New versions of the Azure AD PowerShell modules released

Yesterday, new versions of both the Azure AD and the Azure AD Preview modules for PowerShell were released over at the PowerShell gallery. As customary, no release notes were published so I went over the list of cmdlets and parameters in hopes of spotting any new additions.

For the Azure AD Preview module, which now sports version 2.0.2.3,  the number of available cmdlets remains unchanged at 206. No changes in the parameter list are visible either, however as users have already pointed out, the –SearchString parameter seems to be broken:

Get-AzureADUser -SearchString HuKu
Get-AzureADUser : Error occurred while executing GetUsers
Code: Request_UnsupportedQuery
Message: Unsupported or invalid query filter clause specified for property 'userState' of resource 'User'.
RequestId: 25885e43-3018-4f9f-b441-00bbd3440380
DateTimeStamp: Thu, 04 Oct 2018 09:14:44 GMT
HttpStatusCode: BadRequest
HttpStatusDescription: Bad Request
HttpResponseStatus: Completed
At line:1 char:1
+ Get-AzureADUser -SearchString HuKu
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-AzureADUser], ApiException
    + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUser

The GA module, Azure AD, has been bumped up to version 2.0.2.2 and now features a total of 170 PowerShell cmdlets. The two new cmdlets are as follows:

Get-AzureADApplicationProxyConnectorGroupMember

Remove-AzureADDeletedApplication

The first cmdlet, Get-AzureADApplicationProxyConnectorGroupMembers, is actually an alias for the already existing Get-AzureADApplicationProxyConnectorGroupMembers one, so I have no idea why it was added. The second one, Remove-AzureADDeletedApplication, allows you to hard-delete application objects, without having to wait for the soft-deleted window to expire.

The following cmdlets have new/modified parameters:

  • New-AzureADApplication: added 12 new parameters, including: AllowGuestsSignIn, AllowPassthroughUsers, AppLogoUrl, IsDeviceOnlyAuthSupported, IsDisabled, OptionalClaims, OrgRestrictions, ParentalControlSettings, PreAuthorizedApplications, PublisherDomain, SignInAudience, WwwHomepage. Neither the cmdlet help nor the documentation page has been updated to detail all these, so we can only guess the correct usage/syntax…
  • Set-AzureADApplication: added 12 new parameters, including: AllowGuestsSignIn, AllowPassthroughUsers, AppLogoUrl, IsDeviceOnlyAuthSupported, IsDisabled, OptionalClaims, OrgRestrictions, ParentalControlSettings, PreAuthorizedApplications, PublisherDomain, SignInAudience, WwwHomepage. As with the New-AzureADApplication cmdlet, no documentation is available on any of these.
  • New-AzureADApplicationProxyApplication: one new parameter added, IsHttpOnlyCookieEnabled. No help 🙂
  • Set-AzureADApplicationProxyApplication: one new parameter added, IsHttpOnlyCookieEnabled. No help 🙂
  • New-AzureADDevice: 2 new parameters added, namely ProfileType and SystemLabels. You guessed it, not documented.
  • Set-AzureADDevice: 2 new parameters added, namely ProfileType and SystemLabels. You guessed it, not documented.
  • New-AzureADUser: also has 2 new parameters, UserState and UserStateChangedOn. Both of these are not documented, but a quick check shows they are only relevant for Guest accounts:
Get-AzureADUser | ft UserPrincipalName,UserState*

UserPrincipalName                                                 UserState         UserStateChangedOn
-----------------                                                 ---------         ------------------
Jane.Jones@michev.info
marian_ski_outlook.com#EXT#@michev.info
michev_gmail.com#EXT#@michev.onmicrosoft.com                      Accepted          2016-09-25T13:41:13Z
michev_outlook.com#EXT#@michev.onmicrosoft.com
pesho_dir.bg#EXT#@michev.onmicrosoft.com                          PendingAcceptance 2017-08-03T18:14:06Z
SMO-test@michev.info
Sync_DC01_052da20421fc@michev.onmicrosoft.com
vasil.michev_quadrotech-it.com#EXT#@michev.info                   Accepted          2018-03-14T14:37:43Z

The first attribute/parameter, UserState, designates the status of the Guest invitation: whether it is Accepted or PendingAcceptance. The second, UserStateChangedOn, specifies the timestamp on which the invitation was sent, or was accepted. Interestingly enough, I do seem to have guest users in my tenant for which those parameters are NOT populated. But that's most likely related to the changes I made for a recent article.

  • Set-AzureADUser: also has 2 new parameters, UserState and UserStateChangedOn. As above, they relate to the status of Guest invitations.

That's all the information I could get by comparing the list of cmdlets and parameters. Hopefully, the documentation will be updated soon, or some other miracle will happen 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.