What is the difference between PowerShell versions and their abilities to manage Azure Active Directory?

3
votes

Microsoft products give me a hard time due to their incredibly poor documentation and PowerShell is no exception. I have been working with different versions of PowerShell so far, but I'm still far away from understanding the different versions, especially when it comes to Azure.

As far as I understand PowerShell 5 is discontinued, and so is the PowerShell ISE. Following Microsoft's recommendation I switched to the latest version 7 and Visual Studio Code. I have to admit, they work together quite well. (Still I wonder why there is no native support for developing PowerShell in Visual Studio.)

For Azure, there have been the Azure, AzureRM, msol and Az Modules. The latter one is obviously the latest one replacing Azure and AzureRM. As we know, they don't work together, are not up/downwards compatible and at the same time they don't provide the same functionality.

Now I wanted to add a domain to an Azure Active Directory using PowerShell. The only cmdlet I found is New-AzureAdDomain - which does not work in PowerShell 7. After some research I discovered this article which tells me that I cannot use PowerShell 7 but rather should use PowerShell 6 instead:

For the Azure Active Directory PowerShell for Graph module, you must use PowerShell version 5.1 or later. For the Microsoft Azure Active Directory Module for Windows PowerShell module, you must use PowerShell version 5.1 or later up to PowerShell version 6. You cannot use PowerShell version 7.

To me PowerShell versions and its Azure modules just appear to be a rather huge mess. But I assume this might just appear like this due to my lack of understanding how they are actually supposed to work together. I'd appreciate if someone could shed some light on this? Originally, my question should have been something like "How can I add a domain to an AAD using PowerShell 7" but I hope to understand the concept behind it, maybe this enables me to help myself.

2
azurepowershellazure-active-directoryazure-powershell
For Azure AD related commands you need to install the AzureAD module. That is not the same as the Az Module. docs.microsoft.com/en-us/powershell/module/azuread/…Daniel Björk
Worth noting that I am using AzureAd.Standard.Preview that seems to work okay with PowerShell 7. The only issue is that you may have conflicts between the Az.Accounts module and the Azure AD one because the latter uses some newer versions of certain assemblies. Sometimes it works to just load the newer dependencies first. I replaced the older ones in the modules, but can't advise this as any type of good practice.Ash

2 Answers

6
votes

It is a mess. First of all don't confuse versions WindowsPowershell and PowershellCore.

Powershell 1.0 - 5.1 are all WindowsPowershell, which means they come with Windows OS and work only on Windows.

Powershell 6.0+ are PowershellCore versions and they do not come with any OS(yet) and are cross-platform. These two types can coexist on the same Windows machine as they do not even use the same name for the application exe.

Why did they separate them? Well, on windows you have .NET Framework which is a bunch of libraries written in c# that you can use in your applications so you don't have to write your code for everything. Net Framework however is Windows only, so it tied C# to Windows basically. Microsoft realized that to make C# more interesting, they will have to make it cross-platform so they came up with Net Core. It is a cross-platform edition of Net Framework. Available on Linux, MacOs and Windows. Powershell is built on Net Framework so they saw the opportunity to create a new version of Powershell that is also cross-platform. So WindowsPowershell is based on Net Framework and PowershellCore is based on Net Core. Microsoft plans to merge Net Framework and Net Core in version 5.0. Do not know whether they want to merge Powershell versions also, but they called it Powershell 7 and not PowershellCore 7 like they did with version 6.

The main issue with PowershellCore was the modules that were a part of other products. Take SCCM, AD or others. You get those modules by having a WindowsServer and installing those features. Or on client machines you would install RSAT. Most of these modules are now available in version 7.

When it comes to Azure modules, you can download Azure modules from https://github.com/Azure/azure-powershell/releases/latest and you can use either version of Powershell. If you need specifically AzureAD: https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-adv2?view=azureadps-2.0

You can read more about Powershell here: https://devblogs.microsoft.com/powershell/announcing-PowerShell-7-0/

0
votes

Just a note on the Azure modules. Azure went through a big change (kind of V1 vs V2) with the addition of Resource Manager. The old verb-AzureNOUN library was for the pre-Resource Manager Azure. The verb-AzureRMnoun version was just a bit too much typing with the "AzureRM" prefix. The latest verb-AzNOUN version is almost a one to one match with the AzureRM version. So mostly a name change.

Each cmdlet library/module is targeted to a version of PowerShell, so before using a module, check to see which version is required. The PowerShellCore versions are still kind of "work in progress" when looking at Windows administration. PowerShell 5.1 is still my "go to" version unless I'm working in a non-Windows environment.