In our Azure tenant, we have established naming conventions for O365 Groups, because we have a lot of users from different organizations federated in one single tenant, and we want to be able to sort out groups or it becomes total madness.
We have chosen the property CompanyName for this naming convention. From now on let’s call these organizations “companies”, it’ll be easier.
We have the usual 2 kind of users in our tenant: On one hand, the synchronized user from every company’s AD (recognizable with their UPN being firstname.name@thecompany.ext , and on the other hand, classical Cloud Identities directly created online (UPN is firstname.name@tenantname.onmicrosoft.com)
We have an AAD Connector which sync’s to Azure, users’ info from the source AD of every company, and within the numerous Connector Rules, we write for each company, the correct CompanyName (yes, it is hardcoded for each but we have about 20 companies so that is manageable).
But recently, in the context of PowerBI Pro, where in order to create App Workspaces you actually need to create an O365 Group, I have to give the Group Creator to Cloud ID’s who, not being part of any Company, had the CompanyName property to null, and thus couldn’t respect the naming convention, which blocked the group creation.
I just needed a way to update the CompanyName manually, and that’s another story.
I’ve tried the following:
- Set-AzureADUser: you can update almost any property with this, BUT the CompanyName.
- Set-MsolUser: plenty of other parameters to update, but still no CompanyName.
- Found fancy solutions stating the Set-User cmdlet from Exchange (with the -Company argument) would somehow impact the CompanyName in Azure, but it didn’t appear to be true (at least for unsync’d Cloud IDs)
So, ticket to Microsoft, and some nice Tech Support guy first confirmed the attribute was read-only once in Azure and only writable through the Connector Rules, and I felt desperate because I didn’t feel like configuring Connector Rules for unsync’d objects.
Then a second miracle mail came, and Tech Support told me that very recently (February 2019), Microsoft Graph underwent some changes and that the CompanyName is now writable. Not wanting to dive into Graph, this led him to finally find the cmdlet to update the CompanyName!
TL;DR: Here is the command:
1 |
Set-AzureADUserExtension -ObjectId [UPN] -ExtensionName "CompanyName" -ExtensionValue "[VALUE]" |
Works like a charm!
Just a little advise: you need WMF5+ for easy usage of the AzureAD module.
Sources:
- https://www.queryxchange.com/q/1_894374/update-the-companyname-attribute-for-an-azure-ad-user-via-powershell/
- https://serverfault.com/questions/894374/update-the-companyname-attribute-for-an-azure-ad-user-via-powershell
- https://docs.microsoft.com/en-us/powershell/module/exchange/users-and-groups/set-user?view=exchange-ps
- https://docs.microsoft.com/en-us/graph/changelog?view=graph-rest-1.0#february-2019
How can you verify that these changes have taken effect?
Simply with a Get-AzureADUser (display all properties)