I am attempting to explore the features of the Azure Active Directory V2 PowerShell Module
I have an Azure Account, and I have set up an Active Directory with multiple users.
My first goal is simple: show me the list of users.
So I type:
Connect-AzureAD
I am presented with a dialog and type in my user account and password. It returns on object of type Microsoft.Open.Azure.AD.CommonLibrary.PSAzureContext
.
I then type
Get-AzureADUser
And the error is:
Get-AzureADUser : Error occurred while executing GetUsers
Code: Authentication_Unauthorized
Message: User was not found
HttpStatusCode: Forbidden
I am still able to list the users using the Azure RM Powershell module. The following code works:
Add-AzureRmAccount Get-AzureRmADUser
What do I do to get Get-AzureADUser
to work?
The cmdlet Connect-AzureAD
establishes connection to ADD domian, after we login successed a confirmation will display:
PS C:\windows\system32> connect-azuread Account Environment Tenant ------- ----------- ------ jasontest1@xxxxxx.onmicrosoft.com AzureCloud xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
The connection can be vaildated with this cmdlet Get-AzureADDomain
, if the user is connected to AAD domain, where he has management privileges - the information about the domain will be displayed:
PS C:\windows\system32> get-azureaddomain Name AvailabilityStatus AuthenticationType ---- ------------------ ------------------ hcl.com Managed msgamestudios.com Managed foobar.local Managed multimap.com Managed skypestaytogether.com Managed insightsquarterly.com.au Managed calanit.onmicrosoft.com Federated msft.ccsctp.net Managed ruffiangames.com Managed xn--m1bg0b0byewac1j8b.com Managed VoicesforInnovation.org Managed shaanximic.com Managed www.yunnanmic.com Managed wsmbela.pss.com Managed fornax.off Managed api.staging.yammer.com Managed codenauts.net Managed acompli.com Managed testdomains.co Managed microsoft.hr Managed Bayportali.mmdservice.com Managed contoso.com Managed api.swrepository.com Managed Equivio.com Managed sunshine.am Managed microsoftaffiliates.com Managed
If user has no admin privileges, we will get the error same as you.
Get-AzureADDomain : Error occurred while executing GetDomains Code: Authentication_Unauthorized Message: User was not found HttpStatusCode: Forbidden
The reason is that, the cmdlet GetAzureADDomian has no tenant specified, so the connection was established to a domian, where user has no admin privileges.
To ensure connection to expected AAD domian, the tenant ID must specified in call to Connect-AzureAD
cmdlet.
PS C:\windows\system32> Connect-AzureAD -TenantId