Hi Everyone!

I recently had the opportunity to use PowerShell to update AzureAD user attributes. This is different from what I normally do as we still leverage an on-prem AD setup.

I’d never used the command before but I know PowerShell and I’m fairly confident with the AD PowerShell commands.

The mission at hand was this: Update AzureAD user attributes so that the Marketing department had new address information

The first and rather dirty method I put together as a proof-of-concept is below:

	$marketingUsers = Get-AzureADUser –Filter "Department eq 'Marketing'"
	foreach($user in $marketingUsers){
	Set-AzureADUser –ObjectID $user `
	–StreetAddress '51 River St.' `
	–City 'Ridgefield' `
	–State 'CT' `
	–PostalCode '06877' `
	–Country 'United States'
	}

view raw dirtyGetAndUpdateAzureADAttributes.ps1 hosted with ❤ by GitHub

I know right, it’s ugly. It’s lacking any form of error checking, there’s no host output and it’s hard to read.

What I did next was put my code behind a few checks. You can see the improved code below:

	#Get all marketing users
	$marketingUsers = $null
	try {
	$marketingUsers = Get-AzureADUser –Filter "Department eq 'Marketing'" –ErrorAction Stop
	}catch{
	#Output the error message if any
	Write-Host "Failed to collect Marketing users!" –ForegroundColor Red
	Write-Host $_.ScriptStackTrace –ForegroundColor Red
	}
	#Checking if there are no marketing users found
	if (!$marketingUsers){
	Write-Host "No Marketing users found"
	return;
	}
	#Run through each user and update
	foreach($user in $marketingUsers){
	try{
	Set-AzureADUser –ObjectID $user `
	–StreetAddress '51 River St.' `
	–City 'Ridgefield' `
	–State 'CT' `
	–PostalCode '06877' `
	–Country 'United States' `
	–ErrorAction Stop
	}catch{
	Write-Host "Failed to update $user" –ForegroundColor Red
	Write-Host $_.ScriptStackTrace
	}
	}

view raw lessDirtyGetAndUpdateAzureADAttributes.ps1 hosted with ❤ by GitHub

This was looking much better, it handles error nicely but there is still room for improvement…

I want to implement splatting and also look into ways to speed the script up!

I wanted to take a look into speed first. I know there are subtle different between using the -filter parameter and piping the results into a Where-Object commandlet. Lets run some tests!

I ran the below commands 5 times to get an average using Measure-Command and outputted in total miliseconds:

Crazy! Switching from the -filter parameter to using the pipeline more than halved the time it took for the command to run!

Next was to build the hashtable for splatting in the Set-AzureADUser parameters before building the final version. This was simple done by using the below code:

	#51 River St., Ridgefield, CT 06877
	#Randomly generated fake address
	#New props in a hashtable for splatting
	$newProps = @{
	StreetAddress = '51 River St.'
	City = 'Ridgefield'
	State = 'CT'
	PostalCode = '06877'
	Country = 'United States'
	}

view raw azureADAttributeUpdateHashtable.ps1 hosted with ❤ by GitHub

This now means I can simplify the Set-AzureADUser command.

You can find the full and finished script below:

	#51 River St., Ridgefield, CT 06877
	#New props in a hashtable for splatting
	$newProps = @{
	StreetAddress = '51 River St.'
	City = 'Ridgefield'
	State = 'CT'
	PostalCode = '06877'
	Country = 'United States'
	}
	#Get all marketing users
	$marketingUsers = $null
	try {
	$marketingUsers = Get-AzureADUser –ErrorAction Stop | `
	Where-Object {$_.Department -eq 'Marketing'}
	}catch{
	#Output the error message if any
	Write-Host "Failed to collect Marketing users!" –ForegroundColor Red
	Write-Host $_.ScriptStackTrace –ForegroundColor Red
	}
	#Checking if there are no marketing users found
	if (!$marketingUsers){
	Write-Host "No Marketing users found"
	return;
	}
	#Running through each user
	foreach ($user in $marketingUsers){
	try{
	Set-AzureADUser –ObjectId $user $newProps –ErrorAction Stop
	}catch{
	Write-Host "Failed to update $user" –ForegroundColor Red
	Write-Host $_.ScriptStackTrace
	}
	}

view raw cleanGetAndUpdateAzureADAttribute.ps1 hosted with ❤ by GitHub

Enjoy!