Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
Set-EntraUser
Updates a user.
Syntax
Default (Default)
Set-EntraUser
-UserId <String>
[-PostalCode <String>]
[-CompanyName <String>]
[-GivenName <String>]
[-Mobile <String>]
[-PreferredLanguage <String>]
[-CreationType <String>]
[-UsageLocation <String>]
[-UserType <String>]
[-AgeGroup <String>]
[-MailNickName <String>]
[-ExtensionProperty <System.Collections.Generic.Dictionary`2[System.String,System.String]>]
[-ConsentProvidedForMinor <String>]
[-ImmutableId <String>]
[-Country <String>]
[-SignInNames <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.SignInName]>]
[-Department <String>]
[-StreetAddress <String>]
[-PasswordPolicies <String>]
[-JobTitle <String>]
[-City <String>]
[-OtherMails <System.Collections.Generic.List`1[System.String]>]
[-UserPrincipalName <String>]
[-DisplayName <String>]
[-AccountEnabled <Boolean>]
[-PasswordProfile <PasswordProfile>]
[-State <String>]
[-TelephoneNumber <String>]
[-Surname <String>]
[-ShowInAddressList <Boolean>]
[<CommonParameters>]
Description
The Set-EntraUser cmdlet updates a user in Microsoft Entra ID. Specify the UserId parameter to update a user in Microsoft Entra ID.
Update-EntraUser is an alias for Set-EntraUser.
Examples
Example 1: Update a user
Connect-Entra -Scopes 'User.ReadWrite.All'
Set-EntraUser -UserId 'SawyerM@contoso.com' -DisplayName 'Updated user Name'
This example updates the specified user's Display name parameter.
-UserIdSpecifies the ID as a user principal name (UPN) or UserId.
Example 2: Set the specified user's AccountEnabled parameter
Connect-Entra -Scopes 'User.ReadWrite.All'
Set-EntraUser -UserId 'SawyerM@contoso.com' -AccountEnabled $true
This example updates the specified user's AccountEnabled parameter.
-UserIdSpecifies the ID as a user principal name (UPN) or UserId.-AccountEnabledSpecifies whether the account is enabled.
Example 3: Set all but specified users as minors with parental consent
Connect-Entra -Scopes 'User.ReadWrite.All'
Get-EntraUser -All | Where-Object -Property DisplayName -Match '(George|James|Education)' |
ForEach-Object { Set-EntraUser -UserId $($_.Id) -AgeGroup 'minor' -ConsentProvidedForMinor 'granted' }
This example updates the specified user's as minors with parental consent.
-UserIdSpecifies the ID as a user principal name (UPN) or UserId.-ConsentProvidedForMinorSets whether consent has to obtained for minors. Allowed values: null, granted, denied, and notRequired.
Example 4: Set the specified user's property
Connect-Entra -Scopes 'User.ReadWrite.All'
$params = @{
UserId = 'SawyerM@contoso.com'
City = 'Add city name'
CompanyName = 'Microsoft'
Country = 'Add country name'
Department = 'Add department name'
GivenName = 'Sawyer Miller G'
JobTitle = 'Manager'
MailNickName = 'Add mailnickname'
Mobile = '9984534564'
OtherMails = 'johndoe@contosodev.com'
PasswordPolicies = 'DisableStrongPassword'
State = 'UP'
StreetAddress = 'Add address'
UserType = 'Member'
}
Set-EntraUser @params
This example updates the specified user's property.
-UserIdSpecifies the ID as a user principal name (UPN) or UserId.-UserTypeclassify user types in your directory, such as "Member" and "Guest."-PasswordPoliciesSpecifies password policies for the user.-OtherMailsSpecifies other email addresses for the user
Example 5: Set the specified user's PasswordProfile parameter
Connect-Entra -Scopes 'User.ReadWrite.All'
Set-EntraUser -UserId 'SawyerM@contoso.com' -PasswordProfile @{
Password = '*****'
ForceChangePasswordNextSignIn = $true
}
This example updates the specified user's PasswordProfile parameter.
-UserIdSpecifies the ID as a user principal name (UPN) or UserId.-PasswordProfilespecifies the user's password profile.
Example 6: Set user's usage location for license assignment
Connect-Entra -Scopes 'User.ReadWrite.All'
Set-EntraUser -UserId 'SawyerM@contoso.com' -UsageLocation 'US'
This example updates the specified user's Usage Location for license management.
-UserIdSpecifies the ID as a user principal name (UPN) or UserId.-UsageLocationspecifies the user's usage location. Two-letter ISO 3166 country code. Required for licensed users to check service availability. Examples: US, JP, GB. Not nullable.
Example 7: Update user's password policy
Connect-Entra -Scopes 'User.ReadWrite.All'
Get-EntraUser -UserId 'SawyerM@contoso.com' | Set-EntraUser -PasswordPolicies DisablePasswordExpiration
This example updates the specified user's password policy.
Possible values for password policy include:
DisableStrongPassword: Allows weaker passwords than the default policy.DisablePasswordExpiration: Prevents passwords from expiring.
You can specify both values together, for example: DisablePasswordExpiration and DisableStrongPassword. For example, Set-EntraUser -UserId 'SawyerM@contoso.com' -PasswordPolicies "DisablePasswordExpiration,DisableStrongPassword".
Example 8: Set user's extension properties
Connect-Entra -Scopes 'User.ReadWrite.All'
$application = Get-EntraApplication -Filter "DisplayName eq 'Helpdesk Application'"
$extensionName = (Get-EntraApplicationExtensionProperty -ApplicationId $application.Id).Name | Select-Object -First 1
$additionalProperties = @{ $extensionName = "Survey.Report" }
Set-EntraUser -UserId 'SawyerM@contoso.com' -AdditionalProperties $additionalProperties
This example updates the specified user's extension properties, for example, an app role for an application.
-UserIdSpecifies the ID as a user principal name (UPN) or UserId.
Example 9: update user's onPremisesExtension attributes properties
Connect-Entra -Scopes 'User.ReadWrite.All'
Set-EntraUser -UserId 'SawyerM@contoso.com' -AdditionalProperties @{
onPremisesExtensionAttributes = @{
extensionAttribute1 = "Job Group D"
extensionAttribute2 = "Audit Role"
}
}
This example updates the specified user's onPremisesExtensionAttributes properties.
-UserIdSpecifies the ID as a user principal name (UPN) or UserId.
Example 10: update user's phone details
Connect-Entra -Scopes 'User.ReadWrite.All'
Set-EntraUser -UserId 'SawyerM@contoso.com' -BusinessPhones '+1 425 555 0109' -OfficeLocation '18/2111'
This example updates the specified user's onPremisesExtensionAttributes properties.
-UserIdSpecifies the ID as a user principal name (UPN) or UserId.
Parameters
-AccountEnabled
Indicates whether the account is enabled.
Parameter properties
| Type: | System.Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-AgeGroup
Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on ageGroup and consentProvidedForMinor properties. Allowed values: null, minor, notAdult, and adult. See, legal-age-group.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-City
Specifies the user's city.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-CompanyName
The company name, which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length of the company name is 64 characters.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ConsentProvidedForMinor
Sets whether consent has to obtained for minors. Allowed values: null, granted, denied, and notRequired.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Country
Specifies the user's country.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-CreationType
Indicates whether the user account is a local account for a Microsoft Entra ID B2C tenant. Possible values are "LocalAccount" and null. When creating a local account, the property is required and you must set it to "LocalAccount". When creating a work or school account, don't specify the property or set it to null.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Department
Specifies the user's department.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-DisplayName
Specifies the user's display name.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ExtensionProperty
Add data to custom user properties as the basic open extensions or the more versatile schema extensions.
Parameter properties
| Type: | System.Collections.Generic.Dictionary`2[System.String,System.String] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-GivenName
Specifies the user's given name.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ImmutableId
This property links an on-premises Active Directory user account to its Microsoft Entra ID user object. You must specify this property when creating a new user account in Graph if the user's userPrincipalName uses a federated domain.
Important: Do not use the $ and _ characters when specifying this property.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-JobTitle
Specifies the user's job title.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-MailNickName
Specifies a nickname for the user's mail address.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Mobile
Specifies the user's mobile phone number.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-OtherMails
Specifies other email addresses for the user.
Parameter properties
| Type: | System.Collections.Generic.List`1[System.String] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-PasswordPolicies
Specifies password policies for the user.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-PasswordProfile
Specifies the user's password profile.
Parameter properties
| Type: | PasswordProfile |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-PostalCode
Specifies the user's postal code.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-PreferredLanguage
Specifies the user's preferred language.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ShowInAddressList
Set to True to show this user in the address list.
Parameter properties
| Type: | System.Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-SignInNames
The list of sign in names for this user
Parameter properties
| Type: | System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.SignInName] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-State
Specifies the user's state.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-StreetAddress
Specifies the user's street address.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Surname
Specifies the user's surname.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-TelephoneNumber
Specifies the user's telephone number.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-UsageLocation
A two letter country or region code (ISO standard 3166). Required for users that assigned licenses due to legal requirement to check for availability of services in country and regions. Examples include: "US," "JP," and "GB." Not nullable.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-UserId
Specifies the ID of a user (as a User Principle Name or UserId) in Microsoft Entra ID.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | ObjectId, UPN, Identity, UserPrincipalName |
Parameter sets
-UserPrincipalName
Specifies the user's user principal name.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-UserType
A string value that can be used to classify user types in your directory, such as "Member" and "Guest."
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Notes
Update-EntraUser is an alias for Set-EntraUser.
Related Links
Feedback
Was this page helpful?