Microsoft 365 Azure AD/Entra ID笔记
安装与连接 Microsoft Learn - Connect to Microsoft 365
1 2 3 4 5 6 7 8 # 安装 Get-Module AzureAD # 连接到Azure AD Connect-AzureAD # 注销 Disconnect-AzureAD
使用 1 2 3 4 5 6 7 8 # 查询用户 Get-AzureADUser # 查询用户有什么字段可以查询 Get-AzureADUser | Get-Member -MemberType Property # 查询用户特定字段 Get-AzureADUser | Select-Object DisplayName,UserPrincipalName,Mail,OtherMails
批量替换主要邮箱 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 # 批量替换主要邮箱,并跳过已经设置好正确域名的用户 Get-AzureADUser | ForEach-Object { $ user = $_ if ($user.UserPrincipalName.EndsWith("@aaa.com")) { Write-Host "Skipping user $($user.UserPrincipalName) as primary email is already aaa.com" } else { $newUPN = ($user.UserPrincipalName.Split("@")[0]) + "@aaa.com" $newOtherMails = @($user.UserPrincipalName) Set-AzureADUser -ObjectId $user.ObjectId -UserPrincipalName $newUPN -OtherMails $newOtherMails Write-Host "Updated user $($user.UserPrincipalName) with new UPN: $newUPN" } } # 如果你的alias email不小心已经改成自定义域名邮箱, 可以通过以下方式改 Get-AzureADUser | ForEach-Object { $ user = $_ $ newOtherMails = @($user .UserPrincipalName.Replace("@aaa.com" , "@xxx.onmicrosoft.com" )) Set-AzureADUser -ObjectId $user.ObjectId -OtherMails $newOtherMails Write-Host "Updated user $($user.UserPrincipalName) with new OtherMails: $($newOtherMails -join ', ')" }
批量修改用户密码AAD版 AAD修改密码 AD修改密码 方法1:
1 2 3 4 5 6 7 8 9 10 11 12 13 # 该方法写了Write-Host,能很方便利用-WhatIf(不存在的函数)来测试是否运行如预期结果 Get-AzureADUser | ForEach-Object { $ user = $_ if ($user.UserPrincipalName.Equals("aaa@aaa.com") -or $user.UserPrincipalName.Equals("bbb@aaa.com")){ Write-Host "Skipping user $($user.UserPrincipalName) as we don't want to change admin password" } else { $newPassword = "otpU1294" $securePassword = ConvertTo-SecureString -AsPlainText $newPassword -Force Set-AzureADUserPassword -ObjectId $user.ObjectId -Password $securePassword -WhatIf Write-Host "Updated user $($user.UserPrincipalName) with new passwrd: $securePassword" } }
方法2:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 # 先跳过管理员 $ excludeUsers = @("aaa@aaa.com" , "bbb@aaa.com" ) # 然后输入以下命令 $ users = Get-AzureADUser | Where-Object {$_ .UserPrincipalName -notin $excludeUsers }foreach ($user in $users) { $newPassword = "otpU1294" $securePassword = ConvertTo-SecureString -AsPlainText $newPassword -Force Set-AzureADUserPassword -ObjectId $user.ObjectId -Password $securePassword } # 单独重置一个人的密码 (需要先知道他ObjectId) Set-AzureADUserPassword -ObjectId c365b02b-f9b6-4642-a9e2-ec83cece4b02 -Password (ConvertTo-SecureString -AsPlainText "otpU1294" -Force)
批量根据ObjectID替换姓名 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 # Read CSV File $ csvPath = "C:\Users\AADTest\Downloads\exportUsers.csv" $ csvData = Import-Csv -Path $csvPath # Loop Through and Update Users foreach ($entry in $csvData) { $user = Get-AzureADUser -ObjectId $entry.ObjectId if ($user -ne $null) { $updatedUser = Set-AzureADUser -ObjectId $user.ObjectId -GivenName $entry.givenName -Surname $entry.surname Write-Host "Updated user $($user.UserPrincipalName) with new first name $($updatedUser.givenName) and last name $($updatedUser.surname)." } else { Write-Host "User with ObjectID $($entry.ObjectId) not found." } }
批量根据姓名替换邮箱 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 $ csvPath = "C:\Users\AADTest\Downloads\exportUsers.csv" $ csvData = Import-Csv -Path $csvPath foreach ($row in $csvData) { $objectId = $row.ObjectId $user = Get-AzureADUser -ObjectId $objectId if ($user) { $newUPN = $user.GivenName + "." + $user.Surname + "@aaa.com" $newDisplayName = $user.GivenName + " " + $user.Surname $newEmailAddress = $newUPN $newOtherMails = @($newUPN.Replace("@aaa.com", "@xxx.onmicrosoft.com")) Set-AzureADUser -ObjectId $user.ObjectId -UserPrincipalName $newUPN -DisplayName $newDisplayName -OtherMails $newOtherMails Write-Host "User with ObjectID $objectId update $newUPN and $newDisplayName and $newOtherMails" } else { Write-Host "User with ObjectID $objectId not found." } }
AD使用 将AD用户导出为Excel
1 2 3 4 5 6 7 8 9 10 Get-ADUser -Filter * | Select-Object DistinguishedName, Name,GivenName,Surname, UserPrincipalName, employeeID | Export-Csv -Path C:\Users\Administrator\Documents\users.csv -NoTypeInformation Get-ADUser -Filter * -Properties * | Get-Member -MemberType Property | Select-Object NameGet-ADUser -Filter * | Select-Object DistinguishedName, Name,GivenName,Surname, UserPrincipalName, employeeID
AD DisplayName 最佳实践 小公司500-1000人: First Name + Last Name + Group/BU/Department 例如: Eleanor Harrison [Vendor], Emily Johnson [Staff] ….
跨区域公司1000+人: Preferred English Name + Last Name + First Name Initial + Site + Department 或者 Last Name + ,+ Preferred English Name + First Name Initial + Site + Department 例如:Li, Elaine X.Y. (HZ/HR)
使用 PowerShell 打造 Windows 下的顺手终端。
与 Cmder 配合使用 搭配 Cmder 一起服用,才最好。
配置文件位置 默认配置文件 ~/Documents/WindowsPowerShell/Microsoft.PowerShell_profile.ps1
。
Cmder 的 PowerShell 配置文件 <cmd_install_path>/config/user-profile.ps1
。
alias 快速进入某目录 例:通过 src
命令快速进入 d:\sources\
目录。
1 2 3 4 5 function Enter-Sources { cd d:\sources\ } Set-Alias src Enter-Sources
快速打开当前文件夹 例:通过 e.
命令快速在资源管理器打开当前文件夹。
1 2 3 4 5 function Open-Current-Directory { explorer . } Set-Alias e. Open-Current -Directory
git 相关命令 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 function Git-Status { git status } Set-Alias gs Git-Status function Git-Add-All { git add . } Set-Alias ga Git-Add-All function Git-Gui { gitk } Set-Alias gg Git-Gui function Git-Pull-Current-Branch { $currentBranch = git symbolic-ref --short -q HEAD git pull origin $currentBranch } Set-Alias gpull Git-Pull-Current-Branch function Git-Push-Current-Branch { $currentBranch = git symbolic-ref --short -q HEAD git push origin $currentBranch } Set-Alias gpush Git-Push-Current-Branch function Git-Commit-And-Push { git add . git commit -m $args [0 ] Git-Push-Current-Branch } Set-Alias g1 Git-Commit-And-Push
objdump 1 2 3 4 5 function Obj-Dump { D:\Android\sdk\ndk-bundle \toolchains\x86_64-4 .9 \prebuilt\windows-x86_64 \bin\x86_64-linux-android-objdump .exe $args } Set-Alias objdump Obj-Dump
快捷键映射 从 Linux/macOS 的 bash 甚至 Windows 的 cmd 下切换过来后,发现 ctrl-u、ctrl-k 等快捷键不可用了,各种不顺手,PSReadLine 拯救你。
1 2 3 Import-Module PSReadLineSet-PSReadLineOption -EditMode Emacs