New-MgDirectoryAdministrativeUnit

New-MgDirectoryAdministrativeUnit
    [-ResponseHeadersVariable <string>]
    [-AdditionalProperties <hashtable>]
    [-DeletedDateTime <datetime>]
    [-Description <string>]
    [-DisplayName <string>]
    [-Extensions <IMicrosoftGraphExtension[]>]
    [-Id <string>]
    [-IsMemberManagementRestricted]
    [-Members <IMicrosoftGraphDirectoryObject[]>]
    [-MembershipRule <string>]
    [-MembershipRuleProcessingState <string>]
    [-MembershipType <string>]
    [-ScopedRoleMembers <IMicrosoftGraphScopedRoleMembership[]>]
    [-Visibility <string>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

New-MgDirectoryAdministrativeUnit
    -BodyParameter <IMicrosoftGraphAdministrativeUnit>
    [-ResponseHeadersVariable <string>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Create a new administrativeUnit.

Permissions

Import-Module Microsoft.Graph.Identity.DirectoryManagement

$params = @{
	displayName = "Seattle District Technical Schools"
	description = "Seattle district technical schools administration"
	membershipType = "Dynamic"
	membershipRule = "(user.country -eq "United States")"
	membershipRuleProcessingState = "On"
	visibility = "HiddenMembership"
}

New-MgDirectoryAdministrativeUnit -BodyParameter $params

This example will create an administrative unit

Import-Module Microsoft.Graph.Identity.DirectoryManagement

$params = @{
	displayName = "Executive Division"
	description = "Executive division administration"
	isMemberManagementRestricted = $true
}

New-MgDirectoryAdministrativeUnit -BodyParameter $params

This example will create a restricted management administrative unit

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

{{ Fill in the Description }}

{{ Fill in the Description }}

{{ Fill in the Description }}

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

BODYPARAMETER <IMicrosoftGraphAdministrativeUnit>: administrativeUnit [(Any) <Object>]: This indicates any property can be added to this object. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted. [Id <String>]: The unique identifier for an entity. Read-only. [Description <String>]: An optional description for the administrative unit. Supports $filter (eq, ne, in, startsWith), $search. [DisplayName <String>]: Display name for the administrative unit. Maximum length is 256 characters. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values), $search, and $orderby. [Extensions <IMicrosoftGraphExtension[]>]: The collection of open extensions defined for this administrative unit. Nullable. [Id <String>]: The unique identifier for an entity. Read-only. [IsMemberManagementRestricted <Boolean?>]: true if members of this administrative unit should be treated as sensitive, which requires specific permissions to manage. If not set, the default value is null and the default behavior is false. Use this property to define administrative units with roles that don't inherit from tenant-level administrators, and where the management of individual member objects is limited to administrators scoped to a restricted management administrative unit. This property is immutable and can't be changed later. For more information on how to work with restricted management administrative units, see Restricted management administrative units in Microsoft Entra ID. [Members <IMicrosoftGraphDirectoryObject[]>]: Users and groups that are members of this administrative unit. Supports $expand. [Id <String>]: The unique identifier for an entity. Read-only. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted. [MembershipRule <String>]: The dynamic membership rule for the administrative unit. For more information about the rules you can use for dynamic administrative units and dynamic groups, see Manage rules for dynamic membership groups in Microsoft Entra ID. [MembershipRuleProcessingState <String>]: Controls whether the dynamic membership rule is actively processed. Set to On to activate the dynamic membership rule, or Paused to stop updating membership dynamically. [MembershipType <String>]: Indicates the membership type for the administrative unit. The possible values are: dynamic, assigned. If not set, the default value is null and the default behavior is assigned. [ScopedRoleMembers <IMicrosoftGraphScopedRoleMembership[]>]: Scoped-role members of this administrative unit. [Id <String>]: The unique identifier for an entity. Read-only. [AdministrativeUnitId <String>]: Unique identifier for the administrative unit that the directory role is scoped to [RoleId <String>]: Unique identifier for the directory role that the member is in. [RoleMemberInfo <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity.For drive items, the display name might not always be available or up to date. For example, if a user changes their display name the API might show the new value in a future response, but the items associated with the user don't show up as changed when using delta. [Id <String>]: Unique identifier for the identity or actor. For example, in the access reviews decisions API, this property might record the id of the principal, that is, the group, user, or application that's subject to review. [Visibility <String>]: Controls whether the administrative unit and its members are hidden or public. Can be set to HiddenMembership. If not set, the default value is null and the default behavior is public. When set to HiddenMembership, only members of the administrative unit can list other members of the administrative unit.

EXTENSIONS <IMicrosoftGraphExtension[]>: The collection of open extensions defined for this administrative unit. Nullable. [Id <String>]: The unique identifier for an entity. Read-only.

MEMBERS <IMicrosoftGraphDirectoryObject[]>: Users and groups that are members of this administrative unit. Supports $expand. [Id <String>]: The unique identifier for an entity. Read-only. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted.

SCOPEDROLEMEMBERS <IMicrosoftGraphScopedRoleMembership[]>: Scoped-role members of this administrative unit. [Id <String>]: The unique identifier for an entity. Read-only. [AdministrativeUnitId <String>]: Unique identifier for the administrative unit that the directory role is scoped to [RoleId <String>]: Unique identifier for the directory role that the member is in. [RoleMemberInfo <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity.For drive items, the display name might not always be available or up to date. For example, if a user changes their display name the API might show the new value in a future response, but the items associated with the user don't show up as changed when using delta. [Id <String>]: Unique identifier for the identity or actor. For example, in the access reviews decisions API, this property might record the id of the principal, that is, the group, user, or application that's subject to review.