I wanted to uninstall the Az module after I got
$User
=
"Barney.Rubble@yourDomain.com"
$PWord
=
ConvertTo-SecureString
-String
"topSecret"
$cred
=
New-Object
-TypeName System.Management.Automation.PSCredential -ArgumentList
$User,
$PWord
Connect-AzAccount
-Credential
$cred
Install-Module AzureAD -Force
and then
Import-Module AzureAD -Force
Instead, use Get-MgUser
:
Get-MgUser -ConsistencyLevel eventual -Count userCount -Search "DisplayName:Marley, Bob"
That is, after you:
Install-Module
-Name Microsoft.Graph
-RequiredVersion 1.27.0
Import-Module
-Name Microsoft.Graph
first, if necessary
the Get-AzureADUser
command doesn't work anymore.
Now that you've installed, imported the Microsoft.Graph
module, now instead, use Get-MgUser
:
Get-MgUser -ConsistencyLevel eventual -Count userCount -Search "DisplayName:Marley, Bob"
Get-AzureADUser says to Connect-AzureAD
but that module does not support PowerShell Core Edition
You run Get-AzureADUser
(with or without parameters) it returns
Get-AzureADUser: You must call the Connect-AzureAD cmdlet before calling any other cmdlets.
So, you dutifully
Connect-AzureAD
but it returns
Connect-AzureAD: This module does not support PowerShell Core edition. Retry the operation with PowerShell Desktop edition (Windows PowerShell).
By this, they mean:
Import-Module AzureAD -UseWindowsPowerShell
But this still fails with “The specified module 'AzureAD' was not loaded because no valid module file was found in any module directory.”
use
Connect-MgGraph
instead. That is, after you:
Install-Module
-Name Microsoft.Graph
-RequiredVersion 1.27.0
Import-Module
-Name Microsoft.Graph
first, if necessary
The Get-AzureADUser
command doesn't work anymore.
Now that you've installed, imported the Microsoft.Graph
module, now instead, use Get-MgUser
:
Get-MgUser -ConsistencyLevel eventual -Count userCount -Search "DisplayName:Marley, Bob"
permission grant, delegated - create new
$params
=
@{
ClientId
=
"ef969797-201d-4f6b-960c-e9ed5f31dab5"
ConsentType
=
"AllPrincipals"
ResourceId
=
"943603e4-e787-4fe9-93d1-e30f749aae39"
Scope
=
"AdministrativeUnit.Read.All AdministrativeUnit.ReadWrite.All"
}
New-MgOauth2PermissionGrant
-BodyParameter $params
where
ClientId
– The id of the client service principal for the application which is authorized to act on behalf of a signed-in user when accessing an API. Not sure about this. I've just been using the same ID as thePrincipalID
below.ConsentType
– eitherAllPrincipals
orPrincipal
. If you selectPrincipal
, you must supply additioanl parameterPrincipalID
and set that equal to a users's IDPrincipalId
– User ID of who needs permission. You only need to specify this parameter ifConsentType
above isPrincipal
ResourceId
– The id of the resource service principal to which access is authorized. Not sure about this. Subscription ID doesn't seem to work.Scope
– space-delimited permissions. A list of permissions required to run a commandcan be generated by permission required to run a command, list, for example.
permission required to run a command, list
here's what you need to be able to manage administrative units, for example:
Find-MgGraphCommand -command Get-MgDirectoryAdministrativeUnit | Select -First 1 -ExpandProperty Permissions
$ResourceGroupName
=
"BobsBigOlResourceGroup"
Get-AzResourceGroup
-Name
$ResourceGroupName
-ErrorVariable notPresent -ErrorAction SilentlyContinue
if
($notPresent) {"ResourceGroup
$ResourceGroupName
doesn't exist"}
else
{"ResourceGroup
$ResourceGroupName
exists"}
Get-AzResourceGroup | ft
This will only list the resources in one of your subscriptions. If you don't find a resource you think you ought to have, you may want to list your subscriptions and then change your context to a different subscription
To see all resource groups for all subscriptions:
$ResourceGroupsForAllSubscriptions
=
@()
$i
=
0
$subscriptions
=Get-AzSubscription
ForEach
($subscription
in
$i++
$subscriptionName
=
$subscription.Name
Set-AzContext
-SubscriptionId
$subscription.SubscriptionId
$j=0
$resourceGroups
=
Get-AzResourceGroup
foreach
($resourceGroup
in
$resourceGroups) {
$j++
Write-Host
"subscription $i
of
$($subscriptions.Count):
$subscriptionName, ResourceGroup
$j
of
$($resourceGroups.Count):
$($resourceGroup.ResourceGroupName)"
-ForegroundColor
Green
$ResourceGroupsForAllSubscriptions
+= [PSCustomObject]
@{
Subscription
=
$subscriptionName
ResourceGroup
=
$resourceGroup.ResourceGroupName
}
}
}
$ResourceGroupsForAllSubscriptions
| ogv
role assignments, list for a user
Get-AzRoleAssignment -SignInName frodo@theshire.com
roles, list
Get-AzRoleDefinition | ogv
Get-AzSubscription
you'll probably first want to list your subscriptions so you can get a subscription ID
Set-AzContext -Subscription 'dec98b56-ea77-8195-a1cd-9eda38fcb638' -Name 'dev'
I thought the following would set the context to all my available subscriptions. But instead, it only seems to set the context one at a time, leaving you with the context of whichever subscription happens to be last.
Get-AzSubscription | Set-AzContext
(Get-MgOrganization).ID