Updated – 13/05/2019 – The tool is updated with additional parameters where you can add the new user to an existing Azure AD group.
In this article, we will show you how to create bulk users in Azure Active Directory with PowerShell.
Table of Contents
Introduction
Azure Active Directory (AAD) is Microsoft’s multi-tenant, cloud-based directory and identity management service. Azure AD combines core directory services, advanced identity governance, and application access management. Azure AD also offers a rich, standards-based platform that enables developers to deliver access control to their applications, based on centralized policy and rules.
Azure AD can be integrated with an existing Windows Server Active Directory by using Azure AD Connect, giving you the ability to leverage your existing AD infrastructure identity investments on-premises to manage access to cloud-based Software as a Service (SaaS) applications.
Creating a user in the Azure Active Directory is a very simple process. You can refer to the following guide to add and delete users in the Azure Active Directory using the Azure portal.
One of the most challenging tasks is when you have to create a large number of users in the Azure Active Directory. The portal is not an efficient way to accomplish this task.
Fortunately, Microsoft released the Azure Active Directory PowerShell module that will help to automate this process.
In this post, I will show you how to automate and import a list of users from a CSV file, and then create the corresponding accounts in Azure Active Directory.
Create Bulk Users in Azure Active Directory
The following code will import a list of users from a CSV File and then create the corresponding accounts in Azure Active Directory.
<#
//-----------------------------------------------------------------------
// Copyright (c) {https://charbelnemnom.com}. All rights reserved.
//-----------------------------------------------------------------------
.SYNOPSIS
Create Azure AD User Account.
.DESCRIPTION
Azure AD Bulk user creation and assign the new users to an Azure AD group.
.NOTES
File Name : Invoke-AzureADBulkUserCreation.ps1
Author : Charbel Nemnom
Version : 1.6
Date : 27-February-2018
Update : 08-May-2019
Requires : PowerShell Version 3.0 or above
Module : AzureAD Version 2.0.0.155 or above
Product : Azure Active Directory
.LINK
To provide feedback or for further assistance please visit:
{https://charbelnemnom.com}
.EXAMPLE-1
./Invoke-AzureADBulkUserCreation -FilePath <FilePath> -Credential <Username\Password> -Verbose
This example will import all users from a CSV File and then create the corresponding account in Azure Active Directory.
The user will be asked to change his password at first log on.
.EXAMPLE-2
./Invoke-AzureADBulkUserCreation -FilePath <FilePath> -Credential <Username\Password> -AadGroupName <AzureAD-GroupName> -Verbose
This example will import all users from a CSV File and then create the corresponding account in Azure Active Directory.
The user will be a member of the specified Azure AD Group Name.
The user will be asked to change his password at first log on.
#>
[CmdletBinding()]
Param(
[Parameter(Position = 0, Mandatory = $True, HelpMessage = 'Specify the path of the CSV file')]
[Alias('CSVFile')]
[string]$FilePath,
[Parameter(Position = 1, Mandatory = $false, HelpMessage = 'Specify Credentials')]
[Alias('Cred')]
[PSCredential]$Credential,
#MFA Account for Azure AD Account
[Parameter(Position = 2, Mandatory = $false, HelpMessage = 'Specify if account is MFA enabled')]
[Alias('2FA')]
[Switch]$MFA,
[Parameter(Position = 3, Mandatory = $false, HelpMessage = 'Specify Azure AD Group Name')]
[Alias('AADGN')]
[string]$AadGroupName
)
Function Install-AzureAD {
Set-PSRepository -Name PSGallery -Installation Trusted -Verbose:$false
Install-Module -Name AzureAD -AllowClobber -Verbose:$false
}
Try {
$CSVData = @(Import-CSV -Path $FilePath -ErrorAction Stop)
Write-Verbose "Successfully imported entries from $FilePath"
Write-Verbose "Total no. of entries in CSV are : $($CSVData.count)"
}
Catch {
Write-Verbose "Failed to read from the CSV file $FilePath Exiting!"
Break
}
Try {
Import-Module -Name AzureAD -ErrorAction Stop -Verbose:$false | Out-Null
}
Catch {
Write-Verbose "Azure AD PowerShell Module not found..."
Write-Verbose "Installing Azure AD PowerShell Module..."
Install-AzureAD
}
Try {
Write-Verbose "Connecting to Azure AD..."
if ($MFA) {
Connect-AzureAD -ErrorAction Stop | Out-Null
}
Else {
Connect-AzureAD -Credential $Credential -ErrorAction Stop | Out-Null
}
}
Catch {
Write-Verbose "Cannot connect to Azure AD. Please check your credentials. Exiting!"
Break
}
Foreach ($Entry in $CSVData) {
# Verify that mandatory properties are defined for each object
$DisplayName = $Entry.DisplayName
$MailNickName = $Entry.MailNickName
$UserPrincipalName = $Entry.UserPrincipalName
$Password = $Entry.PasswordProfile
If (!$DisplayName) {
Write-Warning '$DisplayName is not provided. Continue to the next record'
Continue
}
If (!$MailNickName) {
Write-Warning '$MailNickName is not provided. Continue to the next record'
Continue
}
If (!$UserPrincipalName) {
Write-Warning '$UserPrincipalName is not provided. Continue to the next record'
Continue
}
If (!$Password) {
Write-Warning "Password is not provided for $DisplayName in the CSV file!"
$Password = Read-Host -Prompt "Enter desired Password" -AsSecureString
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)
$Password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$PasswordProfile.Password = $Password
$PasswordProfile.EnforceChangePasswordPolicy = 1
$PasswordProfile.ForceChangePasswordNextLogin = 1
}
Else {
$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$PasswordProfile.Password = $Password
$PasswordProfile.EnforceChangePasswordPolicy = 1
$PasswordProfile.ForceChangePasswordNextLogin = 1
}
Try {
New-AzureADUser -DisplayName $DisplayName `
-AccountEnabled $true `
-MailNickName $MailNickName `
-UserPrincipalName $UserPrincipalName `
-PasswordProfile $PasswordProfile `
-City $Entry.City `
-Country $Entry.Country `
-Department $Entry.Department `
-JobTitle $Entry.JobTitle `
-Mobile $Entry.Mobile | Out-Null
Write-Verbose "$DisplayName : AAD Account is created successfully!"
If ($AadGroupName) {
Try {
$AadGroupID = Get-AzureADGroup -SearchString "$AadGroupName"
}
Catch {
Write-Error "$AadGroupName : does not exist. $_"
Break
}
$ADuser = Get-AzureADUser -ObjectId "$UserPrincipalName"
Add-AzureADGroupMember -ObjectId $AadGroupID.ObjectID -RefObjectId $ADuser.ObjectID
Write-Verbose "Assigning the user $DisplayName to Azure AD Group $AadGroupName"
}
}
Catch {
Write-Error "$DisplayName : Error occurred while creating Azure AD Account. $_"
}
}
How to use this tool?
You can run this tool using a single line of PowerShell as follows:
If the Azure AD PowerShell module is not present on your system, then the module will be installed automatically, and the users will be created in Azure AD.
If the user password is not defined in the CSV file, you will be asked to type a random password in a secure format.
This tool will also force the user to change the password at the next login.
Here is the view in the Azure portal after running this tool.
Where can I download this script?
This script is available on my GitHub repository. You can download it from here. If you have any feedback or changes that everyone should receive, please feel free to leave a comment, update the source and create a pull request.
Hope this helps!
Cheers,
-Charbel
Will this become obsolete with the deprecation of certain Azure modules at the end of this end?
If yes, are there plans to update it for newer APIs?
It has been such a useful script for me and I am such a newbie in Powershell, that I dread to have to actually let it go.
Great job!
Hello Flávio, thanks for the comment and feedback!
I am happy to hear that the script was useful to you.
Yes, I am planning to update it for newer APIs. Stay Tuned!
Thanks,