KubeQuest

Appearance

Lab 01: CLI/PowerShell Solutions

Alternative approach using command line tools

Prerequisites

powershell
# Install Azure CLI (if not installed)
winget install Microsoft.AzureCLI

# OR Install Microsoft Graph PowerShell
Install-Module Microsoft.Graph -Scope CurrentUser

# Login
az login
# OR
Connect-MgGraph -Scopes "User.ReadWrite.All", "Group.ReadWrite.All"

Task 1: Create User Accounts

Azure CLI

bash
# Create User A - Alex Johnson
az ad user create \
  --display-name "Alex Johnson" \
  --user-principal-name "alexjohnson@yourdomain.onmicrosoft.com" \
  --password "TempP@ss123!" \
  --force-change-password-next-sign-in true \
  --job-title "Project Manager" \
  --department "Operations" \
  --mobile-phone "+1-555-0101"

# Create User B - Maria Garcia
az ad user create \
  --display-name "Maria Garcia" \
  --user-principal-name "mariagarcia@yourdomain.onmicrosoft.com" \
  --password "TempP@ss456!" \
  --force-change-password-next-sign-in true \
  --job-title "Developer" \
  --department "Engineering"

# Create User C - James Wilson  
az ad user create \
  --display-name "James Wilson" \
  --user-principal-name "jameswilson@yourdomain.onmicrosoft.com" \
  --password "TempP@ss789!" \
  --force-change-password-next-sign-in true \
  --job-title "Security Analyst" \
  --department "Security" \
  --company-name "Contoso Security"

Microsoft Graph PowerShell

powershell
# Create password profile
$passwordProfile = @{
    Password = "TempP@ss123!"
    ForceChangePasswordNextSignIn = $true
}

# Create User A
New-MgUser -DisplayName "Alex Johnson" `
    -UserPrincipalName "alexjohnson@yourdomain.onmicrosoft.com" `
    -PasswordProfile $passwordProfile `
    -AccountEnabled `
    -JobTitle "Project Manager" `
    -Department "Operations" `
    -MobilePhone "+1-555-0101" `
    -UsageLocation "US"

# Create User B
$passwordProfile.Password = "TempP@ss456!"
New-MgUser -DisplayName "Maria Garcia" `
    -UserPrincipalName "mariagarcia@yourdomain.onmicrosoft.com" `
    -PasswordProfile $passwordProfile `
    -AccountEnabled `
    -JobTitle "Developer" `
    -Department "Engineering" `
    -UsageLocation "US"

# Create User C
$passwordProfile.Password = "TempP@ss789!"
New-MgUser -DisplayName "James Wilson" `
    -UserPrincipalName "jameswilson@yourdomain.onmicrosoft.com" `
    -PasswordProfile $passwordProfile `
    -AccountEnabled `
    -JobTitle "Security Analyst" `
    -Department "Security" `
    -CompanyName "Contoso Security" `
    -UsageLocation "GB"

Task 2: Create Security Groups

Azure CLI

bash
# Create SG-ProjectAlpha-Members
az ad group create \
  --display-name "SG-ProjectAlpha-Members" \
  --mail-nickname "sg-projectalpha-members" \
  --description "All members of Project Alpha"

# Get user IDs
ALEX_ID=$(az ad user show --id "alexjohnson@yourdomain.onmicrosoft.com" --query id -o tsv)
MARIA_ID=$(az ad user show --id "mariagarcia@yourdomain.onmicrosoft.com" --query id -o tsv)
JAMES_ID=$(az ad user show --id "jameswilson@yourdomain.onmicrosoft.com" --query id -o tsv)

# Get group ID
GROUP_ID=$(az ad group show --group "SG-ProjectAlpha-Members" --query id -o tsv)

# Add members
az ad group member add --group $GROUP_ID --member-id $ALEX_ID
az ad group member add --group $GROUP_ID --member-id $MARIA_ID
az ad group member add --group $GROUP_ID --member-id $JAMES_ID

# Create SG-ProjectAlpha-Admins with Alex only
az ad group create \
  --display-name "SG-ProjectAlpha-Admins" \
  --mail-nickname "sg-projectalpha-admins" \
  --description "Administrators for Project Alpha"

ADMIN_GROUP_ID=$(az ad group show --group "SG-ProjectAlpha-Admins" --query id -o tsv)
az ad group member add --group $ADMIN_GROUP_ID --member-id $ALEX_ID

# Create SG-Engineering-All with Maria only
az ad group create \
  --display-name "SG-Engineering-All" \
  --mail-nickname "sg-engineering-all" \
  --description "All Engineering department staff"

ENG_GROUP_ID=$(az ad group show --group "SG-Engineering-All" --query id -o tsv)
az ad group member add --group $ENG_GROUP_ID --member-id $MARIA_ID

Microsoft Graph PowerShell

powershell
# Get user IDs
$alex = Get-MgUser -Filter "displayName eq 'Alex Johnson'"
$maria = Get-MgUser -Filter "displayName eq 'Maria Garcia'"
$james = Get-MgUser -Filter "displayName eq 'James Wilson'"

# Create SG-ProjectAlpha-Members
$group1 = New-MgGroup -DisplayName "SG-ProjectAlpha-Members" `
    -MailEnabled:$false `
    -SecurityEnabled:$true `
    -MailNickname "sg-projectalpha-members" `
    -Description "All members of Project Alpha"

# Add members
New-MgGroupMember -GroupId $group1.Id -DirectoryObjectId $alex.Id
New-MgGroupMember -GroupId $group1.Id -DirectoryObjectId $maria.Id
New-MgGroupMember -GroupId $group1.Id -DirectoryObjectId $james.Id

# Create other groups similarly...

Task 3: Create Microsoft 365 Group

Microsoft Graph PowerShell

powershell
# M365 groups require Graph - not supported in basic Azure CLI
$alex = Get-MgUser -Filter "displayName eq 'Alex Johnson'"
$maria = Get-MgUser -Filter "displayName eq 'Maria Garcia'"
$james = Get-MgUser -Filter "displayName eq 'James Wilson'"

$m365Group = New-MgGroup -DisplayName "M365-ProjectAlpha-Team" `
    -MailEnabled:$true `
    -SecurityEnabled:$true `
    -MailNickname "projectalpha" `
    -GroupTypes "Unified" `
    -Description "Project Alpha collaboration group" `
    -Visibility "Private"

# Add owner
New-MgGroupOwner -GroupId $m365Group.Id -DirectoryObjectId $alex.Id

# Add members
New-MgGroupMember -GroupId $m365Group.Id -DirectoryObjectId $alex.Id
New-MgGroupMember -GroupId $m365Group.Id -DirectoryObjectId $maria.Id
New-MgGroupMember -GroupId $m365Group.Id -DirectoryObjectId $james.Id

Task 7: Block/Unblock User

Azure CLI

bash
# Block user sign-in
az ad user update --id "jameswilson@yourdomain.onmicrosoft.com" --account-enabled false

# Unblock user
az ad user update --id "jameswilson@yourdomain.onmicrosoft.com" --account-enabled true

Microsoft Graph PowerShell

powershell
# Block user
Update-MgUser -UserId "jameswilson@yourdomain.onmicrosoft.com" -AccountEnabled:$false

# Unblock user
Update-MgUser -UserId "jameswilson@yourdomain.onmicrosoft.com" -AccountEnabled:$true

Task 8: Delete and Restore User

Azure CLI

bash
# Delete user
az ad user delete --id "jameswilson@yourdomain.onmicrosoft.com"

# List deleted users (requires Graph API)
az rest --method GET --url "https://graph.microsoft.com/v1.0/directory/deletedItems/microsoft.graph.user"

# Restore user (requires Graph API)
az rest --method POST --url "https://graph.microsoft.com/v1.0/directory/deletedItems/{user-id}/restore"

Microsoft Graph PowerShell

powershell
# Delete user
Remove-MgUser -UserId "jameswilson@yourdomain.onmicrosoft.com"

# List deleted users
Get-MgDirectoryDeletedItem -DirectoryObjectId "microsoft.graph.user" | Select DisplayName, DeletedDateTime

# Restore user
Restore-MgDirectoryDeletedItem -DirectoryObjectId "{deleted-user-id}"

Cleanup Script

powershell
# Delete all test users
$testUsers = @(
    "alexjohnson@yourdomain.onmicrosoft.com",
    "mariagarcia@yourdomain.onmicrosoft.com", 
    "jameswilson@yourdomain.onmicrosoft.com"
)

foreach ($user in $testUsers) {
    az ad user delete --id $user 2>$null
    Write-Host "Deleted: $user"
}

# Delete all test groups
$testGroups = @(
    "SG-ProjectAlpha-Members",
    "SG-ProjectAlpha-Admins",
    "SG-Engineering-All",
    "M365-ProjectAlpha-Team"
)

foreach ($group in $testGroups) {
    $groupId = az ad group show --group $group --query id -o tsv 2>$null
    if ($groupId) {
        az ad group delete --group $groupId
        Write-Host "Deleted: $group"
    }
}

Released under the MIT License.

Copyright © 2026 OpsAlchemy