In this blog, we are going to provide a PowerShell script to modify bulk user attributes for multiple Microsoft Office 365 users. This script helps you to update the following user profile attributes by importing the bulk user details from a CSV file.
- Organization attributes – Job Title, Department, Company, Employee Id.
- Contact information – PhysicalDeliveryOfficeName(Office), City, Country, Postal Code, State, Street Address.
We can use the Set-AzureADUser cmdlet to modify the Azure AD user properties in bulk. Before you start, run the following command to connect the Azure AD PowerShell module.
Connect-AzureAD
The following command sets the properties for the single user account.
Set-AzureADUser -ObjectId "[email protected]" -Department "Finance" -JobTitle "Accountant" -CompanyName "MTS"
Once you successfully updated the user attributes, we can use the Get-AzureADUser cmdlet to retrieve the current user details.
Get-AzureADUser -ObjectId "[email protected]" | Select DisplayName,Department,JobTitle,CompanyName
Modify Bulk User Attributes for Bulk Azure AD Users from CSV
To update users in bulk, we can keep the required user’s UPN and attributes to be modified in a CSV file. The CSV column header names should be the same member property name supported in the Get-AzureADUser cmdlet. Run the following command to get the supported properties.
Get-AzureADUser | Get-Member -MemberType property
Consider the CSV file “AzureADUserAttributes.csv” (Download sample CSV). The CSV column headers should include the user identity and attribute values (ex: UserPrincipalName, JobTitle, CompanyName, etc.) in each row. The below script imports the details of Microsoft 365 users from the CSV file and set the attribute values for users one by one.
# Read user details from the CSV file
$AzureADUsers = Import-CSV "C:\AzureADUserAttributes.csv"
$i = 0;
$TotalRows = $AzureADUsers.Count
# Array to add update status
$UpdateStatusResult=@()
# Iterate and set user details one by one
ForEach($UserInfo in $AzureADUsers)
{
$UserId = $UserInfo.'UserPrincipalName'
# Convert CSV user info (PSObject) to hashtable
$NewUserData = @{}
$UserInfo.PSObject.Properties | ForEach { $NewUserData[$_.Name] = $_.Value }
$i++;
Write-Progress -activity "Processing $UserId " -status "$i out of $TotalRows completed"
Try
{
# Get current Azure AD user object
$UserObj = Get-AzureADUser -ObjectId $UserId
# Convert current Azure AD user object to hashtable
$ExistingUserData = @{}
$UserObj.PSObject.Properties | ForEach { $ExistingUserData[$_.Name] = $_.Value }
$AttributesToUpdate = @{}
# The CSV header names should have the same member property name supported in the Get-AzureADUser cmdlet.
# Run this command to get the supported properties: Get-AzureADUser | Get-Member -MemberType property
$CSVHeaders = @("JobTitle","Department","CompanyName","PhysicalDeliveryOfficeName","City","Country","PostalCode","State","StreetAddress")
ForEach($property in $CSVHeaders)
{
# Check the CSV field has value and compare the value with existing user property value.
if ($NewUserData[$property] -ne $null -and ($NewUserData[$property] -ne $ExistingUserData[$property]))
{
$AttributesToUpdate[$property] = $NewUserData[$property]
}
}
if($AttributesToUpdate.Count -gt 0)
{
# Set required user attributes.
# Need to prefix the variable AttributesToUpdate with @ symbol instead of $ to pass hashtable as parameters (ex: @AttributesToUpdate).
Set-AzureADUser -ObjectId $UserId @AttributesToUpdate
$UpdateStatus = "Success - Updated attributes : " + ($AttributesToUpdate.Keys -join ',')
} else {
$UpdateStatus ="No changes required"
}
}
catch
{
$UpdateStatus = "Failed: $_"
}
# Add user update status
$UpdateStatusResult += New-Object PSObject -property $([ordered]@{
User = $UserId
Status = $UpdateStatus
})
}
# Display the user update status result
$UpdateStatusResult | Select User,Status
# Export the update status report to CSV file
#$UpdateStatusResult | Export-CSV "C:\AzureADUserUpdateStatus.CSV" -NoTypeInformation -Encoding UTF8
Update Manager for Bulk Azure AD Users
We need to use the Set-AzureADUserManager cmdlet to set the manager and use the Remove-AzureADUserManager cmdlet to remove or clear the current manager attribute value. Use the following commands to update the manager property for a single user.
$UserUPN = "[email protected]"
$ManagerUPN = "[email protected]"
#Get the manager's ObjectId using the UPN
$ManagerObj = Get-AzureADUser -ObjectId $ManagerUPN
#Set the manager for the specified user in Azure AD
Set-AzureADUserManager -ObjectId $UserUPN -RefObjectId $ManagerObj.ObjectId
Update Extension Attribute (Employee Id) for Bulk Azure AD Users
We can use the Set-AzureADUser cmdlet to update the normal Azure AD user properties. But we need to use the Set-AzureADUserExtension cmdlet to update a user extension attribute.
The Employee Id is one of the user fields which is populated as an extension property in Azure AD. We have already explained in another post to Update Employee ID for Bulk Azure AD Users using PowerShell.
Use the below command to set the EmployeeId value for a single Office 365 user.
Set-AzureADUserExtension -ObjectId "[email protected]" -ExtensionName "employeeId" -ExtensionValue "MTS-A1-61"
Remove or Clear Property or Set Null value
The Set-AzureADUser cmdlet can be used to update Azure AD user properties. This command works fine when you set a value for any property of a user, but to delete or clear the property by setting $null is currently not supported. You can refer to this thread: https://github.com/Azure/azure-docs-powershell-azuread/issues/166.
As a workaround we can use the ExtensionProperty parameter in the Set-AzureADUser cmdlet, this parameter is probably intended to set the extension property, but we can also use it to update any valid property of the user object.
The below commands clear the Mobile attribute in the given user.
$properties = [Collections.Generic.Dictionary[[String],[String]]]::new()
$properties.Add("Mobile", [NullString]::Value)
Set-AzureADUser -ObjectId "[email protected]" -ExtensionProperty $properties
Reset Password for Bulk Microsoft 365 Users from CSV
We need to use the Set-AzureADUserPassword cmdlet to set the password for a user in Azure AD. Run the following command to set a new password for a single Office 365 user.
#Convert the password to a secure string
$NewPassword = ConvertTo-SecureString "p#ssw@rd123" -AsPlainText -Force
#Set the new password
Set-AzureADUserPassword –ObjectId "[email protected]" –Password $NewPassword
To set a temporary password for bulk users, see this post: Create a random password and reset for Bulk Office 365 users.
If I want to clear the attribute, what do I put in the CSV?
I’ve tried leaving it blank and it make no changes, I’ve tried $null but that just out the entry $null into the field?
Any help appreciated.
This is so helpful, thank you! A question I have is how I could update Custom Security Attributes? Our company has sub-departments that I need to reference
We need to use the Set-AzureADMSUser cmdlet to update Custom Security Attributes for Azure AD Users. We will write a detailed blog post to update Custom Security Attribute for bulk Azure AD users. As of now, refer to the following post.
https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/users-custom-security-attributes#assign-a-custom-security-attribute-with-a-multi-string-value-to-a-user
Worked like a charm.
Thank you
I am getting a “Cannot bind argument to parameter ‘ObjectId’ because it is null.” in the status update.
Can you run the following command after replacing the ‘UserUPN’ with your problematic user’s UPN and check the status?
Get-AzureADUser -ObjectId “UserUPN”
The article offers a PowerShell script for efficiently modifying user attributes for multiple Microsoft Office 365 users. It specifies the attributes that can be updated and mentions the use of the Set-AzureADUser cmdlet along with connecting to the Azure AD PowerShell module for this purpose.