Table of Contents
To create a new user in Azure Active Directory, perform the following steps:
The user will now be created and shown in the list of users within Azure AD. The new user will receive an email with their login information and a prompt to set up their account.
Example:
Name: John Doe
User name: [email protected]
Roles: User (no administrative roles)
Groups in Azure Active Directory are useful for organizing users and managing access to resources. Here’s how to create a group and add users to it:
After the group has been created, it will appear in the list of groups, and the members you added will be part of the group.
Example:
Group Type: Security
Group Name: Cloud Administrators
Description: This group contains users who have administrative access to cloud resources.
Membership Type: Assigned
Members: John Doe, Jane Smith
Feature | Azure AD User | Azure AD Group |
---|---|---|
Purpose | Individual identity | Collection of users |
Scope | Single authentication entity | Broad access management |
Usage | Access to resources | Assign permissions to many |
Management | Individual settings | Group-based settings |
Types | Guest or member | Security or Microsoft 365 |
Assignment | Direct or inherited roles | Direct membership or dynamic rules |
When managing users and groups, it’s important to follow certain best practices:
Understanding how to effectively create and manage users and groups is essential for an Azure Administrator. Mastery of these concepts will aid candidates in passing the AZ-104 Microsoft Azure Administrator exam and efficiently managing Azure environments.
Answer: A) True
Explanation: Azure Active Directory is Microsoft’s multi-tenant, cloud-based directory and identity management service which is used to manage users and groups in Azure.
Answer: B) Username
Explanation: While creating a new user, at minimum, a username (UserPrincipalName) is required. The other attributes like Name, Password, and Location can be specified but are not mandatory at creation.
Answer: A) Global Administrator, B) User Administrator
Explanation: Both Global Administrators and User Administrators have permissions to add or delete users within Azure AD.
Answer: A) True
Explanation: Azure Active Directory supports dynamic groups for which membership is managed dynamically based on user attributes.
Answer: D) By the Global Administrator using an on-premises Active Directory
Explanation: Password reset for Azure AD users needs to be done through Azure AD services. The on-premises Active Directory controls are not used directly for Azure AD.
Answer: B) False
Explanation: Azure AD supports both manual and dynamic group membership management. Dynamic membership is based on user attributes and their values.
Answer: C) 100
Explanation: An Azure AD group can have up to 100 owners assigned to it.
Answer: B) False
Explanation: Azure AD B2C (Business to Consumer) is designed primarily for managing customer, consumer, and citizen access to public applications, not for internal employee management within an organization.
Answer: A) Security group
Explanation: Security groups in Azure AD are used in conjunction with Azure RBAC to grant access to resources within Azure.
Answer: B) False
Explanation: Guest users can use a Microsoft account but they can also use other types of accounts, such as a work, school, or even a Google account, thanks to Azure AD’s B2B collaboration features.
Answer: C) Guest Inviter
Explanation: The Guest Inviter role allows a user to invite guests into the organization’s Azure AD but doesn’t grant full administrative privileges.
Answer: A) True
Explanation: The “Force password change on next login” option, when enabled during the creation of a new user account, requires the user to change their password the first time they sign in.
Azure Active Directory (Azure AD) is a cloud-based identity and access management service that allows organizations to manage user accounts and access to resources in the cloud.
You can use the New-AzureADUser cmdlet to create a new user account in Azure Active Directory using PowerShell.
The AccountEnabled parameter is used to indicate whether the user account should be enabled or disabled. If set to $true, the account will be enabled; if set to $false, the account will be disabled.
Yes, you can create a user account in Azure Active Directory using the Azure Portal.
To create a new group in Azure Active Directory using the Azure Portal, you can navigate to the “Groups” section of the Azure Active Directory and click on the “+ New group” button.
An assigned group is a group where the membership is manually managed by an administrator, while a dynamic group is a group where membership is determined automatically based on a set of defined rules.
To add a user to a group in Azure Active Directory using the Azure Portal, you can navigate to the “Groups” section of the Azure Active Directory, select the group, and then click on the “Members” tab to add users to the group.
A group rule in Azure Active Directory is used to automatically add or remove members from a group based on their attributes, such as job title, department, or location.
Yes, you can use PowerShell to create a group rule in Azure Active Directory using the New-AzureADMSGroupDynamicMembershipRule cmdlet.
To view the membership of a group in Azure Active Directory using the Azure Portal, you can navigate to the “Groups” section of the Azure Active Directory, select the group, and then click on the “Members” tab to see the list of group members.
Yes, you can add a user to multiple groups in Azure Active Directory to grant them access to different resources.
To remove a user from a group in Azure Active Directory using the Azure Portal, you can navigate to the “Groups” section of the Azure Active Directory, select the group, and then click on the “Members” tab to remove users from the group.
To create a new security group in Azure Active Directory using the Azure Portal, you can navigate to the “Groups” section of the Azure Active Directory, select the “+ New group” button, and then choose the “Security” option for the group type.
If this material is helpful, please leave a comment and support us to continue.