Azure Active Directory : Bulk Create + License assignment / attribution via Powershell

One of my colleagues told me, how she struggles with creating 10 CRM Accounts everytime she has a new Demo(she does more than 3 a week). Plus manually assigning the licenses.

And as a hero i told her that Powershell is always the solution, so i wrote this script that bulk creates and assigns licenses.

This script creates Azure Active Directory accounts, that means it can be also used for Office365, SharePoint, CRM…etc

Azure Active Directory Powershell

The script uses the AzureAD Powershell.

First you need to install it on your computer by running this cmdlet :

Install-Module AzureAD

How to use it

Just download the 2 files and start the ps1 script.

Input.Json : input

Script : New-AzureADAccountBulk

Script Logic

The script’s Input is a file Input.json that provied those Infos

  • Tenant Name
  • Admin Login
  • Admin Password
  • List of Users to create
    • Display Name
    • Mail NickName(the email’s preffix)
    • Password
    • List of Licenses to Assign

License Names could be listed by running this command

Connect-AzureAd
Get-AzureADSubscribedSku

License samples :

  • SHAREPOINTENTERPRISE
  • DYN365_ENTERPRISE_PLAN1
  • POWER_BI_PRO
  • ENTERPRISEPACK

 

The Script

The scripts can be downloaded here. I changed the extension to pdf, because WordPress doesn’t allow ps1 and json extensions.

Input.Json : input

Script : New-AzureADAccountBulk

I will not go through the whole document, but i will comment the improtant commands.

 

$config = Get-Content .\input.json | Out-String | ConvertFrom-Json
#Reading the json file

$adminPwrd = ConvertTo-SecureString -String $config.AdminPassword -AsPlainText -Force
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $config.AdminLogin, $adminPwrd

#Using -Credential was to avoid the login popup
Connect-AzureAd -Credential $Credential

…..

#Loading the License from Azure Active Directory. If license not found, a warning is displayed
$liceTemp = (Get-AzureADSubscribedSku | Where-Object -Property SkuPartNumber -Value $license -EQ)

try
{
#check if the User already exists
$user = Get-AzureADUser -ObjectId $userPrincipalName
}
catch
{
$user = $null
}
if($user -eq $null)
{
write-host “Creating User ” $account.DisplayName
#Create the User. -UsageLocation is important for the license attribution
$newUSer = New-AzureADUser -DisplayName $account.DisplayName -PasswordProfile $PasswordProfile -UserPrincipalName $userPrincipalName -AccountEnabled $true -MailNickName $account.MailNickname -UsageLocation DE
write-host “User Created ” $account.DisplayName -ForeGroundColor Green
}
else
{
write-host “User ” $userPrincipalName ” already exsitst. Trying assigning License”
}
…..
if($licensesObj.AddLicenses.Count -ne 0)
{

#Set the license only if found
Set-AzureADUserLicense -ObjectId $userPrincipalName -AssignedLicenses $licensesObj
write-host “Licenses for User ” $userPrincipalName -ForeGroundColor Green
}

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.

Up ↑

%d bloggers like this: