Wednesday, June 11, 2025

MSGraph- Disable EntraID (AAD) sync and revert users to cloud.

 Install-Module Microsoft.Graph.Identity.DirectoryManagement -Scope AllUsers -Force

Import-Module Microsoft.Graph.Identity.DirectoryManagement

Connect-MgGraph -Scopes "Organization.ReadWrite.All", "Directory.ReadWrite.All"

$orgId = (Get-MgOrganization).Id


Update-MgOrganization -OrganizationId $orgId -OnPremisesSyncEnabled:$false

(Get-MgOrganization).OnPremisesSyncEnabled

# Should return: False


Posted by at No comments:

MSGraph- Force Password Change at Next Login / Revoke Token (Log them out)

 To force user to change at next login and log them out.

Install-Module Microsoft.Graph.Users -Scope AllUsers -Force
Install-Module Microsoft.Graph.Users.Actions -Scope AllUsers -Force

Import-Module Microsoft.Graph.Users

Import-Module Microsoft.Graph.Users.Actions

Connect-MgGraph -Scopes "User.ReadWrite.All", "Directory.AccessAsUser.All"

    $email = "user@domain.com"

    # Force password change at next login
    Update-MgUser -UserId $email -PasswordProfile @{ ForceChangePasswordNextSignIn = $true }

    # Confirm it's flagged
    Get-MgUser -UserId $email -Property PasswordProfile | Select-Object UserPrincipalName, @{Name="ForceChange";Expression={$_.PasswordProfile.ForceChangePasswordNextSignIn}}

    # Revoke sign-in sessions (log them out of everything)
    Revoke-MgUserSignInSession -UserId $email



Posted by at No comments:
Subscribe to: Posts (Atom)