AzureAD Powershell Script to Bulk Change Manager Field

0
votes
  1. My goal would be to have a Powershell script that can import a CSV to bulk change a users manager field in AzureAD. The CSV would have 2 columns, one with the user and the other with their manager.
  2. I've found scripts to export all users from AzureAD into a CSV, but this doesn't contain a column header for the manager field. I found an AzureAD script than can change the manager field using objectID but that's cumbersome, so ideally I could use an email address for the manager field.
  3. I don't have code to show really, these were pretty basic scripts I found but I'm at best a non Powershell user.
2
powershellazure-active-directorybulk

2 Answers

0
votes

Let us assume that you have below file :

enter image description here

In the left you have the username of the user and on the right you have the username of the new manager.

You could use the below snippet

#connecting to the Azure AD
Connect-AzureAD 

#importing the CSV source which has the changes 
$data = Import-Csv D:\Temp\Book1.csv

#Iterating through each row in the CSV
foreach ($row in $data)
{
#INFO in the Console
Write-Host "Updating the user :"  $row.'User Username'    " manager to "  $row.'Manager Username'  -ForegroundColor Yellow 

#Updating the Manager 
Set-AzureADUserManager -ObjectId (Get-AzureADUser -ObjectId $row.'User Username').Objectid -RefObjectId (Get-AzureADUser -ObjectId $row.'Manager Username').Objectid

#Completion info in the console for the specified row
Write-Host "Updated." -ForegroundColor Green

}

Explanation :

Step 1 : Connecting to the Azure AD

Step 2: Importing the CSV data that needs to be bulk updated

Step 3 : Iterating through each row, updating the manager field using the commandlet Set-AzureADUserManager

Sample output :

enter image description here

0
votes

Get-AzureADUserManager and Set-AzureADUserManager only accept ObjectID as input, similar to quite a few other AzureAD cmdlets.

You will need to have a multi step approach to achieve the outcome, below are the steps I would take

  1. Get all Azure AD users, e.g. $AllAzureADUser = Get-AzureADUser -All
  2. Use calculated property to populate manager field based on ObjectID of users you iterate through (essentially this is Foreach loop)

$AllAzureADUserWithManager = $AllAzureADUser | select *, @{ Name = "ManagerObjectId"; Expression = { Get-AzureADUserManager $_.ObjectId }}

  1. Now you have all data required in $AllAzureADUserWithManager to make decisions and update the object. If you want to use UPN to update you can just look up the ObjectId based on UPN.

So say you iterating through an object import from CSV which has targetUserUPN and targetManagerUPN as columns:

$TargetUserObjectId = $AllAzureADUserWithManager | Where {$_.UPN -eq $row.targetUserUPN} | select -ExpandProperty ObjectId
$TargetManagerObjectId = $AllAzureADUserWithManager | Where {$_.UPN -eq $row.targetManagerUPN} | select -ExpandProperty ObjectId
Set-AzureADUserManager -ObjectId $TargetUserObjectId -RefObjectId $TargetManagerObjectId

If you need to run this on daily basis consider using a delta and export to csv previous runs and Filter down to only what is required if you have large number of users.