New-AzureADUser

Creates an Azure AD user.

Syntax

New-AzureADUser
   [-ExtensionProperty <System.Collections.Generic.Dictionary`2[System.String,System.String]>]
   -AccountEnabled <Boolean>
   [-AgeGroup <String>]
   [-City <String>]
   [-CompanyName <String>]
   [-ConsentProvidedForMinor <String>]
   [-Country <String>]
   [-CreationType <String>]
   [-Department <String>]
   -DisplayName <String>
   [-FacsimileTelephoneNumber <String>]
   [-GivenName <String>]
   [-IsCompromised <Boolean>]
   [-ImmutableId <String>]
   [-JobTitle <String>]
   [-MailNickName <String>]
   [-Mobile <String>]
   [-OtherMails <System.Collections.Generic.List`1[System.String]>]
   [-PasswordPolicies <String>]
   -PasswordProfile <PasswordProfile>
   [-PhysicalDeliveryOfficeName <String>]
   [-PostalCode <String>]
   [-PreferredLanguage <String>]
   [-ShowInAddressList <Boolean>]
   [-SignInNames <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.SignInName]>]
   [-State <String>]
   [-StreetAddress <String>]
   [-Surname <String>]
   [-TelephoneNumber <String>]
   [-UsageLocation <String>]
   [-UserPrincipalName <String>]
   [-UserState <String>]
   [-UserStateChangedOn <String>]
   [-UserType <String>]
   [<CommonParameters>]

Description

The New-AzureADUser cmdlet creates a user in Azure Active Directory (Azure AD).

Examples

Example 1: Create a user

$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$PasswordProfile.Password = "<Password>"
New-AzureADUser -DisplayName "New User" -PasswordProfile $PasswordProfile -UserPrincipalName "[email protected]" -AccountEnabled $true -MailNickName "Newuser"

ObjectId                             DisplayName UserPrincipalName               UserType
--------                             ----------- -----------------               --------
5e8b0f4d-2cd4-4e17-9467-b0f6a5c0c4d0 New user    [email protected]             Member

This command creates a new user.

Parameters

-AccountEnabled

Indicates whether the user's account is enabled.

Type:Boolean
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-AgeGroup

This specifies the user's age group.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-City

Specifies the user's city.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CompanyName

This specifies the user's company name.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ConsentProvidedForMinor

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Country

Specifies the user's country or region.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CreationType

Indicates whether the user account is a local account for an Azure Active Directory B2C tenant.

Possible values are LocalAccount and null. When creating a local account, the property is required and you must set it to LocalAccount. When creating a work or school account, do not specify the property or set it to null.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Department

Specifies the user's department.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisplayName

Specifies the user's display name.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ExtensionProperty

Type:Dictionary<TKey,TValue>[System.String,System.String]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-FacsimileTelephoneNumber

This specifies the user's telephone number.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-GivenName

Specifies the user's given name.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ImmutableId

This property is used to associate an on-premises Active Directory user account to their Azure AD user object. This property must be specified when creating a new user account in the Graph if you are using a federated domain for the user's userPrincipalName (UPN) property.

Important: The $ and _ characters cannot be used when specifying this property.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IsCompromised

Indicates whether this user is compromised.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-JobTitle

Specifies the user's job title.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MailNickName

Specifies the user's mail nickname.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Mobile

Specifies the user's mobile phone number.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-OtherMails

A list of additional email addresses for the user. For example, [email protected], [email protected].

Type:List<T>[String]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PasswordPolicies

Specifies password policies for the user.

This value is an enumeration with one possible value being DisableStrongPassword, which allows weaker passwords than the default policy to be specified. DisablePasswordExpiration can also be specified. The two may be specified together; for example: "DisablePasswordExpiration, DisableStrongPassword".

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PasswordProfile

Specifies the user's password profile. Note that the parameter type for this parameter is PasswordProfile. In order to pass a parameter of this type, you first need to;

  1. create a variable in PowerShell with that type:

$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile

  1. Set the value of the password in this variable:

$PasswordProfile.Password = "\<Password\>"

  1. Finally pass this variable to the cmdlet:

New-AzureADUser -PasswordProfile $PasswordProfile ...

Other attributes that can be set in the PasswordProfile are:

  • $PasswordProfile.EnforceChangePasswordPolicy - a boolean indicating that the change password policy is enabled or disabled for this user.
  • $PasswordProfile.ForceChangePasswordNextLogin - a boolean indicating that the user must change the password at the next sign in.
Type:PasswordProfile
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-PhysicalDeliveryOfficeName

Specifies the user's physical delivery office name.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PostalCode

Specifies the user's postal code.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PreferredLanguage

Specifies the user's preferred language.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ShowInAddressList

If True, show this user in the address list.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SignInNames

Specifies the collection of sign-in names for a local account in an Azure Active Directory B2C tenant.

Each sign-in name must be unique across the company/tenant. The property must be specified when you create a local account user. Do not specify it when you create a work or school account.

Type:List<T>[Microsoft.Open.AzureAD.Model.SignInName]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-State

Specifies the user's state.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-StreetAddress

Specifies the user's street address.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Surname

Specifies the user's surname.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-TelephoneNumber

Specifies a telephone number.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-UsageLocation

A two letter country or region code (ISO standard 3166).

It's required for users that will be assigned licenses due to legal requirements to check for availability of services in countries and regions. Examples include: US, JP, and GB.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-UserPrincipalName

Specifies the user's principal name (UPN).

The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain.

For work or school accounts, the domain must be present in the tenant's collection of verified domains. This property is required when a work or school account is created; it is optional for local accounts.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-UserState

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-UserStateChangedOn

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-UserType

A string value that can be used to classify user types in your directory, such as "Member" and "Guest".

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Notes

See the migration guide for New-AzureADUser to the Microsoft Graph PowerShell.