entra-powershell icon indicating copy to clipboard operation
entra-powershell copied to clipboard
verified publisher icon microsoftgraph

Misleading names of Set-EntraUserPassword and Set-EntraBetaUserPassword commands

Open alexandair opened this issue 1 year ago • 0 comments

Set-EntraUserPassword and Set-EntraBetaUserPassword commands are not changing user's password. They are changing a password profile. Accurate names should be Set-EntraUserPasswordProfile and Set-EntraBetaUserPasswordProfile

Parameter names are also misleading and not in sync with the property names they are changing. Alias parameters should be created, if you want to be accurate, but also backward compatible with AzureAD.

PS> gcm Set-EntraUserPassword -Syntax      

Set-EntraUserPassword [-Password] <securestring> [[-ForceChangePasswordNextLogin] <bool>] [-ObjectId] <string> [[-EnforceChangePasswordPolicy] <bool>] [<CommonParameters>]

PS> (Get-EntraUser -Top 1).passwordprofile | gm -MemberType noteproperty

   TypeName: System.Management.Automation.PSCustomObject

Name                                 MemberType   Definition
----                                 ----------   ----------
forceChangePasswordNextSignIn        NoteProperty bool forceChangePasswordNextSignIn=True
forceChangePasswordNextSignInWithMfa NoteProperty bool forceChangePasswordNextSignInWithMfa=False
password                             NoteProperty object password=null

-ForceChangePasswordNextLogin --> -ForceChangePasswordNextSignIn
-EnforceChangePasswordPolicy --> -ForceChangePasswordNextSignInWithMfa
-ObjectId --> -UserId

Is there a reason to have -ForceChangePasswordNextLogin and -EnforceChangePasswordPolicy as Boolean instead of switch parameters?

alexandair avatar Oct 16 '24 22:10 alexandair