Managing licenses with AzureAD V2 PowerShell module

Page content

On november 17th, a new version of the AzureAD PowerShell module was released to the gallery. This can be found here: https://www.powershellgallery.com/packages/AzureAD/2.0.0.30

In the old MSOnline module there were two commands used to change assigned licenses to a user. First we had the Set-MsolUserLicense with the parameter ObjectID or UserPrincipalName could be combined with AddLicenses, RemoveLicenses and LicenseOptions. Secondly we had New-MsolLicenseOptions which would create a licenseoptions object.

In the new AzureAD module there still is a command called Set-AzureADUserLicense, but it has only two parametrs, ObjectId and AssignedLicenses. There is no command to create licenseoptions.

Now this can be a bit confusing for the unexperienced PowerShell user, but fear not, we’ll get to the bottom of this!

Let’s start by looking in the help document:

Get-Help -Name Set-AzureADUserLicense -Full

AssignedLicensesParameter

This gives us a hint to use New-Object to create an AssignedLicense object. Let’s try that out!

In my test I used Get-AzureADSubscribedSku to get a list of licenses available to me and found the SkuID of of POWER_BI_STANDARD to be ‘a403ebcc-fae0-4ca2-8c8c-7a907fd6c235’, replace that with the SkuID of your license.

$license = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
$license
$license.SkuId = 'a403ebcc-fae0-4ca2-8c8c-7a907fd6c235'
Set-AzureADUserLicense -ObjectId [email protected] -AssignedLicenses $license

This throws an error stating:

Set-AzureADUserLicense : Cannot bind parameter 'AssignedLicenses'. Cannot convert the "class AssignedLicense { 
    DisabledPlans: 
    SkuId: a403ebcc-fae0-4ca2-8c8c-7a907fd6c235 
} 
" value of type "Microsoft.Open.AzureAD.Model.AssignedLicense" to type "Microsoft.Open.AzureAD.Model.AssignedLicenses". 
At line:1 char:68
+ ... ureADUserLicense -ObjectId [email protected] -AssignedLicenses $license 
+                                                                  ~~~~~~~~ 
    + CategoryInfo          : InvalidArgument: (:) [Set-AzureADUserLicense], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.Open.AzureAD16.PowerShell.SetUserLicenses

This tells us that the object expected by parameter AssignedLicenses is not actually an AssignedLicense object but an AssignedLicenses object. Lets create one of those and see how it looks:

New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses | Get-Member

This tells us that we have two properties, AddLicenses and RemoveLicenses. The AddLicenses is a list of AssignedLicense objects, this is where our object goes. Let’s try this again:

$license = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
$license.SkuId = 'a403ebcc-fae0-4ca2-8c8c-7a907fd6c235'
$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
$AssignedLicenses.AddLicenses = $license
Set-AzureADUserLicense -ObjectId [email protected] -AssignedLicenses $AssignedLicenses

This seems to be working! My user now has a PowerBI Standard license. But I also had a PowerBI Pro license since before, lets see if we can update the code to also remove that one. Note that the property RemoveLicenses on our AssignedLicenses object above is a list of strings. My PowerBI Pro license has a SkuID of ‘f8a1db68-be16-40ed-86d5-cb42ce701560'.

$license = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
$license.SkuId = 'a403ebcc-fae0-4ca2-8c8c-7a907fd6c235'
$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
$AssignedLicenses.AddLicenses = $license
$AssignedLicenses.RemoveLicenses = 'f8a1db68-be16-40ed-86d5-cb42ce701560'
Set-AzureADUserLicense -ObjectId [email protected] -AssignedLicenses $AssignedLicenses

Works like a charm! And my Office 365 E1 license that was assigned from the beginning of this is still there and wasn’t touched at all. By using Get-Help and Get-Member we have now figured out how to use Set-AzureADUserLicense in the new AzureAD PowerShell Module and we’ve made a few learnings:

  • Parameter AssignedLicenses takes an object of type icrosoft.Open.AzureAD.Model.AssignedLicenses
  • This object has two properties, AddLicenses and RemoveLicenses
  • AddLicenses takes a list of Microsoft.Open.AzureAD.Model.AssignedLicense objects.
  • RemoveLicenses takes a list of strings containing SkuIds
  • Already assigned licenses that are not part of either AddLicenses or RemoveLicenses are left untouched