AADUser¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| UserPrincipalName | Key | String | The login name of the user | |
| DisplayName | Write | String | The display name for the user | |
| FirstName | Write | String | The first name of the user | |
| LastName | Write | String | The last name of the user | |
| Roles | Write | StringArray[] | The list of Azure Active Directory roles assigned to the user. | |
| UsageLocation | Write | String | The country code the user will be assigned to | |
| LicenseAssignment | Write | StringArray[] | The account SKU Id for the license to be assigned to the user | |
| Password | Write | PSCredential | The password for the account. The parameter is a PSCredential object, but only the Password component will be used. If Password is not supplied for a new resource a new random password will be generated. Property will only be used when creating the user and not on subsequent updates. | |
| City | Write | String | The City name of the user | |
| Country | Write | String | The Country name of the user | |
| Department | Write | String | The Department name of the user | |
| Fax | Write | String | The Fax Number of the user | |
| MobilePhone | Write | String | The Mobile Phone Number of the user | |
| Office | Write | String | The Office Name of the user | |
| PasswordNeverExpires | Write | Boolean | Specifies whether the user password expires periodically. Default value is false | |
| PasswordPolicies | Write | String | Specifies password policies for the user. | |
| PhoneNumber | Write | String | The Phone Number of the user | |
| PostalCode | Write | String | The Postal Code of the user | |
| PreferredLanguage | Write | String | The Prefered Language of the user | |
| State | Write | String | Specifies the state or province where the user is located | |
| StreetAddress | Write | String | Specifies the street address of the user | |
| Title | Write | String | Specifies the title of the user | |
| UserType | Write | String | Specifies the title of the user | Guest, Member, Other, Viral |
| Ensure | Write | String | Present ensures the user exists, absent ensures it is removed | Present, Absent |
| Credential | Write | PSCredential | Credentials of the Exchange Global Admin | |
| ApplicationId | Write | String | Id of the Azure Active Directory application to authenticate with. | |
| TenantId | Write | String | Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com | |
| ApplicationSecret | Write | PSCredential | Secret of the Azure Active Directory application used for authentication. | |
| CertificateThumbprint | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
| ManagedIdentity | Write | Boolean | Managed ID being used for authentication. |
Description¶
This resource allows users to create Azure AD Users and assign them licenses.
Permissions¶
Microsoft Graph¶
To authenticate with the Microsoft Graph API, this resource required the following permissions:
Delegated permissions¶
-
Read
- RoleManagement.Read.Directory, User.Read.All
-
Update
- Organization.Read.All, RoleManagement.Read.Directory, RoleManagement.ReadWrite.Directory, User.Read.All, User.ReadWrite.All
Application permissions¶
-
Read
- RoleManagement.Read.Directory, User.Read.All
-
Update
- Organization.Read.All, RoleManagement.Read.Directory, RoleManagement.ReadWrite.Directory, User.Read.All, User.ReadWrite.All
Examples¶
Example 1¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter(Mandatory = $true)]
[PSCredential]
$credsGlobalAdmin
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
AADUser 'ConfigureJohnSMith'
{
UserPrincipalName = "John.Smith@O365DSC1.onmicrosoft.com"
FirstName = "John"
LastName = "Smith"
DisplayName = "John J. Smith"
City = "Gatineau"
Country = "Canada"
Office = "Ottawa - Queen"
LicenseAssignment = @("O365dsc1:ENTERPRISEPREMIUM")
UsageLocation = "US"
Ensure = "Present"
Credential = $credsGlobalAdmin
}
}
}