Set-EntraUser
Updates a user.
Syntax
Set-EntraUser
-ObjectId <String>
[-PostalCode <String>]
[-CompanyName <String>]
[-GivenName <String>]
[-Mobile <String>]
[-PreferredLanguage <String>]
[-CreationType <String>]
[-UsageLocation <String>]
[-UserType <String>]
[-AgeGroup <String>]
[-MailNickName <String>]
[-ExtensionProperty <System.Collections.Generic.Dictionary`2[System.String,System.String]>]
[-ConsentProvidedForMinor <String>]
[-ImmutableId <String>]
[-Country <String>]
[-SignInNames <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.SignInName]>]
[-Department <String>]
[-StreetAddress <String>]
[-PasswordPolicies <String>]
[-JobTitle <String>]
[-City <String>]
[-OtherMails <System.Collections.Generic.List`1[System.String]>]
[-UserPrincipalName <String>]
[-DisplayName <String>]
[-AccountEnabled <Boolean>]
[-PasswordProfile <PasswordProfile>]
[-State <String>]
[-TelephoneNumber <String>]
[-Surname <String>]
[-ShowInAddressList <Boolean>]
[<CommonParameters>] Description
The Set-EntraUser cmdlet updates a user in Microsoft Entra ID. Specify the ObjectId parameter to update a user in Microsoft Entra ID.
Examples
Example 1: Update a user
Connect-Entra -Scopes 'User.ReadWrite.All','Directory.AccessAsUser.All'
$user = Get-EntraUser -ObjectId 'SawyerM@contoso.com'
$params = @{
ObjectId = $user.ObjectId
DisplayName = 'Updated user Name'
}
Set-EntraUser @paramsThis example updates the specified user's Display name parameter.
-ObjectIdSpecifies the ID as a user principal name (UPN) or ObjectId.
Example 2: Set the specified user's AccountEnabled parameter
Connect-Entra -Scopes 'User.ReadWrite.All','Directory.AccessAsUser.All'
$params = @{
ObjectId = 'SawyerM@contoso.com'
AccountEnabled = $true
}
Set-EntraUser @paramsThis example updates the specified user's AccountEnabled parameter.
-ObjectIdSpecifies the ID as a user principal name (UPN) or ObjectId.-AccountEnabledSpecifies whether the account is enabled.
Example 3: Set all but specified users as minors with parental consent
Connect-Entra -Scopes 'User.ReadWrite.All','Directory.AccessAsUser.All'
Get-EntraUser -All | Where-Object -FilterScript { $_.DisplayName -notmatch '(George|James|Education)' } |
ForEach-Object { Set-EntraUser -ObjectId $($_.ObjectId) -AgeGroup 'minor' -ConsentProvidedForMinor 'granted' }This example updates the specified user's as minors with parental consent.
-ObjectIdSpecifies the ID as a user principal name (UPN) or ObjectId.-ConsentProvidedForMinorSets whether consent has to obtained for minors. Allowed values: null, granted, denied, and notRequired.
Example 4: Set the specified user's property
Connect-Entra -Scopes 'User.ReadWrite.All','Directory.AccessAsUser.All'
$params = @{
ObjectId = 'SawyerM@contoso.com'
City = 'Add city name'
CompanyName = 'Microsoft'
Country = 'Add country name'
Department = 'Add department name'
GivenName = 'Mircosoft'
ImmutableId = '#1'
JobTitle = 'Manager'
MailNickName = 'Add mailnickname'
Mobile = '9984534564'
OtherMails = 'test12@M365x99297270.OnMicrosoft.com'
PasswordPolicies = 'DisableStrongPassword'
State = 'UP'
StreetAddress = 'Add address'
UserType = 'Member'
}
Set-EntraUser @paramsThis example updates the specified user's property.
-ObjectIdSpecifies the ID as a user principal name (UPN) or ObjectId.-UserTypeclassify user types in your directory, such as "Member" and "Guest."-PasswordPoliciesSpecifies password policies for the user.-OtherMailsSpecifies other email addresses for the user
Example 5: Set the specified user's PasswordProfile parameter
Connect-Entra -Scopes 'Directory.AccessAsUser.All'
$params= @{
ObjectId = 'SawyerM@contoso.com'
PasswordProfile = @{
Password= '*****'
ForceChangePasswordNextLogin = $true
EnforceChangePasswordPolicy = $false
}
}
Set-EntraUser @paramsThis example updates the specified user's PasswordProfile parameter.
-ObjectIdSpecifies the ID as a user principal name (UPN) or ObjectId.-PasswordProfilespecifies the user's password profile.
Parameters
-AccountEnabled
Indicates whether the account is enabled.
| Type: | System.Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AgeGroup
Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on ageGroup and consentProvidedForMinor properties. Allowed values: null, minor, notAdult, and adult. See, legal-age-group.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-City
Specifies the user's city.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CompanyName
The company name, which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length of the company name is 64 characters.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ConsentProvidedForMinor
Sets whether consent has to obtained for minors. Allowed values: null, granted, denied, and notRequired.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Country
Specifies the user's country.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CreationType
Indicates whether the user account is a local account for a Microsoft Entra ID B2C tenant. Possible values are "LocalAccount" and null. When creating a local account, the property is required and you must set it to "LocalAccount". When creating a work or school account, don't specify the property or set it to null.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Department
Specifies the user's department.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisplayName
Specifies the user's display name.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ExtensionProperty
Add data to custom user properties as the basic open extensions or the more versatile schema extensions.
| Type: | System.Collections.Generic.Dictionary`2[System.String,System.String] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-GivenName
Specifies the user's given name.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ImmutableId
This property links an on-premises Active Directory user account to its Microsoft Entra ID user object. You must specify this property when creating a new user account in Graph if the user's userPrincipalName uses a federated domain.
Important: Do not use the $ and _ characters when specifying this property.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-JobTitle
Specifies the user's job title.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-MailNickName
Specifies a nickname for the user's mail address.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Mobile
Specifies the user's mobile phone number.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ObjectId
Specifies the ID of a user (as a User Principle Name or ObjectId) in Microsoft Entra ID.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-OtherMails
Specifies other email addresses for the user.
| Type: | System.Collections.Generic.List`1[System.String] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PasswordPolicies
Specifies password policies for the user.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PasswordProfile
Specifies the user's password profile.
| Type: | PasswordProfile |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PostalCode
Specifies the user's postal code.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PreferredLanguage
Specifies the user's preferred language.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ShowInAddressList
Set to True to show this user in the address list.
| Type: | System.Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SignInNames
The list of sign in names for this user
| Type: | System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.SignInName] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-State
Specifies the user's state.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-StreetAddress
Specifies the user's street address.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Surname
Specifies the user's surname.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-TelephoneNumber
Specifies the user's telephone number.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UsageLocation
A two letter country or region code (ISO standard 3166). Required for users that assigned licenses due to legal requirement to check for availability of services in country and regions. Examples include: "US," "JP," and "GB." Not nullable.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UserPrincipalName
Specifies the user's user principal name.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UserType
A string value that can be used to classify user types in your directory, such as "Member" and "Guest."
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |