How To Create Bulk Users in Azure Active Directory with PowerShell #AzureAD #PowerShell #AAD

4 Min. Read

Updated – 13/05/2019 – Tool is updated with additional parameters where you can add the new user to an existing Azure AD group.

Introduction

Azure Active Directory (AAD) is Microsoft’s multi-tenant, cloud-based directory and identity management service. Azure AD combines core directory services, advanced identity governance, and application access management. Azure AD also offers a rich, standards-based platform that enables developers to deliver access control to their applications, based on centralized policy and rules.

Azure AD can be integrated with an existing Windows Server Active Directory by using Azure AD Connect, giving you the ability to leverage your existing AD infrastructure identity investments on-premises to manage access to cloud-based Software as a Service (SaaS) applications.

Creating a user in the Azure Active Directory is a very simple process. You can refer to the following guide to add and delete users in the Azure Active Directory using the Azure portal.

One of the most challenging tasks is when you have to create a large number of users in the Azure Active Directory. The portal is not an efficient way to accomplish this task.

Fortunately, Microsoft released the Azure Active Directory PowerShell module that will help to automate this process.

In this post, I will show you how to automate and import a list of users from a CSV file, and then create the corresponding accounts in Azure Active Directory.

Create Bulk Users in Azure Active Directory

The following code will import a list of users from a CSV File and then create the corresponding accounts in Azure Active Directory.

<#
//-----------------------------------------------------------------------

//     Copyright (c) {https://charbelnemnom.com}. All rights reserved.

//-----------------------------------------------------------------------

.SYNOPSIS
Create Azure AD User Account.

.DESCRIPTION
Azure AD Bulk user creation and assign the new users to an Azure AD group.

.NOTES
File Name : Invoke-AzureADBulkUserCreation.ps1
Author    : Charbel Nemnom
Version   : 1.6
Date      : 27-February-2018
Update    : 08-May-2019
Requires  : PowerShell Version 3.0 or above
Module    : AzureAD Version 2.0.0.155 or above
Product   : Azure Active Directory

.LINK
To provide feedback or for further assistance please visit:
{https://charbelnemnom.com}

.EXAMPLE-1
./Invoke-AzureADBulkUserCreation -FilePath <FilePath> -Credential <Username\Password> -Verbose
This example will import all users from a CSV File and then create the corresponding account in Azure Active Directory.
The user will be asked to change his password at first log on.

.EXAMPLE-2
./Invoke-AzureADBulkUserCreation -FilePath <FilePath> -Credential <Username\Password> -AadGroupName <AzureAD-GroupName> -Verbose
This example will import all users from a CSV File and then create the corresponding account in Azure Active Directory.
The user will be a member of the specified Azure AD Group Name.
The user will be asked to change his password at first log on.
#>

[CmdletBinding()]
Param(
    [Parameter(Position = 0, Mandatory = $True, HelpMessage = 'Specify the path of the CSV file')]
    [Alias('CSVFile')]
    [string]$FilePath,
    [Parameter(Position = 1, Mandatory = $false, HelpMessage = 'Specify Credentials')]
    [Alias('Cred')]
    [PSCredential]$Credential,
    #MFA Account for Azure AD Account
    [Parameter(Position = 2, Mandatory = $false, HelpMessage = 'Specify if account is MFA enabled')]
    [Alias('2FA')]
    [Switch]$MFA,
    [Parameter(Position = 3, Mandatory = $false, HelpMessage = 'Specify Azure AD Group Name')]
    [Alias('AADGN')]
    [string]$AadGroupName
)
Function Install-AzureAD {
    Set-PSRepository -Name PSGallery -Installation Trusted -Verbose:$false
    Install-Module -Name AzureAD -AllowClobber -Verbose:$false
}

Try {
    $CSVData = @(Import-CSV -Path $FilePath -ErrorAction Stop)
    Write-Verbose "Successfully imported entries from $FilePath"
    Write-Verbose "Total no. of entries in CSV are : $($CSVData.count)"
} 
Catch {
    Write-Verbose "Failed to read from the CSV file $FilePath Exiting!"
    Break
}

Try {
    Import-Module -Name AzureAD -ErrorAction Stop -Verbose:$false | Out-Null
}
Catch {
    Write-Verbose "Azure AD PowerShell Module not found..."
    Write-Verbose "Installing Azure AD PowerShell Module..."
    Install-AzureAD
}

Try {
    Write-Verbose "Connecting to Azure AD..."
    if ($MFA) {
        Connect-AzureAD -ErrorAction Stop | Out-Null
    }
    Else {
        Connect-AzureAD -Credential $Credential -ErrorAction Stop | Out-Null
    }
}
Catch {
    Write-Verbose "Cannot connect to Azure AD. Please check your credentials. Exiting!"
    Break
}

Foreach ($Entry in $CSVData) {
    # Verify that mandatory properties are defined for each object
    $DisplayName = $Entry.DisplayName
    $MailNickName = $Entry.MailNickName
    $UserPrincipalName = $Entry.UserPrincipalName
    $Password = $Entry.PasswordProfile
    
    If (!$DisplayName) {
        Write-Warning '$DisplayName is not provided. Continue to the next record'
        Continue
    }

    If (!$MailNickName) {
        Write-Warning '$MailNickName is not provided. Continue to the next record'
        Continue
    }

    If (!$UserPrincipalName) {
        Write-Warning '$UserPrincipalName is not provided. Continue to the next record'
        Continue
    }

    If (!$Password) {
        Write-Warning "Password is not provided for $DisplayName in the CSV file!"
        $Password = Read-Host -Prompt "Enter desired Password" -AsSecureString
        $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)
        $Password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
        $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
        $PasswordProfile.Password = $Password
        $PasswordProfile.EnforceChangePasswordPolicy = 1
        $PasswordProfile.ForceChangePasswordNextLogin = 1
    }
    Else {
        $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
        $PasswordProfile.Password = $Password
        $PasswordProfile.EnforceChangePasswordPolicy = 1
        $PasswordProfile.ForceChangePasswordNextLogin = 1
    }   
    
    Try {    
        New-AzureADUser -DisplayName $DisplayName `
            -AccountEnabled $true `
            -MailNickName $MailNickName `
            -UserPrincipalName $UserPrincipalName `
            -PasswordProfile $PasswordProfile `
            -City $Entry.City `
            -Country $Entry.Country `
            -Department $Entry.Department `
            -JobTitle $Entry.JobTitle `
            -Mobile $Entry.Mobile | Out-Null
        Write-Verbose "$DisplayName : AAD Account is created successfully!"     
        If ($AadGroupName) {
            Try {   
                $AadGroupID = Get-AzureADGroup -SearchString "$AadGroupName"
            }
            Catch {
                Write-Error "$AadGroupName : does not exist. $_"
                Break
            }
        $ADuser = Get-AzureADUser -ObjectId "$UserPrincipalName"
        Add-AzureADGroupMember -ObjectId $AadGroupID.ObjectID -RefObjectId $ADuser.ObjectID 
        Write-Verbose "Assigning the user $DisplayName to Azure AD Group $AadGroupName"    
        }         
    } 
    Catch {
        Write-Error "$DisplayName : Error occurred while creating Azure AD Account. $_"
    }
}

How to use this tool?

You can run this tool using a single line of PowerShell as follows:

How To Create Bulk Users in Azure Active Directory with PowerShell #AzureAD #PowerShell #AAD 2

If the Azure AD PowerShell module is not present on your system, then the module will be installed automatically, and the users will be created in Azure AD.

How To Create Bulk Users in Azure Active Directory with PowerShell #AzureAD #PowerShell #AAD 3

If the user password is not defined in the CSV file, you will be asked to type a random password in a secure format. 

How To Create Bulk Users in Azure Active Directory with PowerShell #AzureAD #PowerShell #AAD 4

This tool will also force the user to change the password at the next login.

How To Create Bulk Users in Azure Active Directory with PowerShell #AzureAD #PowerShell #AAD 5

Here is the view in the Azure portal after running this tool.

How To Create Bulk Users in Azure Active Directory with PowerShell #AzureAD #PowerShell #AAD 6

Where can I download this script?

This script is available on my GitHub repository. You can download it from here. If you have any feedback or changes that everyone should receive, please feel free to leave a comment, update the source and create a pull request.

Hope this helps!

Cheers,
-Charbel

Related Posts

Previous

It’s Time to Take Off To The Microsoft MVP Global Summit 2018 #MVP #MVPSummit #MVPbuzz

Technical Reviewer: Hands-On Networking with Azure @PacktPub @_MWaly #Microsoft #Azure

Next

Let me know what you think, or ask a question...

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to Stay in Touch

Never miss out on your favorite posts and our latest announcements!

The content of this website is copyrighted from being plagiarized!

You can copy from the 'Code Blocks' in 'Black' by selecting the Code.

Please send your feedback to the author using this form for any 'Code' you like.

Thank you for visiting!