It is necessary to use the Set-QADUser cmdlet and set specific attributes using the -ObjectAttributes parameter. This can be done in a standalone script or in a custom script policy:
#THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, #INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTBILITY AND/OR FITNESS FOR A PARTICULAR #PURPOSE.
#IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED, PLEASE CONTACT ONE IDENTITY CONSULTING SERVICES #OR YOUR ACCOUNT MANAGER.
#PLEASE NOTE THAT ANY MODIFICATIONS TO THE BELOW SCRIPT MAY CAUSE UNDESIRED RESULTS AND/OR BREAK PRODUCT #FUNCTIONALITY.
#TAKEN FROM THE FOLLOWING PUBLIC RESOURCE:
#TITLE: HOW TO: Azure-enabling an existing User via the Active Roles Management Shell
#SOLUTION: 326460
#URL: https://support.oneidentity.com/kb/326460
EXAMPLE:
Get-QADUser "Test McAzure97" -proxy | Set-QADUser -proxy -ObjectAttributes @{edsaAzureUserPassword="temporaryPassword123";edsaAzureUserAccountEnabled=$TRUE;edsvaAzureOffice365Enabled=$TRUE;edsaAzureUserPrincipalName="Test.McAzure97@domain.onmicrosoft.com";edsvaAzureAssociatedTenantId="XXX-XXX-XXX";edsaAzureUserUsageLocation="US"}
NOTE: The values for edsaAzureUserPrincipalName and edsvaAzureAssociatedTenantId will be different for each environment. Setting the edsvaAzureAssociatedTenantId attribute is only required in Active Roles 7.4.3 and later versions.
In Azure-connected Active Roles environments, the Azure Tenant ID can be obtained from the Active Roles Web Interface by navigating to:
Directory Management
Views | Azure | Azure Configuration | Azure Tenants
Click on <tenant name>.onmicrosoft.com
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center