{"id":21406846,"url":"https://github.com/ms-luf/use-azuread","last_synced_at":"2026-05-19T00:36:14.546Z","repository":{"id":137505319,"uuid":"259346738","full_name":"MS-LUF/Use-AzureAD","owner":"MS-LUF","description":"cmdlets to manage your Azure Active Directory Tenant (focusing on Administrative Unit features) when AzureADPreview cannot handle it correctly","archived":false,"fork":false,"pushed_at":"2021-09-23T20:23:13.000Z","size":503,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-16T17:17:30.911Z","etag":null,"topics":["administrative-units","azure","azure-active-directory","azure-active-directory-graph-api","powershell","powershell-module"],"latest_commit_sha":null,"homepage":null,"language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MS-LUF.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-04-27T14:19:38.000Z","updated_at":"2021-09-23T20:23:16.000Z","dependencies_parsed_at":"2023-03-24T08:18:26.055Z","dependency_job_id":null,"html_url":"https://github.com/MS-LUF/Use-AzureAD","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/MS-LUF/Use-AzureAD","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MS-LUF%2FUse-AzureAD","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MS-LUF%2FUse-AzureAD/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MS-LUF%2FUse-AzureAD/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MS-LUF%2FUse-AzureAD/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MS-LUF","download_url":"https://codeload.github.com/MS-LUF/Use-AzureAD/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MS-LUF%2FUse-AzureAD/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33196186,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-18T09:27:30.708Z","status":"ssl_error","status_checked_at":"2026-05-18T09:27:28.300Z","response_time":71,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["administrative-units","azure","azure-active-directory","azure-active-directory-graph-api","powershell","powershell-module"],"created_at":"2024-11-22T16:43:05.787Z","updated_at":"2026-05-19T00:36:14.530Z","avatar_url":"https://github.com/MS-LUF.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"![image](http://www.lucas-cueff.com/files/gallery.png)\r\n\r\n# Use-AzureAD\r\nSimple PowerShell module to manage your Azure Active Directory Tenant (focusing on Administrative Unit features) when AzureADPreview cannot handle it correctly ;-)\r\n\r\n(c) 2021 lucas-cueff.com Distributed under Artistic Licence 2.0 (https://opensource.org/licenses/artistic-license-2.0).\r\n\r\n## Notes\r\ncurrently Powershell Core and AzureADPreview are not working well together (logon / token request issue)\r\nThe issue is opened [here](https://github.com/PowerShell/PowerShell/issues/10473)  \r\nWaiting for the fix, this module will **work only with Windows Powershell 5.1**\r\n\r\n## Notes version :\r\n### 0.5 - first public release - beta version\r\n - cmdlet to get a valid access token (MFA supported) for Microsoft Graph Beta APIs\r\n - cmdlet to get a valid token for Microsoft Graph API standard / cloud endpoint (ressource graph.windows.net) and be able to use AzureADPreview cmdlets without reauthenticating\r\n - cmdlet to get all properties available (ex : extensionattribute) for an AAD user account\r\n - cmdlet to set a web proxy to be used with Use-AzureAD and AzureADPreview cmdlets\r\n - cmdlet to get all info for current logged in (@ Azure AD Tenant and Graph APIs) AAD user account\r\n - cmdlet to create / synchronize your on premise Active Directory OUs with Azure AD Administrive Units (not managed currently through Azure AD Connect or other Microsoft cmdlets / modules)\r\n - cmdlet to add / synchronize your on premise Active Directory users DN with Azure AD Administrative Unit membership (not managed currently through Azure AD Connect or other Microsoft cmdlets / modules)\r\n - cmdlet to add / remove Azure AD user account in Administrative Unit Role (everything managed in an easy and smooth way including, enabling the AAD role if missing and so on)\r\n - cmdlet to list all members of an Azure AD Administrative Unit (limited @ first 100 objets with default MS cmdlet... #WTF)\r\n### 0.6 - beta version\r\n - cmdlet to get your current schema for a specific provisionning agent / service principal\r\n - cmdlet to update your current schema for a specific provisionning agent / service principal\r\n - cmdlet to get your default schema (template) for Azure AD Connect Cloud Provisionning\r\n - cmdlet to get a valid token (MFA supported) for Microsoft Graph API standard / cloud endpoint and MSOnline endpoint and be able to use MSOnline cmdlets without reauthenticating\r\n### 0.7 - beta version\r\n - cmdlet to create an Administrative Unit with hidden members\r\n - cmdlet to get Administrative Units with hidden members\r\n - cmdlet to create delta view for users, groups, admin units objects\r\n - cmdlet to get all updates from a delta view for users, groups, admin units objects\r\n### 0.8 - beta version\r\n - fix Set-AzureADproxy cmdlet : not able to set correctly the parameter *ProxyUseDefaultCredentials*\r\n - new cmdlets to add, get, update Azure AD Dynamic Membership security groupstest dynamic membership\r\n  * Note : in current release of AzureADPreview I have found a bug regarding Dynamic group (on all *-AzureADMSGroup cmdlets). When you try to use them, you have a Null Reference Exception :  \r\n`System.NullReferenceException,Microsoft.Open.MSGraphBeta.PowerShell.NewMSGroup`\r\n - new cmdlet to test user membership of dynamic group membership\r\n### 0.9 - beta version\r\nadd functions / cmdlets related to group and licensing stuff missing from azureadpreview current module\r\n - cmdlet to get all Azure AD User with licensing error members of a particular group\r\n - cmdlet to get licensing info of a particular group\r\n - cmdlet to add or remove a license on an Azure AD Group\r\n - cmdlet to get licensing assignment type (group or user) of a particular user\r\n### 1.0 - beta version\r\n- add service principal management for authentication and fix / improve code using [DaveyRance](https://github.com/DaveyRance) remark\r\n### 1.1 - beta version\r\n- update authority URL for Service Principal to be compliant with last version of ADAL library\r\n### 1.2 - beta version\r\n - update Sync-ADOUtoAzureADAdministrativeUnit (update OU filter name to use regex instead)\r\n - update cmdlet Sync-ADUsertoAzureADAdministrativeUnitMember (update OU filter name to use regex instead)\r\n - update cmdlet Get-AzureADUserCustom (Get-AzureADUserallproperties)\r\n - add cmdlet Get-AzureADServicePrincipalCustom\r\n - add cmdlet Get-AzureADAdministrativeUnitCustom\r\n - add cmdlet Add-AzureADAdministrativeUnitMemberCustom\r\n - add cmdlet New-AzureADAdministrativeUnitCustom (New-AzureADAdministrativeUnitHidden)\r\n - add cmdlet Watch-AzureADAccessToken (be able to watch and auto renew Access Token of a service principal before expiration - useful in a script context when operation can take more than one hour)\r\n - update cmdlet Set-AzureADProxy (add bypassproxy on local option)\r\n### 1.3 - beta version\r\n- add cmdlet to get administrative units of a user account and remove a user account from an administrative unit (thanks to Achraf Amor)\r\n  - Get-AzureADUserAdministrativeUnitMemberOfCustom\r\n  - Remove-AzureADAdministrativeUnitMemberCustom\r\n### 1.4 - beta version\r\n- add cmdlets to get and update Azure AD organization information\r\n  - Get-AzureADOrganizationCustom\r\n  - Update-AzureADOrganizationCustom\r\n### 1.5 - beta version\r\n- add cmdlet to get Azure AD Connect synchronization errors through MS Graph API to replace Get-MsolDirSyncProvisioningError\r\n  - Get-AzureADOnPremisesProvisionningErrors\r\n### 1.6 - beta version\r\n- fix CallDepthOverflow on huge pages response\r\n- add cmdlet Invoke-APIMSGraphBetaPaging\r\n### 1.7 - last release - beta version\r\n- add cmdlets to create / update Office 365 groups with [resourceBehaviorOptions and resourceProvisioningOptions](https://docs.microsoft.com/en-us/graph/group-set-options)\r\n - New-AzureADMSGroupCustom\r\n - Set-AzureADMSGroupCustom\r\n\r\n## Why another Azure AD module ?\r\nI am a new player on all Azure AD stuff. Currently, I am interesting in all directory stuff, including synchronization for my new job. When I was trying to understand how this **** works, I understand quickly that the current tools available from MS are buggy and / or not managing everything...\r\nI have opened several request for change on Azure feedback website and also I have voted for several ones...\r\nHere are my current issues, I have tried to resolve them with this PowerShell Module :\r\n - the BETA API of MS Graph are more powerfull than the v1.0 used by the PowerShell modules AzureAD or AzureADPreview\r\n   - for instance, Get-AzureADUser cannot give you the value of the extensionattributexx !!!\r\n   - You can create dynamic group based on the value hosted in those attributes but you cannot get the value of them for a user account... a shame...\r\n - There is no easy way to be authenticated at the same time on MS Graph API v1.0 and the Beta ones because Microsoft used a different endpoint in the Powershell modules AzureAD and AzureADPreview :\r\n   - graph.windows.net is used by default in the MS modules, the Beta Graph is available with grap.microsoft.com/beta/\r\n   - ==\u003e the ressources URI are different so you must request tokens 2 times !!!\r\n - there is no tool available to synchronize on premise AD Organizational Unit and Azure AD Administrative unit\r\n   - you must do it manually !\r\n - there is no tool available to add an Azure AD User account automatically to an Administrative Unit based on criteria\r\n   - again you must do it manually !\r\n - there is no tool avaialable for massive provisionning in administrative unit\r\n   - except bulk import with CSV from the portal but... wait we are in 2020 not in the 1990 !\r\n - the way Microsoft is managing the Administrative Unit role membership is a nightmare\r\n   - for adding someone :\r\n     - you need to be sure the role is enable from the directory template role,\r\n     - then resolve your self all required GUIDs,\r\n     - create some object to build the request,\r\n     - then submit the request...\r\n     - ==\u003e wait, in on prem AD we are talking about a one liner stuff with easy name to remember !\r\n - several cmdlet are buggy and not implement paging feature\r\n   - for instance you are limited to the first 100 objects only when you want to get all members of an admin unit... (Get-AzureADAdministrativeUnitMember)\r\n   - the API administrativeUnits is able to handle it but they just forgot to implement it in the PowerShell module...\r\n - missing Graph APIs implementations\r\n   - licensing stuff limited to user object / ressources and not able to investigate licensing issue correctly except by using the deprecated module MSOnline\r\n\r\n### Azure requests for changes opened\r\nhttps://feedback.azure.com/forums/169401-azure-active-directory/suggestions/40276534-azureadpreview  \r\nhttps://feedback.azure.com/forums/169401-azure-active-directory/suggestions/40276597-azureadpreview-get-azureadadministrativeunitmem  \r\nhttps://feedback.azure.com/forums/169401-azure-active-directory/suggestions/40276621-azureadpreview-odata-advanced-paging  \r\nhttps://feedback.azure.com/forums/169401-azure-active-directory/suggestions/39167986-sync-onprem-ad-ous-to-aad-administrative-units  \r\nhttps://feedback.azure.com/forums/34192--general-feedback/suggestions/40542640-ms-graph-api-evaluatedynamicmembershipresult-on-gr\r\n\r\n## How-to\r\na how-to is available [here](https://github.com/MS-LUF/Use-AzureAD/blob/master/Howto.md)  \r\n\r\n## install Use-AzureAD from PowerShell Gallery repository\r\nYou can easily install it from powershell gallery repository  \r\nhttps://www.powershellgallery.com/packages/Use-AzureAD/  \r\nusing a simple powershell command and an internet access :-) \r\n```\r\n\tInstall-Module -Name Use-AzureAD\r\n```\r\n\r\n## import module from PowerShell \r\n```\r\n\tC:\\PS\u003e import-module Use-AzureAD.psm1\r\n```\r\n\r\n## module content\r\ndocumentation in markdown available [here](https://github.com/MS-LUF/Use-AzureAD/tree/master/docs)  \r\n### function\r\n - Clear-AzureADAccessToken\r\n - Connect-AzureADFromAccessToken\r\n - Connect-MSOnlineFromAccessToken\r\n - Get-AzureADAccessToken\r\n - Get-AzureADAdministrativeUnitAllMembers\r\n - Get-AzureADAdministrativeUnitCustom\r\n - Get-AzureADAdministrativeUnitHidden\r\n - Get-AzureADConnectCloudProvisionningServiceSyncDefaultSchema\r\n - Get-AzureADConnectCloudProvisionningServiceSyncSchema\r\n - Get-AzureADDynamicGroup\r\n - Get-AzureADGroupLicenseDetail\r\n - Get-AzureADGroupMembersWithLicenseErrors\r\n - Get-AzureADMyInfo\r\n - Get-AzureADObjectDeltaView\r\n - Get-AzureADServicePrincipalCustom\r\n - Get-AzureADTenantInfo\r\n - Get-AzureADUserCustom\r\n - Get-AzureADUserLicenseAssignmentStates\r\n - Invoke-APIMSGraphBeta\r\n - New-AzureADAdministrativeUnitCustom\r\n - New-AzureADDynamicGroup\r\n - New-AzureADObjectDeltaView\r\n - Remove-AzureADDynamicGroup\r\n - Set-AzureADAdministrativeUnitAdminRole\r\n - Set-AzureADDynamicGroup\r\n - Set-AzureADGroupLicense\r\n - Set-AzureADProxy\r\n - Sync-ADOUtoAzureADAdministrativeUnit\r\n - Sync-ADUsertoAzureADAdministrativeUnitMember\r\n - Test-ADModule\r\n - Test-AzureADAccessTokenExpiration\r\n - Test-AzureADAccesToken\r\n - Test-AzureADUserForGroupDynamicMembership\r\n - Update-AzureADConnectCloudProvisionningServiceSyncSchema\r\n - Watch-AzureADAccessToken\r\n - Get-AzureADUserAdministrativeUnitMemberOfCustom\r\n - Remove-AzureADAdministrativeUnitMemberCustom\r\n - Get-AzureADOrganizationCustom\r\n - Update-AzureADOrganizationCustom\r\n - Get-AzureADOnPremisesProvisionningErrors\r\n - Invoke-APIMSGraphBetaPaging\r\n - New-AzureADMSGroupCustom\r\n - Set-AzureADMSGroupCustom\r\n### alias\r\n- Get-AzureADUserAllInfo","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fms-luf%2Fuse-azuread","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fms-luf%2Fuse-azuread","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fms-luf%2Fuse-azuread/lists"}