New-EntraBetaAdministrativeUnitMember
Create a new object as a member of the administrative unit. Currently only group objects are supported.
Syntax
Default (Default)
New-EntraBetaAdministrativeUnitMember
-AdministrativeUnitId <String>
[-GroupTypes <System.Collections.Generic.List`1[System.String]>]
[-AssignedLabels <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AssignedLabel]>]
[-OdataType <String>]
[-Description <String>]
-SecurityEnabled <Boolean>
[-IsAssignableToRole <Boolean>]
[-ProxyAddresses <System.Collections.Generic.List`1[System.String]>]
-DisplayName <String>
[-Visibility <String>]
-MailEnabled <Boolean>
-MailNickname <String>
[-MembershipRule <String>]
[-MembershipRuleProcessingState <String>]
[<CommonParameters>]
Description
The New-EntraBetaAdministrativeUnitMember cmdlet creates a Microsoft Entra ID object as a member of an administrative unit. Specify AdministrativeUnitId, DisplayName, MailNickname, SecurityEnabled and MailEnabled parameters for create a new administrative unit member.
Currently only Microsoft Entra ID groups are supported to create administrative unit members.
For information about creating dynamic groups, see Using attributes to create advanced rules.
Examples
Example 1: Create a dynamic group in an administrative unit
Connect-Entra -Scopes 'AdministrativeUnit.ReadWrite.All'
$params = @{
AdministrativeUnitId = 'bbbbbbbb-1111-2222-3333-cccccccccccc'
OdataType = 'Microsoft.Graph.Group'
DisplayName = 'NewAUMember'
Description = 'createdUnitMember'
MailEnabled = $True
MailNickname = 'new'
SecurityEnabled = $False
GroupTypes = @('Unified', 'DynamicMembership')
MembershipRule = "(user.department -contains 'Marketing')"
MembershipRuleProcessingState = 'On'
IsAssignableToRole = $false
Visibility = 'Public'
ProxyAddresses = @('SMTP:Ahiresh@M365x99297270.onmicrosoft.com')
}
New-EntraBetaAdministrativeUnitMember @params
Id DeletedDateTime
-- ---------------
dddddddd-2222-2222-3333-cccccccccccc
This command creates a new dynamic group in an administrative unit with the following rule:
`user.department -contains "Marketing"`
The double quotation marks are replaced with single quotation marks.
The processing state is On. It means that all users in the directory that qualify the rule are added as members to the group. Any users that don't qualify are removed from the group.
Parameters
-AdministrativeUnitId
Specifies the AdministrativeUnitId of a Microsoft Entra ID administrative unit.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Id |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-AssignedLabels
This parameter allows the assignment of sensitivity labels to groups. For more information on how sensitivity labels can be assigned to groups, refer to Assign sensitivity labels
Parameter properties
| Type: | System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AssignedLabel] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Description
Specifies a description for the group.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DisplayName
Specifies a display name for the group.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-GroupTypes
Specifies that the group is a dynamic group. To create a dynamic group, specify a value of DynamicMembership.
Parameter properties
| Type: | System.Collections.Generic.List`1[System.String] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-IsAssignableToRole
Flag indicates whether group can be assigned to a role. This property can only be set at the time of group creation and can't be modified on an existing group.
Parameter properties
| Type: | System.Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-MailEnabled
Specifies whether this group is mail enabled.
Currently, you can't create mail enabled groups in Microsoft Entra ID.
Parameter properties
| Type: | System.Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-MailNickname
Specifies a mail nickname for the group. If MailEnabled is $False, you must still specify a mail nickname.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-MembershipRule
Specifies the membership rule for a dynamic group.
For more information about the rules that you can use for dynamic groups, Using attributes to create advanced rules
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-MembershipRuleProcessingState
Specifies the rule processing state. The acceptable values for this parameter are:
- "On". Process the group rule.
- "Paused". Stop processing the group rule.
Changing the value of the processing state doesn't change the members list of the group.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-OdataType
Specifies the odata type of the object to create in the administrative unit.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ProxyAddresses
Sets the proxyAddresses attribute.
Parameter properties
| Type: | System.Collections.Generic.List`1[System.String] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-SecurityEnabled
Specifies whether the group is security enabled. For security groups, this value must be $True.
Parameter properties
| Type: | System.Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Visibility
This parameter determines the visibility of the group's content and members list. This parameter can take one of the following values:
- "Public" - Anyone can view the contents of the group
- "Private" - Only members can view the content of the group
- "HiddenMembership" - Only members can view the content of the group and only members, owners, Global/Company Administrator, User Administrator and Helpdesk Administrators can view the members list of the group.
If no value is provided, the default value will be "Public".
Notes:
- This parameter is only valid for groups that have the groupType set to "Unified".
- If a group has this attribute set to "HiddenMembership", it can't be changed later.
- Anyone can join a group that has this attribute set to "Public". If the attribute is set to Private or HiddenMembership, only owner(s) can add new members to the group and requests to join the group need approval of the owner(s).
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.