Azure Active Directory – Bulk user import to a new organisation via .csv with PowerShell

As a part of this demo post, the objective is to use PowerShell and do a bulk user import into Azure Active Directory. We have a specific TenantId in an organisation and we would like to use PowerShell since it would make things a bit easy.

As a test sample size, we will take 10 users who are there in the .csv file to be imported via PowerShell.

For this demo, we create a new organization below and a separate domain.

  • Organization Name – VanillaCaffeine
  • Domain Name – VMADDemo.OnMicrosoft.com



Open Windows PowerShell IDE with Admin rights on powershell and install the below plugin. This will be used to connect to Azure Active Directory from your local machine.

Install-Module AzureAD

We connect to Azure Cloud and see the tenant id for this demo post.


The below PowerShell is going to read the .csv file from your local drive and read through the list of collection and import to Azure Active Directory.

The powershell scripts and template is there on the github link.

https://github.com/varunmaggo/PowerShellScripts

[CmdletBinding()]
Param(
[Parameter(Position = 0, Mandatory = $True, HelpMessage = 'CSV file')]
[Alias('CSVFile')]
[string]$FilePath,
[Parameter(Position = 1, Mandatory = $false, HelpMessage = 'Put Credentials')]
[Alias('Cred')]
[PSCredential]$Credential,
#MFA Account for Azure AD Account
[Parameter(Position = 2, Mandatory = $false, HelpMessage = 'MFA enabled?')]
[Alias('2FA')]
[Switch]$MFA,
[Parameter(Position = 3, Mandatory = $false, HelpMessage = 'Azure AD Group Name')]
[Alias('AADGN')]
[string]$AadGroupName
)
Function Install-AzureAD {
Set-PSRepository -Name PSGallery -Installation Trusted -Verbose:$false
Install-Module -Name AzureAD -AllowClobber -Verbose:$false
}
Try {
$CSVData = @(Import-CSV -Path $FilePath -ErrorAction Stop)
Write-Verbose "Successfully imported entries from $FilePath"
Write-Verbose "Total no. of entries in CSV are : $($CSVData.count)"
}
Catch {
Write-Verbose "Failed to read from the CSV file, PS $FilePath Exiting!"
Break
}
Try {
Import-Module -Name AzureAD -ErrorAction Stop -Verbose:$false | Out-Null
}
Catch {
Write-Verbose "Azure AD PowerShell Module not found…"
Write-Verbose "Installing Azure AD PowerShell Module…"
Install-AzureAD
}
Try {
Write-Verbose "Connecting to Azure AD…"
if ($MFA) {
Connect-AzureAD -TenantId efcb2733-e012-4628-bae4-a96147285b5a -ErrorAction Stop | Out-Null
}
Else {
Connect-AzureAD -TenantId efcb2733-e012-4628-bae4-a96147285b5a
}
}
Catch {
Write-Verbose "Cannot connect to Azure AD. Please check your credentials. Exiting!"
Break
}
Foreach ($Entry in $CSVData) {
# Verify that mandatory properties are defined for each object
$DisplayName = $Entry.DisplayName
$MailNickName = $Entry.MailNickName
$UserPrincipalName = $Entry.UserPrincipalName
$Password = $Entry.PasswordProfile
If (!$DisplayName) { Write-Warning '$DisplayName is not provided. Continue to the next record' Continue } If (!$MailNickName) { Write-Warning '$MailNickName is not provided. Continue to the next record' Continue } If (!$UserPrincipalName) { Write-Warning '$UserPrincipalName is not provided. Continue to the next record' Continue } If (!$Password) { Write-Warning "Password is not provided for $DisplayName in the CSV file!" $Password = Read-Host -Prompt "Enter desired Password" -AsSecureString $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password) $Password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR) $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = $Password $PasswordProfile.EnforceChangePasswordPolicy = 1 $PasswordProfile.ForceChangePasswordNextLogin = 1 } Else { $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = $Password $PasswordProfile.EnforceChangePasswordPolicy = 1 $PasswordProfile.ForceChangePasswordNextLogin = 1 } Try { New-AzureADUser -DisplayName $DisplayName ` -AccountEnabled $true ` -MailNickName $MailNickName ` -UserPrincipalName $UserPrincipalName ` -PasswordProfile $PasswordProfile ` -City $Entry.City ` -Country $Entry.Country ` -Department $Entry.Department ` -JobTitle $Entry.JobTitle ` -Mobile $Entry.Mobile | Out-Null Write-Verbose "$DisplayName : AAD Account is created successfully!" If ($AadGroupName) { Try { $AadGroupID = Get-AzureADGroup -SearchString "$AadGroupName" } Catch { Write-Error "$AadGroupName : does not exist. $_" Break } $ADuser = Get-AzureADUser -ObjectId "$UserPrincipalName" Add-AzureADGroupMember -ObjectId $AadGroupID.ObjectID -RefObjectId $ADuser.ObjectID Write-Verbose "Assigning the user $DisplayName to Azure AD Group $AadGroupName" } } Catch { Write-Error "$DisplayName : Error occurred $_" }
}

Once the Authentication is successful, we can log in over to our Azure Login section to cross-check the user’s list. Our sandbox area and all the users are present there. All the sampled users are present in the Users Azure Active Directory area.