Microsoft Azure Microsoft Azure: AD - Users

Summary

This module contains actions for viewing and managing Azure AD Users.

Actions

azure.ad.users.

create

Create a new user.

Minimum Plugin Version: 2.0.0

Input
  • azure_client: an AzureClient dictionary

  • display_name: a display name for the user

  • user_principal_name: a user principal name in user@domain format

  • mail_nickname: a mail alias for the user

  • enabled: set to true to create the user in an enabled state (defaults to false)

  • password: a password to set for the user

  • force_password_change: set to true to force password reset on first logon (defaults to false)

  • additional_properties: a dictionary containing any other attributes to set (see here for more information)

Output

A single User dictionary.

Example
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
- azure.ad.users.create:
    display_name: John Smith
    user_principal_name: john.smith@domain.com
    mail: john.smith@domain.com
    mail_nickname: john.smith
    enabled: true
    password: "{{ new_password }}"
  load:
    azure_client: azure_secrets
  save: new_user

azure.ad.users.

delete_by_id

Delete the user with the supplied object ID.

Minimum Plugin Version: 2.0.0

Input
  • azure_client: an AzureClient dictionary

  • object_id: the user's object ID

Delete Permissions

Deleting an object requires your API application in Azure to be assigned the Global Administrators role.

Output

Nothing is outputted by this action.

Example
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
- azure.ad.users.get_by_name:
    name: John Smith
  load:
    azure_client: azure_client
  save: user

- azure.ad.users.delete_by_id:
  load:
    object_id: user.object_id
    azure_client: azure_secrets

azure.ad.users.

delete_by_principal_name

Delete the user with the supplied user principal name.

Minimum Plugin Version: 2.0.0

Input
  • azure_client: an AzureClient dictionary

  • name: the name of the user to delete

Delete Permissions

Deleting an object requires your API application in Azure to be assigned the Global Administrators role.

Output

Nothing is outputted by this action.

Example
1
2
3
4
- azure.ad.users.delete_by_principal_name:
    name: John Smith
  load:
    azure_client: azure_secrets

azure.ad.users.

exists

Establish whether a user exists with the supplied principal name.

Minimum Plugin Version: 2.0.0

Input
  • azure_client: an AzureClient dictionary

  • principal_name: the principal name to search for

Output

A boolean is outputted by this action:

  • true if a user exists

  • false if no user exists

Example
1
2
3
4
5
- azure.ad.users.exists:
    principal_name: john.smith@domain.com
  load:
    azure_client: azure_secrets
  save: exists

azure.ad.users.

get_all

Get all AD users.

Minimum Plugin Version: 1.0.0

Input
Output

A list of User dictionaries.

Example
1
2
3
4
- azure.ad.users.get_all:
  load:
    azure_client: azure_secrets
  save: all_users

azure.ad.users.

get_by_id

Get the user with the supplied object ID.

Minimum Plugin Version: 2.0.0

Input
  • azure_client: an AzureClient dictionary

  • object_id: the user object ID

Output

A single User dictionary.

Example
1
2
3
4
5
- azure.ad.users.get_by_id:
  load:
    object_id: user_object_id
    azure_client: azure_secrets
  save: user

azure.ad.users.

get_by_name

Get all users with the supplied display name.

Minimum Plugin Version: 1.0.0

Input
  • azure_client: an AzureClient dictionary

  • name: the user display name

Output

A list of User dictionaries.

Example
1
2
3
4
5
- azure.ad.users.get_by_name:
    name: Jon Smith
  load:
    azure_client: azure_secrets
  save: user

azure.ad.users.

get_by_principal_name

Get the user with the supplied user principal name.

Minimum Plugin Version: 2.0.0

Input
  • azure_client: an AzureClient dictionary

  • user_principal_name: the user's principal name

Output

A single User dictionary.

Example
1
2
3
4
5
- azure.ad.users.get_by_principal_name:
    principal_name: john.smith@domain.com
  load:
    azure_client: azure_secrets
  save: user

azure.ad.users.

group_memberships

Get an all group memberships for an AD user

Minimum Plugin Version: 2.0.0

Input
  • azure_client: an AzureClient dictionary

  • object_id: the user's object ID

Output

A list of Group dictionaries.

Example
1
2
3
4
5
- azure.ad.users.group_memberships:
  load:
    object_id: user.object_id
    azure_client: azure_secrets
  save: user_groups

azure.ad.users.

input_table

Display users in a table, & allow the task operator to make a selection.

The table will have the following columns:

  • Display Name
  • Principal Name
  • Object ID

Minimum Plugin Version: 2.0.0

Input
  • text: the title of the table

  • users: a single or list of User Dictionaries to display in the table

  • minimum: the minimum number of acceptable selections

  • maximum: the maximum number of acceptable selections

Output

A list of User dictionaries.

Tip
  • If neither a minimum or maximum is provided, the task operator will be able to submit 0 selections.
  • If minimum or maximum are provided, the operation will repeat until the task operator makes a valid number of selections.
Example
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
- active_directory.users.get_all:
  load:
    azure_client: azure_client
  save: all_users

- active_directory.users.input_table:
    text: Please select up to 3 users
    minimum: 1
    maximum: 3
  load:
    users: all_users
  save: selected_users

azure.ad.users.

output_table

Display a list of users in a table.

The table will have the following columns:

  • Display Name
  • Principal Name
  • Object ID

Minimum Plugin Version: 2.0.0

Input
  • text: the title of the table

  • users: a single or list of User dictionaries to display in the table

Output

Nothing is outputted by this action.

Example
  • Show a list of users in a table
1
2
3
4
- azure.ad.users.output_table:
    text: Users in Group
  load:
    users: group_users

azure.ad.users.

set_password

Set a user's password.

Minimum Plugin Version: 2.0.0

Input
  • azure_client: an AzureClient dictionary

  • object_id: the user's object ID

  • password: the password to set

  • force_password_change: set to true to force password reset on next logon (defaults to false)

Output

Nothing is outputted by this action.

Example
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
- azure.ad.users.get_by_name:
    name: John Smith
  load:
    azure_client: azure_client
  save: user

- azure.ad.users.set_password:
    password: "{{ new_password }}"
  load:
    object_id: user.object_id
    azure_client: azure_secrets
  save: new_user

azure.ad.users.

update

Update one or more attributes for a user.

Minimum Plugin Version: 2.0.0

Input
  • azure_client: an AzureClient dictionary

  • object_id: the user object ID

  • updates: an attribute update dictionary (see Update Attributes below for more information)

Update Attributes

The following attributes can be supplied directly in the updates dictionary:

  • usage_location
  • given_name
  • surname
  • account_enabled
  • display_name
  • user_principal_name
  • mail_nickname

Attributes not listed above must be supplied inside the following key in the updates dictionary:

  • additional_properties

The example below demonstrates how to do this.

Output

Nothing is outputted by this action.

Example
1
2
3
4
5
6
7
8
- azure.ad.users.update:
    updates:
      mail_nickname: john.smith
      additional_properties:
        mail: john.smith@domain.com
  load:
    object_id: user.object_id
    azure_client: azure_secrets