Yesterday, new versions of both the Azure AD and the Azure AD Preview modules for PowerShell were released over at the PowerShell gallery. As customary, no release notes were published so I went over the list of cmdlets and parameters in hopes of spotting any new additions.
For the Azure AD Preview module, which now sports version 2.0.2.3, the number of available cmdlets remains unchanged at 206. No changes in the parameter list are visible either, however as users have already pointed out, the –SearchString parameter seems to be broken:
Get-AzureADUser -SearchString HuKu Get-AzureADUser : Error occurred while executing GetUsers Code: Request_UnsupportedQuery Message: Unsupported or invalid query filter clause specified for property 'userState' of resource 'User'. RequestId: 25885e43-3018-4f9f-b441-00bbd3440380 DateTimeStamp: Thu, 04 Oct 2018 09:14:44 GMT HttpStatusCode: BadRequest HttpStatusDescription: Bad Request HttpResponseStatus: Completed At line:1 char:1 + Get-AzureADUser -SearchString HuKu + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo          : NotSpecified: (:) [Get-AzureADUser], ApiException + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUser
The GA module, Azure AD, has been bumped up to version 2.0.2.2 and now features a total of 170 PowerShell cmdlets. The two new cmdlets are as follows:
Get-AzureADApplicationProxyConnectorGroupMember Remove-AzureADDeletedApplication
The first cmdlet, Get-AzureADApplicationProxyConnectorGroupMembers, is actually an alias for the already existing Get-AzureADApplicationProxyConnectorGroupMembers one, so I have no idea why it was added. The second one, Remove-AzureADDeletedApplication, allows you to hard-delete application objects, without having to wait for the soft-deleted window to expire.
The following cmdlets have new/modified parameters:
- New-AzureADApplication: added 12 new parameters, including: AllowGuestsSignIn, AllowPassthroughUsers, AppLogoUrl, IsDeviceOnlyAuthSupported, IsDisabled, OptionalClaims, OrgRestrictions, ParentalControlSettings, PreAuthorizedApplications, PublisherDomain, SignInAudience, WwwHomepage. Neither the cmdlet help nor the documentation page has been updated to detail all these, so we can only guess the correct usage/syntax…
- Set-AzureADApplication: added 12 new parameters, including: AllowGuestsSignIn, AllowPassthroughUsers, AppLogoUrl, IsDeviceOnlyAuthSupported, IsDisabled, OptionalClaims, OrgRestrictions, ParentalControlSettings, PreAuthorizedApplications, PublisherDomain, SignInAudience, WwwHomepage. As with the New-AzureADApplication cmdlet, no documentation is available on any of these.
- New-AzureADApplicationProxyApplication: one new parameter added, IsHttpOnlyCookieEnabled. No help 🙂
- Set-AzureADApplicationProxyApplication: one new parameter added, IsHttpOnlyCookieEnabled. No help 🙂
- New-AzureADDevice: 2 new parameters added, namely ProfileType and SystemLabels. You guessed it, not documented.
- Set-AzureADDevice: 2 new parameters added, namely ProfileType and SystemLabels. You guessed it, not documented.
- New-AzureADUser: also has 2 new parameters, UserState and UserStateChangedOn. Both of these are not documented, but a quick check shows they are only relevant for Guest accounts:
Get-AzureADUser | ft UserPrincipalName,UserState* UserPrincipalName UserState UserStateChangedOn ----------------- --------- ------------------ Jane.Jones@michev.info marian_ski_outlook.com#EXT#@michev.info michev_gmail.com#EXT#@michev.onmicrosoft.com Accepted 2016-09-25T13:41:13Z michev_outlook.com#EXT#@michev.onmicrosoft.com pesho_dir.bg#EXT#@michev.onmicrosoft.com PendingAcceptance 2017-08-03T18:14:06Z SMO-test@michev.info Sync_DC01_052da20421fc@michev.onmicrosoft.com vasil.michev_quadrotech-it.com#EXT#@michev.info Accepted 2018-03-14T14:37:43ZThe first attribute/parameter, UserState, designates the status of the Guest invitation: whether it is Accepted or PendingAcceptance. The second, UserStateChangedOn, specifies the timestamp on which the invitation was sent, or was accepted. Interestingly enough, I do seem to have guest users in my tenant for which those parameters are NOT populated. But that's most likely related to the changes I made for a recent article.
- Set-AzureADUser: also has 2 new parameters, UserState and UserStateChangedOn. As above, they relate to the status of Guest invitations.
That's all the information I could get by comparing the list of cmdlets and parameters. Hopefully, the documentation will be updated soon, or some other miracle will happen 🙂