Prerequisites to use PowerShell for Azure AD roles

If you want to manage Azure Active Directory (Azure AD) roles using PowerShell, you must have the required prerequisites. This article describes the PowerShell prerequisites for different Azure AD role features.

AzureAD module

To use PowerShell commands to do the following:

  • List role assignments
  • Create a role-assignable group
  • Manage administrative units

You must have the following module installed:

Check AzureAD version

To check which version of AzureAD you have installed, use Get-InstalledModule.

Get-InstalledModule -Name AzureAD

You should see output similar to the following:

Version    Name                                Repository           Description
-------    ----                                ----------           -----------
2.0.2.140  AzureAD                             PSGallery            Azure Active Directory V2 General Availability M...

Install AzureAD

If you don't have AzureAD installed, use Install-Module to install AzureAD.

Install-Module -Name AzureAD

Update AzureAD

To update AzureAD to the latest version, re-run Install-Module.

Install-Module -Name AzureAD

Use AzureAD

To use AzureAD, follow these steps to make sure it is imported into the current session.

  1. Use Get-Module to check if AzureAD is loaded into memory.

    Get-Module -Name AzureAD
    
  2. If you don't see any output in the previous step, use Import-Module to import AzureAD. The -Force parameter removes the loaded module and then imports it again.

    Import-Module -Name AzureAD -Force
    
  3. Run Get-Module again.

    Get-Module -Name AzureAD
    

    You should see output similar to the following:

    ModuleType Version    Name                                ExportedCommands
    ---------- -------    ----                                ----------------
    Binary     2.0.2.140  AzureAD                             {Add-AzureADApplicationOwner, Add-AzureADDeviceRegisteredO...
    

AzureADPreview module

To use PowerShell commands to do the following:

  • Assign roles to users or groups
  • Remove a role assignment
  • Make a group eligible for a role using Privileged Identity Management
  • Create custom roles

You must have the following module installed:

Check AzureADPreview version

To check which version of AzureADPreview you have installed, use Get-InstalledModule.

Get-InstalledModule -Name AzureADPreview

You should see output similar to the following:

Version    Name                                Repository           Description
-------    ----                                ----------           -----------
2.0.2.149  AzureADPreview                      PSGallery            Azure Active Directory V2 Preview Module. ...

Install AzureADPreview

If you don't have AzureADPreview installed, use Install-Module to install AzureADPreview.

Install-Module -Name AzureADPreview

Update AzureADPreview

To update AzureADPreview to the latest version, re-run Install-Module.

Install-Module -Name AzureADPreview

Use AzureADPreview

To use AzureADPreview, follow these steps to make sure it is imported into the current session.

  1. Use Get-Module to check if AzureADPreview is loaded into memory.

    Get-Module -Name AzureADPreview
    
  2. If you don't see any output in the previous step, use Import-Module to import AzureADPreview. The -Force parameter removes the loaded module and then imports it again.

    Import-Module -Name AzureADPreview -Force
    
  3. Run Get-Module again.

    Get-Module -Name AzureADPreview
    

    You should see output similar to the following:

    ModuleType Version    Name                                ExportedCommands
    ---------- -------    ----                                ----------------
    Binary     2.0.2.149  AzureADPreview                      {Add-AzureADAdministrativeUnitMember, Add-AzureADApplicati...
    

Next steps