M365Corner

Using Get-MgUser with Update-MgUser to Update Microsoft 365 User Profiles

Microsoft Graph PowerShell provides administrators with robust cmdlets to manage user profiles in Microsoft 365. Two cmdlets, Get-MgUser and Update-MgUser, are often used together to retrieve user properties and update them efficiently. In this article, we’ll walk through the usage of these cmdlets together, practical use cases, troubleshooting tips, and best practices.

Managing user accounts is a core responsibility for Microsoft 365 administrators. The Get-MgUser cmdlet retrieves detailed information about a user or group of users, while the Update-MgUser cmdlet updates user properties such as job titles, phone numbers, or department details. Pairing these cmdlets simplifies user management workflows and enhances productivity.

Usage Example: Updating a User's Profile


# Step 1: Retrieve the user details
$userId = "john.doe@domain.com"  # Replace with the UPN or ObjectId of the user
$user = Get-MgUser -UserId $userId

# Display current user properties
Write-Output "Current User Profile:"
Write-Output "Display Name: $($user.DisplayName)"
Write-Output "Job Title: $($user.JobTitle)"
Write-Output "Department: $($user.Department)"
Write-Output "`n"

# Step 2: Update the user's job title and department
$updatedProperties = @{
    JobTitle = "Senior Developer"
    Department = "Engineering"
}
Update-MgUser -UserId $userId -BodyParameter $updatedProperties

# Step 3: Verify the changes
$updatedUser = Get-MgUser -UserId $userId
Write-Output "Updated User Profile:"
Write-Output "Display Name: $($updatedUser.DisplayName)"
Write-Output "Job Title: $($updatedUser.JobTitle)"
Write-Output "Department: $($updatedUser.Department)"

Cmdlet Tips

  • Permission Management: Ensure your app or user account has appropriate permissions: User.ReadWrite.All for updating user profiles and User.Read.All for retrieving details.
  • Partial Updates with -BodyParameter: o When using Update-MgUser, only include the properties you want to update in the -BodyParameter. Omitted properties will remain unchanged.
  • Use Filters for Bulk Operations: o To update multiple users, use the -Filter parameter with Get-MgUser: 
    $users = Get-MgUser -Filter "department eq 'Sales'"
foreach ($user in $users) {
    Update-MgUser -UserId $user.Id -BodyParameter @{ Department = "New Sales" }
}
  • Validate Changes: Always verify updates by retrieving the user profile again with Get-MgUser.
  • Use Paging for Large Datasets: o If dealing with large user directories, handle paginated results using @odata.nextLink.

Use Cases

  • Bulk User Updates: Update job titles, departments, or office locations for a large group of users efficiently.
  • User Onboarding: Automate the process of assigning roles and populating profile details for new hires.
  • Profile Corrections: Correct or standardize inconsistent profile data across the organization.
  • Audit and Reporting: Retrieve and log user details for auditing or compliance purposes.

Frequently Asked Questions

  • Can I update multiple user attributes in a single command?

    • Yes. You can update several attributes at once by passing them inside a hashtable with the -BodyParameter option, making the update cleaner and more efficient.

  • Will updating a user with Update-MgUser overwrite existing values?

    • Yes, if you specify a property in the update, the existing value will be replaced. Always review the current property values with Get-MgUser before applying changes to avoid overwriting critical information.

  • Can I use Update-MgUser for bulk updates?

    • Yes. You can loop through a CSV file or a collection of users, applying Update-MgUser with customized -BodyParameter values for each user. This is commonly used for updating attributes like department, office location, or phone numbers.

  • Do I need special permissions to run Update-MgUser?

    • Yes. You need appropriate directory permissions, such as User.ReadWrite.All, Directory.ReadWrite.All, or equivalent admin roles (like User Administrator or Global Administrator) to successfully execute updates.


Possible Errors & Solutions

Error Cause Solution
Access Denied Insufficient permissions for the operation Assign the required API permissions (User.ReadWrite.All) in Azure AD.
Resource Not Found Invalid or non-existent -UserId specified Verify the UserId is correct (use UPN or ObjectId).
Property not supported for update Attempted to update a read-only property Review Microsoft Graph API documentation to confirm writable properties.
API Throttling Too many requests sent in a short time Implement retry logic with exponential backoff.
Invalid JSON in -BodyParameter Malformed payload in the -BodyParameter argument Ensure JSON object adheres to the Graph schema and avoid extra commas.

🔄 Preview Changes Before Updating

Before executing Update-MgUser, run Get-MgUser -UserId <id> -Property <fields> to retrieve the current values. Compare with your intended updates to avoid unintentionally overwriting data—especially useful in bulk operations.
🔁 Use -BodyParameter Hashtables for Batch Updates

When updating multiple attributes (like department, office, phone) in one call, use the -BodyParameter @{...} option. It makes your command cleaner, reduces parameter clutter, and is especially helpful in looped or templated scripts.

Conclusion

Pairing Get-MgUser and Update-MgUser streamlines user management in Microsoft 365. Whether updating individual profiles or performing bulk updates, these cmdlets provide flexibility and control. By following best practices and handling potential errors, you can create efficient scripts for routine administrative tasks.

Start integrating these cmdlets into your workflows today and experience the power of Microsoft Graph PowerShell for managing user profiles effectively!

Suggested Reading

Table of Contents

X

Table of Contents

© m365corner.com. All Rights Reserved. Design by HTML Codex