Updated – 13/03/2019 – The tool is updated with an additional parameter to which you can add a new user to an existing Azure AD group.

Azure Active Directory (AAD) is a Microsoft tenant, cloud-based directory, and identity management service. Azure AD combines directory services, advanced identity management, and application access control. Azure AD also provides a rich, standards-based platform that allows developers to provide access control for their applications based on centralized policy and rules.

Azure AD can be integrated into an existing Windows Server Active Directory using Azure AD Connect, which allows you to leverage your existing AD infrastructure identity investments on-site access to cloud-based Software as a Service (SaaS) applications.

Creating a user in Azure Active Directory is a very simple process. You can refer to the following guide add and remove users from Azure Active Directory using Azure portal.

One of the most challenging tasks is when you have to create a large number of users in Azure Active Directory. A portal is not an effective way to accomplish this task.

Fortunately, Microsoft released Azure Active Directory PowerShell module which helps to automate this process.

In this message, I will show you how to automate and import a list of users from a CSV file and then create the corresponding accounts in Azure Active Directory.

The following code import the list of users from the CSV file and then create the corresponding accounts in Azure Active Directory.

<#
//-----------------------------------------------------------------------

//     Copyright (c) {https://charbelnemnom.com}. All rights reserved.

//-----------------------------------------------------------------------

.SYNOPSIS
Create Azure AD User Account.

.DESCRIPTION
Azure AD Bulk user creation and assign the new users to an Azure AD group.

.NOTES
File Name : Invoke-AzureADBulkUserCreation.ps1
Author    : Charbel Nemnom
Version   : 1.6
Date      : 27-February-2018
Update    : 08-May-2019
Requires  : PowerShell Version 3.0 or above
Module    : AzureAD Version 2.0.0.155 or above
Product   : Azure Active Directory

.LINK
To provide feedback or for further assistance please visit:
Cover Page
.EXAMPLE-1 ./Invoke-AzureADBulkUserCreation -FilePath <FilePath> -Credential <UsernamePassword> -Verbose This example will import all users from a CSV File and then create the corresponding account in Azure Active Directory. The user will be asked to change his password at first log on. .EXAMPLE-2 ./Invoke-AzureADBulkUserCreation -FilePath <FilePath> -Credential <UsernamePassword> -AadGroupName <AzureAD-GroupName> -Verbose This example will import all users from a CSV File and then create the corresponding account in Azure Active Directory. The user will be a member of the specified Azure AD Group Name. The user will be asked to change his password at first log on. #> [CmdletBinding()] Param( [Parameter(Position = 0, Mandatory = $True, HelpMessage = 'Specify the path of the CSV file')] [Alias('CSVFile')] [string]$FilePath, [Parameter(Position = 1, Mandatory = $false, HelpMessage = 'Specify Credentials')] [Alias('Cred')] [PSCredential]$Credential, #MFA Account for Azure AD Account [Parameter(Position = 2, Mandatory = $false, HelpMessage = 'Specify if account is MFA enabled')] [Alias('2FA')] [Switch]$MFA, [Parameter(Position = 3, Mandatory = $false, HelpMessage = 'Specify Azure AD Group Name')] [Alias('AADGN')] [string]$AadGroupName ) Function Install-AzureAD { Set-PSRepository -Name PSGallery -Installation Trusted -Verbose:$false Install-Module -Name AzureAD -AllowClobber -Verbose:$false } Try { $CSVData = @(Import-CSV -Path $FilePath -ErrorAction Stop) Write-Verbose "Successfully imported entries from $FilePath" Write-Verbose "Total no. of entries in CSV are : $($CSVData.count)" } Catch { Write-Verbose "Failed to read from the CSV file $FilePath Exiting!" Break } Try { Import-Module -Name AzureAD -ErrorAction Stop -Verbose:$false | Out-Null } Catch { Write-Verbose "Azure AD PowerShell Module not found..." Write-Verbose "Installing Azure AD PowerShell Module..." Install-AzureAD } Try { Write-Verbose "Connecting to Azure AD..." if ($MFA) { Connect-AzureAD -ErrorAction Stop | Out-Null } Else { Connect-AzureAD -Credential $Credential -ErrorAction Stop | Out-Null } } Catch { Write-Verbose "Cannot connect to Azure AD. Please check your credentials. Exiting!" Break } Foreach ($Entry in $CSVData) { # Verify that mandatory properties are defined for each object $DisplayName = $Entry.DisplayName $MailNickName = $Entry.MailNickName $UserPrincipalName = $Entry.UserPrincipalName $Password = $Entry.PasswordProfile If (!$DisplayName) { Write-Warning '$DisplayName is not provided. Continue to the next record' Continue } If (!$MailNickName) { Write-Warning '$MailNickName is not provided. Continue to the next record' Continue } If (!$UserPrincipalName) { Write-Warning '$UserPrincipalName is not provided. Continue to the next record' Continue } If (!$Password) { Write-Warning "Password is not provided for $DisplayName in the CSV file!" $Password = Read-Host -Prompt "Enter desired Password" -AsSecureString $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password) $Password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR) $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = $Password $PasswordProfile.EnforceChangePasswordPolicy = 1 $PasswordProfile.ForceChangePasswordNextLogin = 1 } Else { $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = $Password $PasswordProfile.EnforceChangePasswordPolicy = 1 $PasswordProfile.ForceChangePasswordNextLogin = 1 } Try { New-AzureADUser -DisplayName $DisplayName ` -AccountEnabled $true ` -MailNickName $MailNickName ` -UserPrincipalName $UserPrincipalName ` -PasswordProfile $PasswordProfile ` -City $Entry.City ` -Country $Entry.Country ` -Department $Entry.Department ` -JobTitle $Entry.JobTitle ` -Mobile $Entry.Mobile | Out-Null Write-Verbose "$DisplayName : AAD Account is created successfully!" If ($AadGroupName) { Try { $AadGroupID = Get-AzureADGroup -SearchString "$AadGroupName" } Catch { Write-Error "$AadGroupName : does not exist. $_" Break } $ADuser = Get-AzureADUser -ObjectId "$UserPrincipalName" Add-AzureADGroupMember -ObjectId $AadGroupID.ObjectID -RefObjectId $ADuser.ObjectID Write-Verbose "Assigning the user $DisplayName to Azure AD Group $AadGroupName" } } Catch { Write-Error "$DisplayName : Error occurred while creating Azure AD Account. $_" } }

To use this tool on a single line of PowerShell, follow these steps:

If the Azure AD PowerShell module is not on your system, the module will be installed automatically and users will be created in Azure AD.

Creating Bulk Users in Azure Active Directory with PowerShell #AzureAD #PowerShell #AAD 2

If the user’s password is not specified in the CSV file, you will be prompted to enter a random password in a secure format.

Creating Bulk Users in Azure Active Directory with PowerShell #AzureAD #PowerShell #AAD 3

This tool also forces the user to change the password the next time they log on.

Creating Bulk Users in Azure Active Directory with PowerShell #AzureAD #PowerShell #AAD 4

Here is a view of the Azure portal after running this tool.

Creating Bulk Users in Azure Active Directory with PowerShell #AzureAD #PowerShell #AAD 5

This script is available in my GitHub repository. You can download it from here. If you have feedback or changes that everyone should get, leave a comment, update the source, and create a bet request.

Hopefully this will help!

Cheers,
– Charbel

LEAVE A REPLY

Please enter your comment!
Please enter your name here