MSOnline与AzureAD实现机制不同,混用会到导致明显的问题
例如你用New-AzureADUser创建完账户,用Set-MsolUser企图修改用户属性就会出现找不到用户的情况。
其中Set-MsolUser提供了开启MFA 的-StrongAuthenticationRequirements的参数而Set-AzureADUser却没有,如果不用同一个包修改和创建用户修改失败。
如果需要创建用户的同时开启MFA必须统一使用MSOnline包
```powershell
$GivenName = "test"
$Surname = "test"
$JobTitle = "test"
$Department = "IT"
$Dsiplayname = (Get-Culture).TextInfo.ToTitleCase(-join($Surname,","," ",$GivenName))
$unp = -join((Get-Culture).TextInfo.ToTitleCase($GivenName),'.',(Get-Culture).TextInfo.ToTitleCase($Surname),"@xxxxx-xxx.xx")
Import-Module MSOnline
$PWord = ConvertTo-SecureString -String xxxxx -AsPlainText -Force
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList xxxx@xxxxx-xxx.xx, $PWord
$st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$st.RelyingParty = "*"
$st.State = "Enabled"
$sta = @($st)
Connect-MsolService -Credential $Credential
New-MsolUser `
-FirstName $GivenName `
-LastName $Surname `
-DisplayName $Dsiplayname `
-UserPrincipalName $unp `
-ForceChangePassword $true `
-Password "xxxxx" `
-Title $JobTitle `
-Department $Department `
-LicenseAssignment "xxxxx:ENTERPRISEPACK" `
-UsageLocation CN
Set-MsolUser -UserPrincipalName $unp -StrongAuthenticationRequirements $sta
对了New-MsolUser是有-StrongAuthenticationRequirements参数的但是亲测是无效的,所以请在Set-MsolUser中开启-StrongAuthenticationRequirements