Azure Active Directory is Microsoft’s cloud-based identity management service that provides centralized authentication and access control for cloud-based applications and services. It enables administrators to manage user identities and access for their organization’s cloud-based applications and services from a single portal. In this tutorial, we will walk through the process of setting up Azure Active Directory and utilizing it for user management.<\/p>\n
<\/ins><\/p>\n Before we begin the tutorial, make sure you have the following:<\/p>\n The first step in utilizing Azure Active Directory for user management is to set up an Azure AD tenant. An Azure AD tenant is a dedicated instance of the Azure Active Directory service that is created for your organization. Follow the steps below to set up an Azure AD tenant:<\/p>\n Once you have created an Azure AD tenant, you can start adding users and groups to the tenant.<\/p>\n There are several ways to add users to an Azure AD tenant, including manual creation, Azure AD Connect, and PowerShell. In this tutorial, we will focus on using PowerShell to add users to an Azure AD tenant.<\/p>\n Before we begin adding users, we need to make sure we have the Azure AD PowerShell module installed. Follow the steps below to install the module:<\/p>\n Once the module is installed, we can start adding users to the Azure AD tenant. Follow the steps below to add a user:<\/p>\n Groups are used to organize users and assign permissions and access control for applications and services. Adding groups to an Azure AD tenant is similar to adding users. Follow the steps below to add a group:<\/p>\n Once users and groups have been added to an Azure AD tenant, we can start assigning users to groups. Follow the steps below to assign a user to a group:<\/p>\nPrerequisites<\/h2>\n
\n
Set Up Azure Active Directory<\/h2>\n
\n
Adding Users to Azure Active Directory<\/h2>\n
\n
Install-Module AzureAD<\/code>.<\/li>\n<\/ol>\n\n
Connect-AzureAD<\/code>. You will be prompted to enter your Azure AD credentials.<\/li>\nNew-AzureADUser<\/code> to create a new user. This command requires several parameters, including DisplayName<\/code>, Password<\/code>, UserPrincipalName<\/code>, and MailNickname<\/code>. For example, the following command would create a new user with the display name “John Smith,” a password of “P@ssw0rd,” a user principal name of “john.smith@contoso.onmicrosoft.com,” and a mail nickname of “john.smith”:<\/li>\n<\/ol>\nNew-AzureADUser -DisplayName \"John Smith\" -Password \"P@ssw0rd\" -UserPrincipalName \"john.smith@contoso.onmicrosoft.com\" -MailNickname \"john.smith\"\n<\/code><\/pre>\n\n
Adding Groups to Azure Active Directory<\/h2>\n
\n
Connect-AzureAD<\/code>.<\/li>\nNew-AzureADGroup<\/code> to create a new group. This command requires several parameters, including DisplayName<\/code>, MailNickname<\/code>, and SecurityEnabled<\/code>. For example, the following command would create a new security-enabled group with the display name “Sales” and mail nickname “sales”:<\/li>\n<\/ol>\nNew-AzureADGroup -DisplayName \"Sales\" -MailNickname \"sales\" -SecurityEnabled $true\n<\/code><\/pre>\n\n
Assigning Users to Groups<\/h2>\n
\n
Connect-AzureAD<\/code>.<\/li>\nGet-AzureADUser<\/code> and Get-AzureADGroup<\/code>, respectively. For example, to retrieve the user with the user principal name “john.smith@contoso.onmicrosoft.com” and the group with the display name “Sales,” you would run the following commands:<\/li>\n<\/ol>\n$user = Get-AzureADUser -Filter \"UserPrincipalName eq 'john.smith@contoso.onmicrosoft.com'\"\n$group = Get-AzureADGroup -Filter \"DisplayName eq 'Sales'\"\n<\/code><\/pre>\n\n
Add-AzureADGroupMember<\/code>. For example, to assign the user to the “Sales” group, you would run the following command:<\/li>\n<\/ol>\nAdd-AzureADGroupMember -ObjectId $group.ObjectId -RefObjectId $user.ObjectId\n<\/code><\/pre>\n