Azure Active Directory is Microsoft’s cloud-based identity management service that provides centralized authentication and access control for cloud-based applications and services. It enables administrators to manage user identities and access for their organization’s cloud-based applications and services from a single portal. In this tutorial, we will walk through the process of setting up Azure Active Directory and utilizing it for user management.
Prerequisites
Before we begin the tutorial, make sure you have the following:
- An Azure subscription
- A Windows or macOS operating system with PowerShell installed
- A basic understanding of Azure and PowerShell
Set Up Azure Active Directory
The first step in utilizing Azure Active Directory for user management is to set up an Azure AD tenant. An Azure AD tenant is a dedicated instance of the Azure Active Directory service that is created for your organization. Follow the steps below to set up an Azure AD tenant:
- Login to the Azure Portal (https://portal.azure.com/).
- Click “Create a resource” in the left-hand menu.
- Search for “Azure Active Directory” and select it from the search results.
- Click “Create” on the Azure Active Directory page.
- Enter a name for the Azure AD tenant. This name should be unique across all Azure AD tenants.
- Select the country or region where the tenant will be located.
- Select the default domain name to use for the tenant (e.g. contoso.onmicrosoft.com). This domain name can be changed later.
- Click “Create.”
Once you have created an Azure AD tenant, you can start adding users and groups to the tenant.
Adding Users to Azure Active Directory
There are several ways to add users to an Azure AD tenant, including manual creation, Azure AD Connect, and PowerShell. In this tutorial, we will focus on using PowerShell to add users to an Azure AD tenant.
Before we begin adding users, we need to make sure we have the Azure AD PowerShell module installed. Follow the steps below to install the module:
- Launch PowerShell as an administrator.
- Run the command
Install-Module AzureAD
.
Once the module is installed, we can start adding users to the Azure AD tenant. Follow the steps below to add a user:
- Launch PowerShell as an administrator.
- Connect to your Azure AD tenant by running the command
Connect-AzureAD
. You will be prompted to enter your Azure AD credentials. - Run the command
New-AzureADUser
to create a new user. This command requires several parameters, includingDisplayName
,Password
,UserPrincipalName
, andMailNickname
. For example, the following command would create a new user with the display name “John Smith,” a password of “P@ssw0rd,” a user principal name of “[email protected],” and a mail nickname of “john.smith”:
New-AzureADUser -DisplayName "John Smith" -Password "P@ssw0rd" -UserPrincipalName "[email protected]" -MailNickname "john.smith"
- Once the command has finished executing, the new user will be added to the Azure AD tenant.
Adding Groups to Azure Active Directory
Groups are used to organize users and assign permissions and access control for applications and services. Adding groups to an Azure AD tenant is similar to adding users. Follow the steps below to add a group:
- Launch PowerShell as an administrator.
- Connect to your Azure AD tenant by running the command
Connect-AzureAD
. - Run the command
New-AzureADGroup
to create a new group. This command requires several parameters, includingDisplayName
,MailNickname
, andSecurityEnabled
. For example, the following command would create a new security-enabled group with the display name “Sales” and mail nickname “sales”:
New-AzureADGroup -DisplayName "Sales" -MailNickname "sales" -SecurityEnabled $true
- Once the command has finished executing, the new group will be added to the Azure AD tenant.
Assigning Users to Groups
Once users and groups have been added to an Azure AD tenant, we can start assigning users to groups. Follow the steps below to assign a user to a group:
- Launch PowerShell as an administrator.
- Connect to your Azure AD tenant by running the command
Connect-AzureAD
. - Retrieve the user and group objects by running the commands
Get-AzureADUser
andGet-AzureADGroup
, respectively. For example, to retrieve the user with the user principal name “[email protected]” and the group with the display name “Sales,” you would run the following commands:
$user = Get-AzureADUser -Filter "UserPrincipalName eq '[email protected]'"
$group = Get-AzureADGroup -Filter "DisplayName eq 'Sales'"
- Assign the user to the group by running the command
Add-AzureADGroupMember
. For example, to assign the user to the “Sales” group, you would run the following command:
Add-AzureADGroupMember -ObjectId $group.ObjectId -RefObjectId $user.ObjectId
- Once the command has finished executing, the user will be assigned to the group.
Conclusion
In this tutorial, we have walked through the process of setting up an Azure Active Directory tenant and utilizing it for user management. We have covered the basics of adding users and groups to the tenant, as well as assigning users to groups. Azure Active Directory is a powerful service that enables organizations to centralize their identity management for cloud-based applications and services. With Azure AD, administrators can easily manage user identities and access control from a single portal, making it an essential tool for any organization that relies on cloud-based services.