Automate common IT helpdesk tasks in Microsoft Entra ID (Azure AD) using PowerShell and Microsoft Graph API.
This toolkit automates repetitive IT administration tasks, reducing manual effort by up to 80%. Built for IT helpdesk and system administrators managing Microsoft 365 / Entra ID environments.
- User Provisioning — Create single or bulk users with auto-generated passwords
- Group Management — Add/remove users from security groups
- Offboarding — Disable accounts with audit trail
- Reporting — Export user reports and identify inactive accounts
- Automation — All scripts parameterized for easy integration
| Script | Description |
|---|---|
01-Connect-Graph.ps1 |
Establish connection to Microsoft Graph API |
02-Get-AllUsersReport.ps1 |
Export all users to CSV with key attributes |
03-New-User.ps1 |
Create a new user account |
04-Add-UserToGroup.ps1 |
Add user to a security group |
05-Disable-User.ps1 |
Disable user account (offboarding) |
06-Enable-User.ps1 |
Re-enable a disabled account |
07-Find-InactiveUsers.ps1 |
Find users inactive for 90+ days |
08-Bulk-CreateUsers.ps1 |
Bulk create users from CSV file |
- Windows PowerShell 5.1 or PowerShell 7+
- Microsoft Graph PowerShell module
- Global Administrator or User Administrator role in Entra ID
# Install Microsoft Graph module
Install-Module Microsoft.Graph -Scope CurrentUser -Force
# Clone this repository
git clone https://github.com/Amogh-Karankal/PowerShell-IT-Automation.git
cd PowerShell-IT-Automation# Run the connect script
.\01-Connect-Graph.ps1
# Or connect manually with required scopes
Connect-MgGraph -Scopes "User.ReadWrite.All", "Group.ReadWrite.All", "Directory.ReadWrite.All".\03-New-User.ps1 -DisplayName "John Smith" `
-UserPrincipalName "john.smith@contoso.onmicrosoft.com" `
-JobTitle "IT Support" `
-Department "IT"Output:
✅ User created successfully!
Display Name: John Smith
UPN: john.smith@contoso.onmicrosoft.com
Temp Password: Welcome4821!
.\04-Add-UserToGroup.ps1 -UserDisplayName "John Smith" -GroupDisplayName "IT Team".\05-Disable-User.ps1 -UserPrincipalName "john.smith@contoso.onmicrosoft.com".\02-Get-AllUsersReport.ps1
# Output: CSV file saved to Desktop| Permission | Purpose |
|---|---|
User.ReadWrite.All |
Create, update, disable users |
Group.ReadWrite.All |
Manage group memberships |
Directory.ReadWrite.All |
Full directory access |
AuditLog.Read.All |
Sign-in activity (for inactive users) |
| DisplayName | UserPrincipalName | Department | AccountEnabled |
|---|---|---|---|
| John Smith | john.smith@contoso.com | IT | True |
| Jane Doe | jane.doe@contoso.com | HR | True |
| Bob Wilson | bob.wilson@contoso.com | Finance | False |
| DisplayName | LastSignIn | AccountEnabled |
|---|---|---|
| Old Account | 2025-01-15 | True |
| Test User | Never | True |
Edit the password generation in 03-New-User.ps1:
# Current: Welcome + random 4 digits + !
$tempPassword = "Welcome" + (Get-Random -Minimum 1000 -Maximum 9999) + "!"
# Custom: More complex password
$tempPassword = "Temp" + (Get-Random -Minimum 100000 -Maximum 999999) + "!@#"Modify the $newUser hashtable in user creation scripts:
$newUser = @{
DisplayName = $DisplayName
UserPrincipalName = $UserPrincipalName
# Add more attributes:
OfficeLocation = "Building A"
MobilePhone = "+1-555-0100"
UsageLocation = "US"
}- Test in a dev tenant first — Never run untested scripts in production
- Use least privilege — Only request permissions you need
- Secure credentials — Delete CSV files with passwords after use
- Audit logging — All changes are logged in Entra ID audit logs
- Error handling — Scripts include try/catch for graceful failures
Contributions welcome! Feel free to submit issues and pull requests.
This project is licensed under the MIT License.
Amogh Karankal
- GitHub: @Amogh-Karankal
- LinkedIn: Amogh Karankal
PowerShell Microsoft Graph Azure AD Entra ID IT Automation Helpdesk User Provisioning Identity Management Microsoft 365 Sysadmin