0
0
Azurecloud~5 mins

Users and groups in Azure - Commands & Configuration

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Introduction
Managing users and groups helps control who can access your cloud resources. It solves the problem of keeping your environment secure by giving the right permissions to the right people.
When you want to give a new team member access to your Azure resources.
When you need to organize users by their roles or departments for easier permission management.
When you want to remove access for someone who no longer works on your project.
When you want to assign permissions to multiple users at once using groups.
When you want to audit who has access to your cloud resources.
Commands
This command creates a new user named Alice Johnson with a secure password in Azure Active Directory.
Terminal
az ad user create --display-name "Alice Johnson" --user-principal-name alice.johnson@example.com --password "StrongP@ssw0rd!"
Expected OutputExpected
{ "accountEnabled": true, "displayName": "Alice Johnson", "mailNickname": "alicejohnson", "userPrincipalName": "alice.johnson@example.com", "id": "12345678-90ab-cdef-1234-567890abcdef" }
--display-name - Sets the full name of the user.
--user-principal-name - Sets the user's login name.
--password - Sets the user's initial password.
This command creates a new group called Developers to organize users with similar roles.
Terminal
az ad group create --display-name "Developers" --mail-nickname "developers"
Expected OutputExpected
{ "displayName": "Developers", "mailNickname": "developers", "id": "abcdef12-3456-7890-abcd-ef1234567890" }
--display-name - Sets the name of the group.
--mail-nickname - Sets the mail alias for the group.
This command adds the user Alice Johnson to the Developers group using her user ID.
Terminal
az ad group member add --group Developers --member-id 12345678-90ab-cdef-1234-567890abcdef
Expected OutputExpected
No output (command runs silently)
--group - Specifies the group to add the member to.
--member-id - Specifies the user ID to add to the group.
This command lists all members of the Developers group to verify the user was added.
Terminal
az ad group member list --group Developers
Expected OutputExpected
[ { "displayName": "Alice Johnson", "id": "12345678-90ab-cdef-1234-567890abcdef", "userPrincipalName": "alice.johnson@example.com" } ]
--group - Specifies the group to list members from.
Key Concept

If you remember nothing else from this pattern, remember: groups let you manage permissions for many users at once, making access control simpler and safer.

Common Mistakes
Using the user's email instead of their object ID when adding to a group.
The command requires the unique user ID, not the email, so it will fail or add the wrong user.
Use 'az ad user show' to find the user's object ID and use that with '--member-id'.
Creating users without setting a strong password.
Weak passwords reduce security and may be rejected by Azure policies.
Always use a strong password with letters, numbers, and symbols when creating users.
Not verifying group membership after adding users.
You might think the user was added but they were not, causing access issues.
Run 'az ad group member list' to confirm the user is in the group.
Summary
Create users with 'az ad user create' to add people to your Azure directory.
Create groups with 'az ad group create' to organize users by role or team.
Add users to groups with 'az ad group member add' to manage permissions easily.
Verify group members with 'az ad group member list' to ensure correct access.