Azure AD: Users

Summary

This module contains actions for managing Users in Azure AD.

Actions

azure_ad.users.

create

Create a user.

This action will do nothing if a user with the supplied principal name already exists.

Minimum Plugin Version: 1.0.0

Required API Permissions

Input

• client: an AzureClient

• display_name: a display name for the user

• mail_nickname: a mail alias for the user

• user_principal_name: the User's principal name

• password: a password to set for the user

• enabled: set to false to create the user in a disabled state (defaults to true)

• force_password_change: set to true to force password reset on first logon (defaults to false)

• force_password_change_mfa: set to true to force password reset with MFA on first logon (defaults to false)

Output

Nothing is outputted by this action.

Example

- azure_ad.users.create:
    display_name: John Smith
    user_principal_name: john.smith@domain.com
    mail: john.smith@domain.com
    mail_nickname: john.smith
    enabled: true
    password: "{{ new_password }}"
  load:
    client: azure_client
  save: new_user

azure_ad.users.

delete

Delete a user.

This action will do nothing if the supplied user does not exist.

Minimum Plugin Version: 1.0.0

Required API Permissions

Input

• client: an AzureClient

• user_principal_name: the User's principal name

Output

Nothing is outputted by this action.

Example

- azure_ad.users.delete:
    user_principal_name: john.smith@domain.com
  load:
    client: azure_client

azure_ad.users.

disable

Disable a user.

Minimum Plugin Version: 1.0.0

Required API Permissions

Input

• client: an AzureClient

• user_principal_name: the User's principal name

Output

Nothing is outputted by this action.

Example

- azure_ad.users.disable:
    user_principal_name: john.smith@domain.com
  load:
    client: azure_client

azure_ad.users.

display

Display users in a table.

The table will have the following columns:

• Display Name
• User Principal Name
• Email Address
• Enabled

Minimum Plugin Version: 1.0.0

Input

• text: the title of the table

• users: any number of Users

Output

Nothing is outputted by this action.

Example

- azure_ad.users.get_all:
  load:
    client: azure_client
  save: users

- azure_ad.users.display:
    text: All Users
  load:
    users: users

azure_ad.users.

enable

Enable a user.

Minimum Plugin Version: 1.0.0

Required API Permissions

Input

• client: an AzureClient

• user_principal_name: the User's principal name

Output

Nothing is outputted by this action.

Example

- azure_ad.users.enable:
    user_principal_name: john.smith@domain.com
  load:
    client: azure_client

azure_ad.users.

force_password_change

Force the supplied user to reset their password at next logon.

Minimum Plugin Version: 1.0.0

Required API Permissions

See passwordProfile in this table for the required API permissions & roles.

Input

• client: an AzureClient

• user_principal_name: the User's principal name

Output

Nothing is outputted by this action.

Example

- azure_ad.users.force_password_change:
    user_principal_name: john.smith@domain.com
  load:
    client: azure_client

azure_ad.users.

get_all

Get all users.

Minimum Plugin Version: 1.0.0

Required API Permissions

Input

• client: an AzureClient

Output

A list of Users.

Example

- azure_ad.users.get_all:
  load:
    client: azure_client
  save: users

azure_ad.users.

get_by_id

Get the user with the supplied user ID.

Minimum Plugin Version: 1.0.0

Required API Permissions

Input

• client: an AzureClient

• user_id: the User ID

Output

A single User.

Example

- azure_ad.users.get_by_id:
  load:
    user_id: group_member.id
    client: azure_client
  save: user

azure_ad.users.

get_by_principal_name

Get the user with the supplied user principal name.

Minimum Plugin Version: 1.0.0

Required API Permissions

Input

• client: an AzureClient

• user_principal_name: the User's principal name

Output

A single User.

Example

- azure_ad.users.get_by_principal_name:
    user_principal_name: john.smith@domain.com
  load:
    client: azure_client
  save: user

azure_ad.users.

get_free_principal_name

Takes a list of user principal names & finds the first that is currently available.

Minimum Plugin Version: 1.0.0

Required API Permissions

Input

• client: an AzureClient

• user_principal_names: a list of userPrincipalNames to check

Output

Either the first available user_principal_name or null if they are all in use.

Example

- azure_ad.users.get_free_principal_name:
    user_principal_names:
      - john.smith@domain.com
      - johnsmith@domain.com
      - j.smith@domain.com
  load:
    client: azure_client
  save: available_name

azure_ad.users.

get_interactive

Allow the task operator to search for & select a User interactively.

Minimum Plugin Version: 1.1.0

Input

• client: an AzureClient

Output

A single User.

Automatic Wildcards

When using this action all provided search terms will have a wildcard appended.

Example

- azure_ad.users.get_interactive:
  load:
    client: azure_client
  save: user

azure_ad.users.

get_manager

Get the supplied user's manager.

Minimum Plugin Version: 1.0.0

Required API Permissions

Input

• client: an AzureClient

• user_principal_name: the User's principal name

Output

Either a User if the supplied user has a manager, or null if they do not.

Example

- azure_ad.users.get_manager:
    user_principal_name: john.smith@domain.com
  load:
    client: azure_client
  save: manager

azure_ad.users.

get_security_groups

Get a list of security groups the supplied user is a member of.

Minimum Plugin Version: 1.0.0

Required API Permissions

Input

• client: an AzureClient

• user_principal_name: the User's principal name

Output

A list of SecurityGroups.

Example

- azure_ad.users.get_security_groups:
    user_principal_name: john.smith@domain.com
  load:
    client: azure_client

azure_ad.users.

remove_manager

Remove the supplied user's manager.

Minimum Plugin Version: 1.0.0

Required API Permissions

Input

• client: an AzureClient

• user_principal_name: the User's principal name

Output

Nothing is outputted by this action.

Example

- azure_ad.users.remove_manager:
    user_principal_name: john.smith@domain.com
  load:
    client: azure_client

azure_ad.users.

select

Display users in a table & prompt the task operator to make a selection.

The table will have the following columns:

• Display Name
• User Principal Name
• Email Address
• Enabled

Minimum Plugin Version: 1.0.0

Input

• text: the title of the table

• users: any number of Users

• minimum: the minimum number of selections

• maximum: the maximum number of selections

Output

A Selection containing:

• total: the number of selected Users

• all: a list of selected Users

• first: the first selected User

Example

- azure_ad.users.get_all:
  load:
    client: azure_client
  save: users

- azure_ad.users.select:
    text: Select Users
  load:
    users: users
  save: selection

azure_ad.users.

select_one

Display users in a table & prompt the task operator to select one.

The table will have the following columns:

• Display Name
• User Principal Name
• Email Address
• Enabled

Minimum Plugin Version: 1.0.0

Input

• text: the title of the table

• users: any number of Users

Output

A single User.

Example

- azure_ad.users.get_all:
  load:
    client: azure_client
  save: users

- azure_ad.users.select_one:
    text: Select a User
  load:
    users: users
  save: user

azure_ad.users.

set_manager

Set the supplied user's manager.

Minimum Plugin Version: 1.0.0

Required API Permissions

Input

• client: an AzureClient

• user_principal_name: the User's principal name

• manager_principal_name: the new manager's principal name

Output

Nothing is outputted by this action.

Example

- azure_ad.users.set_manager:
    user_principal_name: john.smith@domain.com
    manager_principal_name: new.manager@domain.com
  load:
    client: azure_client

azure_ad.users.

set_password

Set a user's password.

Minimum Plugin Version: 1.0.0

Required API Permissions

See passwordProfile in this table for the required API permissions & roles.

Input

• client: an AzureClient

• user_principal_name: the User's principal name

• password: the new password to set

Output

Nothing is outputted by this action.

Example

- azure_ad.users.set_password:
    user_principal_name: john.smith@domain.com
  load:
    password: password
    client: azure_client

azure_ad.users.

update

Update one or more attributes for a user.

Minimum Plugin Version: 1.0.0

Required API Permissions

Input

• client: an AzureClient

• user_principal_name: the User's principal name

• attributes: a dictionary of attribute names & values to set

Valid Attributes

See this Microsoft article for a list of user attributes.

This action will fail if any invalid attributes are supplied.

Output

Nothing is outputted by this action.

Example

- azure_ad.users.update:
    user_principal_name: john.smith@domain.com
    attributes:
      givenName: John
      surname: Smith
      companyName: Acme Corporation
  load:
    client: azure_client