10 ready-to-implement PowerShell scripts to make AD management easy!

Azure Active DirectoryAzure AD Management

Master Azure AD automation with Microsoft Graph PowerShell

For Active Directory (AD) administrators, using native AD tools for recurring tasks can be time-consuming. PowerShell is a scripting language built into Windows, that can tackle this issue by automating repetitive tasks. While Azure AD PowerShell has been a reliable tool for managing Azure AD, there is now a need for a shift towards Microsoft Graph PowerShell. This article provides a brief intro into AD automation with PowerShell.

What is Microsoft Graph PowerShell? 

Microsoft Graph PowerShell is a scripting module built on top of standard PowerShell that interacts with the Microsoft Graph API. Microsoft Graph is the central hub for managing Microsoft services, including Azure AD. Microsoft Graph PowerShell is a bridge between the familiar PowerShell environment and the capabilities of Microsoft Graph.

Why should one use Microsoft Graph PowerShell? 

  • Automate repetitive tasks: PowerShell lets you script routine tasks. With a single execution, you can,say, create a new user account, add them to relevant groups, and set up their mailbox.
  • Handle bulk operations: Microsoft Graph PowerShell lets you to manage large numbers of objects. You can create or disable multiple user accounts, update group memberships for a department, or reset passwords for a group in a single script.
  • Gain more control: Micromanaging is made easier with PowerShell.You can control password expiration policies, configure conditional access with specific criteria, and assign specific application permissions.
  • Integrate with automation tools: PowerShell scripts can  integrate with automation tools like System Center Orchestrator or Azure Automation. This helps build complex workflows that interact with Azure AD and other IT systems.

Why are we shifting from Azure AD PowerShell to Microsoft Graph PowerShell ?

The key reason for the shift is Azure AD PowerShell being deprecated on March 30, 2024. This means that these modules will no longer receive new features or bug fixes. Microsoft is moving towards using Microsoft Graph as the central platform for interacting with its services. Microsoft Graph PowerShell leverages this API, hence staying aligned with Microsoft’s future development direction. If you are already an Azure AD Powershell user, you can seamlessly transition to Microsoft Graph PowerShell using this migration guide.

 Using Microsoft Graph PowerShell for Azure AD automation. 

To begin automating tasks with PowerShell, you need to have the Microsoft Graph PowerShell SDK. Here’s how to install the Microsoft Graph PowerShell SDK:


  1. Windows PowerShell 5.1 or later: You can verify the version by running $PSVersionTable.PSVersion in a PowerShell window. If you need to upgrade, download and install the latest version from the Microsoft website.
  2. .NET Framework 4.7.2 or later: Download and install the appropriate version from the official website if needed.
  3. Updated PowerShellGet: PowerShellGet is a module that simplifies installing and managing PowerShell modules. Update it to the latest version using the Install-Module PowerShellGet command in a PowerShell window with administrator privileges.

Installation steps:

  1. Open a PowerShell window.
  2. Run the installation command

The SDK comes in two modules, Microsoft.Graph and Microsoft.Graph.Beta. You can install the two modules on the same PowerShell version, separately.

To install the v1 version, run the following command:

Install-Module Microsoft.Graph -Scope CurrentUser

To install the beta version, run the following command:

Install-Module Microsoft.Graph.Beta
  1. Verify installation by running this command.
Get-InstalledModule Microsoft.Graph

Once you’ve installed the Microsoft Graph PowerShell SDK, you can use it to automate various tasks in Azure AD using commands known as cmdlets. Here’s a breakdown of the general process:

1.Use the Connect-MgGraph command to establish a connection with Microsoft Graph. This cmdlet requires permissions to access specific data or perform actions within Azure AD.

For example:

Connect-MgGraph -Scopes "User.ReadWrite.All"

This command connects to Microsoft Graph and requests permission to read and write all user data within Azure AD. Replace “User.ReadWrite.All” with the appropriate permission scopes based on your automation needs.

2. Utilize cmdlets as per your automation needs. Here are some examples of tasks you can automate with cmdlets:

User provisioning:

To create new users


To update user details


To disable or delete users


Group management

To create security groups


To add or remove members from groups

Add-MgGroupMember, Remove-MgGroupMember

To assign permissions to groups


Application permissions

To assign applications to users


To grant permissions to applications


The comprehensive list of cmdlets can be found here.

Going beyond PowerShell for automation 

While PowerShell offers a solution for AD management that goes beyond basic point-and-click configuration, the scripts can get increasingly complex when you need to get more done. PowerShell’s flexibility comes with a learning cost. It requires understanding various parameters to achieve the desired outcome.

There are other AD and Identity Governance solutions that can bypass this need for advanced scripting, such as ADManager Plus. The choice of AD automation tool ultimately lies on the user need and technical expertise.

Related posts
Azure Active DirectoryAzure AD Management

Entra Permissions Management Onboarding Guide

Azure Active DirectoryAzure AD Security

Configure gMSA Defender Identity: Step-by-Step Guide

Azure Active DirectoryAzure AD Management

Azure AD Connect issues: Solutions and troubleshooting

Azure Active DirectoryAzure AD Management

How to Sync On-Premises Active Directory Attributes with Azure AD


There are over 8,500 people who are getting towards perfection in Active Directory, IT Management & Cyber security through our insights from Identitude.

Wanna be a part of our bimonthly curation of IAM knowledge?

  • -Select-
  • By clicking 'Become an insider', you agree to processing of personal data according to the Privacy Policy.