New-AzureADUser
Creates an Azure AD user.
Syntax
New-AzureADUser
[-ExtensionProperty <System.Collections.Generic.Dictionary`2[System.String,System.String]>]
-AccountEnabled <Boolean>
[-AgeGroup <String>]
[-City <String>]
[-CompanyName <String>]
[-ConsentProvidedForMinor <String>]
[-Country <String>]
[-CreationType <String>]
[-Department <String>]
-DisplayName <String>
[-FacsimileTelephoneNumber <String>]
[-GivenName <String>]
[-IsCompromised <Boolean>]
[-ImmutableId <String>]
[-JobTitle <String>]
[-MailNickName <String>]
[-Mobile <String>]
[-OtherMails <System.Collections.Generic.List`1[System.String]>]
[-PasswordPolicies <String>]
-PasswordProfile <PasswordProfile>
[-PhysicalDeliveryOfficeName <String>]
[-PostalCode <String>]
[-PreferredLanguage <String>]
[-ShowInAddressList <Boolean>]
[-SignInNames <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.SignInName]>]
[-State <String>]
[-StreetAddress <String>]
[-Surname <String>]
[-TelephoneNumber <String>]
[-UsageLocation <String>]
[-UserPrincipalName <String>]
[-UserState <String>]
[-UserStateChangedOn <String>]
[-UserType <String>]
[<CommonParameters>]
Description
The New-AzureADUser cmdlet creates a user in Azure Active Directory (Azure AD).
Examples
Example 1: Create a user
$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$PasswordProfile.Password = "<Password>"
New-AzureADUser -DisplayName "New User" -PasswordProfile $PasswordProfile -UserPrincipalName "[email protected]" -AccountEnabled $true -MailNickName "Newuser"
ObjectId DisplayName UserPrincipalName UserType
-------- ----------- ----------------- --------
5e8b0f4d-2cd4-4e17-9467-b0f6a5c0c4d0 New user [email protected] Member
This command creates a new user.
Parameters
-AccountEnabled
Indicates whether the user's account is enabled.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-AgeGroup
This specifies the user's age group.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-City
Specifies the user's city.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-CompanyName
This specifies the user's company name.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ConsentProvidedForMinor
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Country
Specifies the user's country or region.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-CreationType
Indicates whether the user account is a local account for an Azure Active Directory B2C tenant.
Possible values are LocalAccount
and null
.
When creating a local account, the property is required and you must set it to LocalAccount
.
When creating a work or school account, do not specify the property or set it to null
.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Department
Specifies the user's department.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DisplayName
Specifies the user's display name.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ExtensionProperty
Type: | Dictionary<TKey,TValue>[System.String,System.String] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-FacsimileTelephoneNumber
This specifies the user's telephone number.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-GivenName
Specifies the user's given name.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ImmutableId
This property is used to associate an on-premises Active Directory user account to their Azure AD user object. This property must be specified when creating a new user account in the Graph if you are using a federated domain for the user's userPrincipalName (UPN) property.
Important: The $
and _
characters cannot be used when specifying this property.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IsCompromised
Indicates whether this user is compromised.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-JobTitle
Specifies the user's job title.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-MailNickName
Specifies the user's mail nickname.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Mobile
Specifies the user's mobile phone number.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-OtherMails
A list of additional email addresses for the user. For example, [email protected]
, [email protected]
.
Type: | List<T>[String] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PasswordPolicies
Specifies password policies for the user.
This value is an enumeration with one possible value being DisableStrongPassword
, which allows weaker passwords than the default policy to be specified.
DisablePasswordExpiration
can also be specified.
The two may be specified together; for example: "DisablePasswordExpiration, DisableStrongPassword".
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PasswordProfile
Specifies the user's password profile.
Note that the parameter type for this parameter is PasswordProfile
.
In order to pass a parameter of this type, you first need to;
- create a variable in PowerShell with that type:
$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
- Set the value of the password in this variable:
$PasswordProfile.Password = "\<Password\>"
- Finally pass this variable to the cmdlet:
New-AzureADUser -PasswordProfile $PasswordProfile ...
Other attributes that can be set in the PasswordProfile are:
$PasswordProfile.EnforceChangePasswordPolicy
- a boolean indicating that the change password policy is enabled or disabled for this user.$PasswordProfile.ForceChangePasswordNextLogin
- a boolean indicating that the user must change the password at the next sign in.
Type: | PasswordProfile |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PhysicalDeliveryOfficeName
Specifies the user's physical delivery office name.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PostalCode
Specifies the user's postal code.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PreferredLanguage
Specifies the user's preferred language.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ShowInAddressList
If True, show this user in the address list.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SignInNames
Specifies the collection of sign-in names for a local account in an Azure Active Directory B2C tenant.
Each sign-in name must be unique across the company/tenant. The property must be specified when you create a local account user. Do not specify it when you create a work or school account.
Type: | List<T>[Microsoft.Open.AzureAD.Model.SignInName] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-State
Specifies the user's state.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-StreetAddress
Specifies the user's street address.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Surname
Specifies the user's surname.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-TelephoneNumber
Specifies a telephone number.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-UsageLocation
A two letter country or region code (ISO standard 3166).
It's required for users that will be assigned licenses due to legal requirements to check for availability of services in countries and regions.
Examples include: US
, JP
, and GB
.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-UserPrincipalName
Specifies the user's principal name (UPN).
The UPN is an Internet-style login name for the user based on the Internet standard RFC 822.
By convention, this should map to the user's email name.
The general format is alias@domain
.
For work or school accounts, the domain must be present in the tenant's collection of verified domains. This property is required when a work or school account is created; it is optional for local accounts.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-UserState
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-UserStateChangedOn
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-UserType
A string value that can be used to classify user types in your directory, such as "Member" and "Guest".
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Notes
See the migration guide for New-AzureADUser to the Microsoft Graph PowerShell.