Prerequisites to use PowerShell or Graph Explorer for Azure AD roles
If you want to manage Azure Active Directory (Azure AD) roles using PowerShell or Graph Explorer, you must have the required prerequisites. This article describes the PowerShell and Graph Explorer prerequisites for different Azure AD role features.
Microsoft Graph PowerShell
To use PowerShell commands to do the following:
- Add users, groups, or devices to an administrative unit
- Create a new group in an administrative unit
You must have the Microsoft Graph PowerShell SDK installed:
AzureAD module
To use PowerShell commands to do the following:
- List role assignments
- Create a role-assignable group
- Manage administrative units
You must have the following module installed:
- AzureAD (current version)
Check AzureAD version
To check which version of AzureAD you have installed, use Get-InstalledModule.
Get-InstalledModule -Name AzureAD
You should see output similar to the following:
Version Name Repository Description
------- ---- ---------- -----------
2.0.2.140 AzureAD PSGallery Azure Active Directory V2 General Availability M...
Install AzureAD
If you don't have AzureAD installed, use Install-Module to install AzureAD.
Install-Module -Name AzureAD
Update AzureAD
To update AzureAD to the latest version, re-run Install-Module.
Install-Module -Name AzureAD
Use AzureAD
To use AzureAD, follow these steps to make sure it is imported into the current session.
Use Get-Module to check if AzureAD is loaded into memory.
Get-Module -Name AzureADIf you don't see any output in the previous step, use Import-Module to import AzureAD. The
-Forceparameter removes the loaded module and then imports it again.Import-Module -Name AzureAD -ForceRun Get-Module again.
Get-Module -Name AzureADYou should see output similar to the following:
ModuleType Version Name ExportedCommands ---------- ------- ---- ---------------- Binary 2.0.2.140 AzureAD {Add-AzureADApplicationOwner, Add-AzureADDeviceRegisteredO...
AzureADPreview module
To use PowerShell commands to do the following:
- Assign roles to users or groups
- Remove a role assignment
- Make a group eligible for a role using Privileged Identity Management
- Create custom roles
You must have the following module installed:
- AzureADPreview (current version)
Check AzureADPreview version
To check which version of AzureADPreview you have installed, use Get-InstalledModule.
Get-InstalledModule -Name AzureADPreview
You should see output similar to the following:
Version Name Repository Description
------- ---- ---------- -----------
2.0.2.149 AzureADPreview PSGallery Azure Active Directory V2 Preview Module. ...
Install AzureADPreview
If you don't have AzureADPreview installed, use Install-Module to install AzureADPreview.
Install-Module -Name AzureADPreview
Update AzureADPreview
To update AzureADPreview to the latest version, re-run Install-Module.
Install-Module -Name AzureADPreview
Use AzureADPreview
To use AzureADPreview, follow these steps to make sure it is imported into the current session.
Use Get-Module to check if AzureADPreview is loaded into memory.
Get-Module -Name AzureADPreviewIf you don't see any output in the previous step, use Import-Module to import AzureADPreview. The
-Forceparameter removes the loaded module and then imports it again.Import-Module -Name AzureADPreview -ForceRun Get-Module again.
Get-Module -Name AzureADPreviewYou should see output similar to the following:
ModuleType Version Name ExportedCommands ---------- ------- ---- ---------------- Binary 2.0.2.149 AzureADPreview {Add-AzureADAdministrativeUnitMember, Add-AzureADApplicati...
Graph Explorer
To manage Azure AD roles using the Microsoft Graph API and Graph Explorer, you must do the following:
Sign in to the Azure portal.
Select Azure Active Directory > Enterprise applications.
In the applications list, find and select Graph explorer.
Select Permissions.
Select Grant admin consent for Graph explorer.
Use Graph Explorer tool.
Next steps
Feedback
Submit and view feedback for