Export (0) Print
Expand All
Expand Minimize

Set-MsolUser

Published: March 22, 2013

Updated: September 17, 2014

Applies To: Azure, Office 365, Windows Intune

noteNote
  • This topic provides online help content for cloud services, such as Windows Intune and Office 365, which rely on Microsoft Azure Active Directory for identity and directory services.

  • The Microsoft Azure Active Directory Module for Windows PowerShell cmdlets were previously known as the Microsoft Online Services Module for Windows PowerShell cmdlets.

The Set-MsolUser cmdlet is used to update a user object. This cmdlet should be used for basic properties only. The licenses, password, and User Principal Name for a user can be updated through the Set-MsolUserLicense, Set-MsolUserPassword, and Set-MsolUserPrincipalName cmdlets respectively.

Set-MsolUser [-AlternateEmailAddresses <string[]>] [-BlockCredential <Boolean>] [-City <string>] [-Country <string>] [-Department <string>] [-DisplayName <string>] [-Fax <string>] [-FirstName <string>] [-ImmutableId <string>] [-LastName <string>] [-MobilePhone <string>] [-ObjectId <Guid>] [-Office <string>] [-PasswordNeverExpires <Boolean>] [-PhoneNumber <string>] [-PostalCode <string>] [-PreferredLanguage <string>] [-State <string>] [-StreetAddress <string>] [-StrongPasswordRequired <Boolean>] [-TenantId <Guid>] [-Title <string>] [-UsageLocation <string>] [-UserPrincipalName <string>] [<CommonParameters>]

    -AlternateEmailAddresses <string[]>
        Alternate email addresses of the user.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -BlockCredential <Boolean>
        When true, the user will not be able to sign in using their user ID.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -City <string>
        The city of the user.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -Country <string>
        The country or region of the user.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -Department <string>
        The department of the user.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -DisplayName <string>
        The display name of the user.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -Fax <string>
        The fax number of the user.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -FirstName <string>
        The first name of the user.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -ImmutableId <string>
        The immutable ID of the user's federated identity. This should be 
        omitted for users with standard identities.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -LastName <string>
        The last name of the user.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -MobilePhone <string>
        The mobile phone number of the user.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -ObjectId <Guid>
        The unique ID of the user.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -Office <string>
        The location of the office of the user.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -PasswordNeverExpires <Boolean>
        Sets whether or not the user's password will expire periodically.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -PhoneNumber <string>
        The phone number of the user.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -PostalCode <string>
        The postal code for the user's location.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -PreferredLanguage <string>
        The preferred language of the user.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -State <string>
        The state or province where the user is located.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -StreetAddress <string>
        The street address of the user.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -StrongAuthenticationRequirements <Microsoft.Online.Administration.StrongAuthenticationRequirement>
        The multi-factor authentication settings of the user.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       false 
        Accept wildcard characters?  false
        
    -StrongPasswordRequired <Boolean>
        Sets whether or not the user requires a strong password.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -TenantId <Guid>
        The unique ID of the tenant to perform the operation on. If this is 
        not provided, then the value will default to the tenant of the current 
        user. This parameter is only applicable to partner users.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -Title <string>
        The title of the user.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -UsageLocation <string>
        The location of the user where services are consumed. Must be a 
        two-letter country code.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -UserPrincipalName <string>
        The user ID of the user.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        "get-help about_commonparameters".

The following examples show how the cmdlet can be used.

The following command sets block credential to true for a CCole, which blocks that user from being able to sign in. This command cannot be used on a synced user. If the user is synced, then you would disable the account in the on-premises federated Active Directory Domain Service (AD DS) domain.

Set-MsolUser -UserPrincipalName CCole@contoso.com -blockcredential $true

The following command updates the display name for the specified user.

Set-MsolUser -UserPrincipalName JWarner@contoso.com -DisplayName "Jmie Warner" -Title "Manager" -Department "Finance"

The following command sets the location (country) of this user. The country must be a two-letter ISO code. This can be set for synced users as well as managed users.

Set-MsolUser -UserPrincipalName user@contoso.com -UsageLocation "CA"

The following command sets the multi-factor authentication on this user.

Enable a user:

$st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$st.RelyingParty = "*"
$st.State = “Enabled”
$sta = @($st)
Set-MsolUser -UserPrincipalName user@contoso.com  -StrongAuthenticationRequirements $sta
 

Enforce a user:

$st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$st.RelyingParty = "*"
$st.State = “Enforced”
$sta = @($st)
Set-MsolUser -UserPrincipalName user@contoso.com  -StrongAuthenticationRequirements $sta
 

Disable a user:

$sta = @()
Set-MsolUser -UserPrincipalName user@contoso.com  -StrongAuthenticationRequirements $sta

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft