilentlyContinue
if ($notPresent) {"ResourceGroup $ResourceGroupName doesn't exist"}
else {"ResourceGroup $ResourceGroupName exists"}

resource groups, list

Get-AzResourceGroup | ft

This will only list the resources in one of your subscriptions. If you don't find a resource you think you ought to have, you may want to list your subscriptions and then change your context to a different subscription

To see all resource groups for all subscriptions:

$ResourceGroupsForAllSubscriptions = @()
$i = 0
$subscriptions =Get-AzSubscription
ForEach ($subscription in $subscriptions) {
    $i++
    $subscriptionName = $subscription.Name
    Set-AzContext -SubscriptionId $subscription.SubscriptionId
    $j=0
    $resourceGroups = Get-AzResourceGroup
    foreach ($resourceGroup in $resourceGroups) {  
        $j++
        Write-Host "subscription $i of $($subscriptions.Count): $subscriptionName, ResourceGroup $j of $($resourceGroups.Count): $($resourceGroup.ResourceGroupName)" -ForegroundColor Green
        $ResourceGroupsForAllSubscriptions += [PSCustomObject] @{
            Subscription = $subscriptionName
            ResourceGroup = $resourceGroup.ResourceGroupName
        }
    }
}
$ResourceGroupsForAllSubscriptions | ogv

role assignments, list for a user

Get-AzRoleAssignment -SignInName frodo@theshire.com

roles, list

Get-AzRoleDefinition | ogv

–S–

subscriptions, list

Get-AzSubscription

subscription, change context

you'll probably first want to list your subscriptions so you can get a subscription ID

Set-AzContext -Subscription 'dec98b56-ea77-8195-a1cd-9eda38fcb638' -Name 'dev'

I thought the following would set the context to all my available subscriptions. But instead, it only seems to set the context one at a time, leaving you with the context of whichever subscription happens to be last.

Get-AzSubscription | Set-AzContext

–T–

tenant ID

(Get-MgOrganization).ID

–U–

–W–

–X–

–Y–

–Z–