diff --git a/.config/CredScanSuppressions.json b/.config/CredScanSuppressions.json index 640aef864f..0c180fc27f 100644 --- a/.config/CredScanSuppressions.json +++ b/.config/CredScanSuppressions.json @@ -25,6 +25,10 @@ "file": "test\\Entra\\Users\\Update-EntraUserFromFederated.Tests.ps1", "_justification": "Unit test file has a sample Password used in mocking." }, + { + "file": "test\\Entra\\Users\\Set-EntraUserPasswordProfile.Tests.ps1", + "_justification": "Unit test file has a sample Password used in mocking." + }, { "file": "test\\EntraBeta\\Users\\Set-EntraBetaSignedInUserPassword.Tests.ps1", "_justification": "Unit test file has a sample Password used in mocking." @@ -45,6 +49,10 @@ "file": "test\\EntraBeta\\Users\\New-EntraBetaUser.Tests.ps1", "_justification": "Unit test file has a sample Password used in mocking." }, + { + "file": "test\\EntraBeta\\Users\\Set-EntraBetaUserPasswordProfile.Tests.ps1", + "_justification": "Unit test file has a sample Password used in mocking." + }, { "file": "test\\Entra\\CertificateBasedAuthentication\\Get-EntraUserCertificateUserIdsFromCertificate.Tests.ps1", "_justification": "Unit test file has a sample certificate with only public keys used in mocking." diff --git a/module/Entra/Microsoft.Entra/Enable-EntraAzureADAlias.ps1 b/module/Entra/Microsoft.Entra/Enable-EntraAzureADAlias.ps1 index f5e7f46714..e9999ac58a 100644 --- a/module/Entra/Microsoft.Entra/Enable-EntraAzureADAlias.ps1 +++ b/module/Entra/Microsoft.Entra/Enable-EntraAzureADAlias.ps1 @@ -35,7 +35,7 @@ function Enable-EntraAzureADAlias { Set-Alias -Name Get-AzureADServiceAppRoleAssignedTo -Value Get-EntraServicePrincipalAppRoleAssignedTo -Scope Global -Force Set-Alias -Name Get-AzureADMSNamedLocationPolicy -Value Get-EntraNamedLocationPolicy -Scope Global -Force Set-Alias -Name Get-AzureADContact -Value Get-EntraContact -Scope Global -Force - Set-Alias -Name Set-AzureADUserPassword -Value Set-EntraUserPassword -Scope Global -Force + Set-Alias -Name Set-AzureADUserPassword -Value Set-EntraUserPasswordProfile -Scope Global -Force Set-Alias -Name Get-AzureADApplicationKeyCredential -Value Get-EntraApplicationKeyCredential -Scope Global -Force Set-Alias -Name Get-AzureADContactDirectReport -Value Get-EntraContactDirectReport -Scope Global -Force Set-Alias -Name New-AzureADApplicationExtensionProperty -Value New-EntraApplicationExtensionProperty -Scope Global -Force diff --git a/module/Entra/Microsoft.Entra/Users/Set-EntraSignedInUserPassword.ps1 b/module/Entra/Microsoft.Entra/Users/Set-EntraSignedInUserPassword.ps1 index 2393d6064c..d652726e17 100644 --- a/module/Entra/Microsoft.Entra/Users/Set-EntraSignedInUserPassword.ps1 +++ b/module/Entra/Microsoft.Entra/Users/Set-EntraSignedInUserPassword.ps1 @@ -3,7 +3,6 @@ # Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ function Set-EntraSignedInUserPassword { - [Alias("Update-EntraSignedInUserPassword")] [CmdletBinding(DefaultParameterSetName = 'Default')] param ( [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "Specifies the new password for the signed-in user.")] diff --git a/module/Entra/Microsoft.Entra/Users/Set-EntraUserPassword.ps1 b/module/Entra/Microsoft.Entra/Users/Set-EntraUserPasswordProfile.ps1 similarity index 79% rename from module/Entra/Microsoft.Entra/Users/Set-EntraUserPassword.ps1 rename to module/Entra/Microsoft.Entra/Users/Set-EntraUserPasswordProfile.ps1 index 015dfda588..151cdec228 100644 --- a/module/Entra/Microsoft.Entra/Users/Set-EntraUserPassword.ps1 +++ b/module/Entra/Microsoft.Entra/Users/Set-EntraUserPasswordProfile.ps1 @@ -2,11 +2,12 @@ # Copyright (c) Microsoft Corporation. All Rights Reserved. # Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ -function Set-EntraUserPassword { +function Set-EntraUserPasswordProfile { [CmdletBinding(DefaultParameterSetName = 'Default')] param ( - [Parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "Specifies whether the user must change their password at next sign-in.")] - [System.Boolean] $ForceChangePasswordNextLogin, + [Parameter(ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = "Specifies whether the user must change their password at next sign-in.")] + [Alias('ForceChangePasswordNextLogin')] + [switch] $ForceChangePasswordNextSignIn, [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "Specifies the ID of a user (as a UserPrincipalName or ObjectId) in Microsoft Entra ID.")] [Alias('ObjectId', 'UPN', 'Identity', 'UserPrincipalName')] @@ -24,8 +25,9 @@ function Set-EntraUserPassword { [ValidateNotNullOrEmpty()] [System.Security.SecureString] $Password, - [Parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "If set to true, force the user to change their password.")] - [System.Boolean] $EnforceChangePasswordPolicy + [Parameter(ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = "If set, force the user to change their password.")] + [Alias('EnforceChangePasswordPolicy')] + [switch] $ForceChangePasswordNextSignInWithMfa ) begin { @@ -81,16 +83,16 @@ function Set-EntraUserPassword { if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } - if ($null -ne $PSBoundParameters["ForceChangePasswordNextLogin"]) { - $ForceChangePasswordNextSignIn = $PSBoundParameters["ForceChangePasswordNextLogin"] + if ($null -ne $PSBoundParameters["ForceChangePasswordNextSignIn"]) { + $ForceChangePasswordNextSignIn = $true } - if ($null -ne $PSBoundParameters["EnforceChangePasswordPolicy"]) { - $ForceChangePasswordNextSignInWithMfa = $PSBoundParameters["EnforceChangePasswordPolicy"] + if ($null -ne $PSBoundParameters["ForceChangePasswordNextSignInWithMfa"]) { + $ForceChangePasswordNextSignInWithMfa = $true } $PasswordProfile = @{} - if ($null -ne $PSBoundParameters["ForceChangePasswordNextLogin"]) { $PasswordProfile["ForceChangePasswordNextSignIn"] = $ForceChangePasswordNextSignIn } - if ($null -ne $PSBoundParameters["EnforceChangePasswordPolicy"]) { $PasswordProfile["ForceChangePasswordNextSignInWithMfa"] = $ForceChangePasswordNextSignInWithMfa } + if ($null -ne $PSBoundParameters["ForceChangePasswordNextSignIn"]) { $PasswordProfile["ForceChangePasswordNextSignIn"] = $ForceChangePasswordNextSignIn } + if ($null -ne $PSBoundParameters["ForceChangePasswordNextSignInWithMfa"]) { $PasswordProfile["ForceChangePasswordNextSignInWithMfa"] = $ForceChangePasswordNextSignInWithMfa } if ($null -ne $PSBoundParameters["Password"]) { $PasswordProfile["password"] = $PlainPassword } Write-Debug("============================ TRANSFORMATIONS ============================") @@ -102,3 +104,4 @@ function Set-EntraUserPassword { } } +Set-Alias -Name Set-EntraUserPassword -Value Set-EntraUserPasswordProfile -Scope Global -Force diff --git a/module/Entra/config/moduleMapping.json b/module/Entra/config/moduleMapping.json index 5111f042ea..20544e9641 100644 --- a/module/Entra/config/moduleMapping.json +++ b/module/Entra/config/moduleMapping.json @@ -211,7 +211,7 @@ "Set-EntraUserExtension": "Users", "Set-EntraUserLicense": "Users", "Set-EntraUserManager": "Users", - "Set-EntraUserPassword": "Users", + "Set-EntraUserPasswordProfile": "Users", "Set-EntraUserThumbnailPhoto": "Users", "Update-EntraOauth2PermissionGrant":"SignIns", "Set-EntraSignedInUserPassword": "Users", diff --git a/module/EntraBeta/Microsoft.Entra.Beta/Users/Set-EntraBetaUserPassword.ps1 b/module/EntraBeta/Microsoft.Entra.Beta/Users/Set-EntraBetaUserPasswordProfile.ps1 similarity index 79% rename from module/EntraBeta/Microsoft.Entra.Beta/Users/Set-EntraBetaUserPassword.ps1 rename to module/EntraBeta/Microsoft.Entra.Beta/Users/Set-EntraBetaUserPasswordProfile.ps1 index a5b53cba27..18d3f78e11 100644 --- a/module/EntraBeta/Microsoft.Entra.Beta/Users/Set-EntraBetaUserPassword.ps1 +++ b/module/EntraBeta/Microsoft.Entra.Beta/Users/Set-EntraBetaUserPasswordProfile.ps1 @@ -2,14 +2,16 @@ # Copyright (c) Microsoft Corporation. All Rights Reserved. # Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ -function Set-EntraBetaUserPassword { +function Set-EntraBetaUserPasswordProfile { [CmdletBinding(DefaultParameterSetName = 'Default')] param ( - [Parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "Specifies whether the user must change their password at next sign-in.")] - [System.Boolean] $ForceChangePasswordNextLogin, + [Parameter(ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = "Specifies whether the user must change their password at next sign-in.")] + [Alias('ForceChangePasswordNextLogin')] + [switch] $ForceChangePasswordNextSignIn, - [Parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "If set to true, force the user to change their password.")] - [System.Boolean] $EnforceChangePasswordPolicy, + [Parameter(ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = "If set, force the user to change their password.")] + [Alias('EnforceChangePasswordPolicy')] + [switch] $ForceChangePasswordNextSignInWithMfa, [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "Specifies the ID of a user (as a UserPrincipalName or ObjectId) in Microsoft Entra ID.")] [Alias('ObjectId', 'UPN', 'Identity', 'UserPrincipalName')] @@ -82,16 +84,16 @@ function Set-EntraBetaUserPassword { if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } - if ($null -ne $PSBoundParameters["ForceChangePasswordNextLogin"]) { - $ForceChangePasswordNextSignIn = $PSBoundParameters["ForceChangePasswordNextLogin"] + if ($null -ne $PSBoundParameters["ForceChangePasswordNextSignIn"]) { + $ForceChangePasswordNextSignIn = $true } - if ($null -ne $PSBoundParameters["EnforceChangePasswordPolicy"]) { - $EnforceChangePasswordPolicy = $PSBoundParameters["EnforceChangePasswordPolicy"] + if ($null -ne $PSBoundParameters["ForceChangePasswordNextSignInWithMfa"]) { + $ForceChangePasswordNextSignInWithMfa = $true } $PasswordProfile = @{} - if ($null -ne $PSBoundParameters["ForceChangePasswordNextLogin"]) { $PasswordProfile["ForceChangePasswordNextSignIn"] = $ForceChangePasswordNextSignIn } - if ($null -ne $PSBoundParameters["EnforceChangePasswordPolicy"]) { $PasswordProfile["ForceChangePasswordNextSignInWithMfa"] = $ForceChangePasswordNextSignInWithMfa } + if ($null -ne $PSBoundParameters["ForceChangePasswordNextSignIn"]) { $PasswordProfile["ForceChangePasswordNextSignIn"] = $ForceChangePasswordNextSignIn } + if ($null -ne $PSBoundParameters["ForceChangePasswordNextSignInWithMfa"]) { $PasswordProfile["ForceChangePasswordNextSignInWithMfa"] = $ForceChangePasswordNextSignInWithMfa } if ($null -ne $PSBoundParameters["Password"]) { $PasswordProfile["password"] = $PlainPassword } Write-Debug("============================ TRANSFORMATIONS ============================") @@ -103,3 +105,4 @@ function Set-EntraBetaUserPassword { } } +Set-Alias -Name Set-EntraBetaUserPassword -Value Set-EntraBetaUserPasswordProfile -Scope Global -Force diff --git a/module/EntraBeta/UnMappedFiles/Enable-EntraAzureADAlias.ps1 b/module/EntraBeta/UnMappedFiles/Enable-EntraAzureADAlias.ps1 index bd6858d00f..f083cf28ca 100644 --- a/module/EntraBeta/UnMappedFiles/Enable-EntraAzureADAlias.ps1 +++ b/module/EntraBeta/UnMappedFiles/Enable-EntraAzureADAlias.ps1 @@ -130,7 +130,7 @@ function Enable-EntraAzureADAlias { Set-Alias -Name New-AzureADMSPermissionGrantPolicy -Value New-EntraBetaPermissionGrantPolicy -Scope Global -Force Set-Alias -Name New-AzureADMSApplication -Value New-EntraBetaApplication -Scope Global -Force Set-Alias -Name Get-AzureADTenantDetail -Value Get-EntraBetaTenantDetail -Scope Global -Force - Set-Alias -Name Set-AzureADUserPassword -Value Set-EntraBetaUserPassword -Scope Global -Force + Set-Alias -Name Set-AzureADUserPassword -Value Set-EntraBetaUserPasswordProfile -Scope Global -Force Set-Alias -Name Get-AzureADPolicyAppliedObject -Value Get-EntraBetaPolicyAppliedObject -Scope Global -Force Set-Alias -Name Get-AzureADServiceAppRoleAssignedTo -Value Get-EntraBetaServicePrincipalAppRoleAssignedTo -Scope Global -Force Set-Alias -Name Get-AzureADMSGroupLifecyclePolicy -Value Get-EntraBetaGroupLifecyclePolicy -Scope Global -Force diff --git a/module/EntraBeta/config/moduleMapping.json b/module/EntraBeta/config/moduleMapping.json index dfc3d6840c..9324a6f93c 100644 --- a/module/EntraBeta/config/moduleMapping.json +++ b/module/EntraBeta/config/moduleMapping.json @@ -23,7 +23,7 @@ "Set-EntraBetaUserExtension": "Users", "Set-EntraBetaUserLicense": "Users", "Set-EntraBetaUserManager": "Users", - "Set-EntraBetaUserPassword": "Users", + "Set-EntraBetaUserPasswordProfile": "Users", "Set-EntraBetaUserThumbnailPhoto": "Users", "Set-EntraBetaSignedInUserPassword": "Users", "Get-EntraBetaGroup": "Groups", diff --git a/module/docs/entra-powershell-beta/Users/Set-EntraBetaUserPassword.md b/module/docs/entra-powershell-beta/Users/Set-EntraBetaUserPasswordProfie.md similarity index 68% rename from module/docs/entra-powershell-beta/Users/Set-EntraBetaUserPassword.md rename to module/docs/entra-powershell-beta/Users/Set-EntraBetaUserPasswordProfie.md index 4c689950d0..533606e81a 100644 --- a/module/docs/entra-powershell-beta/Users/Set-EntraBetaUserPassword.md +++ b/module/docs/entra-powershell-beta/Users/Set-EntraBetaUserPasswordProfie.md @@ -1,6 +1,6 @@ --- author: msewaweru -description: This article provides details on the Set-EntraBetaUserPassword command. +description: This article provides details on the Set-EntraBetaUserPasswordProfile command. external help file: Microsoft.Entra.Beta.Users-Help.xml Locale: en-US manager: mwongerapk @@ -9,12 +9,12 @@ ms.author: eunicewaweru ms.date: 07/24/2024 ms.reviewer: stevemutungi ms.topic: reference -online version: https://learn.microsoft.com/powershell/module/Microsoft.Entra.Beta/Set-EntraBetaUserPassword +online version: https://learn.microsoft.com/powershell/module/Microsoft.Entra.Beta/Set-EntraBetaUserPasswordProfile schema: 2.0.0 -title: Set-EntraBetaUserPassword +title: Set-EntraBetaUserPasswordProfile --- -# Set-EntraBetaUserPassword +# Set-EntraBetaUserPasswordProfile ## SYNOPSIS @@ -23,17 +23,17 @@ Sets the password of a user. ## SYNTAX ```powershell -Set-EntraBetaUserPassword +Set-EntraBetaUserPasswordProfile -UserId -Password - [-ForceChangePasswordNextLogin ] - [-EnforceChangePasswordPolicy ] + [-ForceChangePasswordNextSignIn] + [-ForceChangePasswordNextSignInWithMfa] [] ``` ## DESCRIPTION -The `Set-EntraBetaUserPassword` cmdlet sets the password for a user in Microsoft Entra ID. +The `Set-EntraBetaUserPasswordProfile` cmdlet with alias `Set-EntraBetaUserPassword` sets the password for a user in Microsoft Entra ID. Any user can update their password without belonging to any administrator role. @@ -45,7 +45,7 @@ Any user can update their password without belonging to any administrator role. Connect-Entra -Scopes 'Directory.AccessAsUser.All' $newPassword = '' $securePassword = ConvertTo-SecureString $newPassword -AsPlainText -Force -Set-EntraBetaUserPassword -UserId 'SawyerM@contoso.com' -Password $securePassword +Set-EntraBetaUserPasswordProfile -UserId 'SawyerM@contoso.com' -Password $securePassword ``` This command sets the specified user's password. @@ -53,67 +53,67 @@ This command sets the specified user's password. - `-UserId` parameter specifies the ID of a user in Microsoft Entra ID. - `-Password` parameter specifies the password to set. -### Example 2: Set a user's password with EnforceChangePasswordPolicy parameter +### Example 2: Set a user's password with ForceChangePasswordNextSignInWithMfa parameter ```powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All' $newPassword= '' $securePassword = ConvertTo-SecureString $newPassword -AsPlainText -Force -Set-EntraBetaUserPassword -UserId 'SawyerM@contoso.com' -Password $securePassword -EnforceChangePasswordPolicy $True +Set-EntraBetaUserPasswordProfile -UserId 'SawyerM@contoso.com' -Password $securePassword -ForceChangePasswordNextSignInWithMfa ``` -This command sets the specified user's password with EnforceChangePasswordPolicy parameter. +This command sets the specified user's password with ForceChangePasswordNextSignInWithMfa parameter. - `-UserId` parameter specifies the ID of a user in Microsoft Entra ID. - `-Password` parameter specifies the password to set. -- `-EnforceChangePasswordPolicy` parameter force the user to change their password, if set to true. +- `-ForceChangePasswordNextSignInWithMfa` parameter force the user to change their password. -### Example 3: Set a user's password with ForceChangePasswordNextLogin parameter +### Example 3: Set a user's password with ForceChangePasswordNextSignIn parameter ```powershell connect-Entra -Scopes 'Directory.AccessAsUser.All' $newPassword= '' $securePassword = ConvertTo-SecureString $newPassword -AsPlainText -Force -Set-EntraBetaUserPassword -UserId 'SawyerM@contoso.com' -Password $securePassword -ForceChangePasswordNextLogin $True +Set-EntraBetaUserPasswordProfile -UserId 'SawyerM@contoso.com' -Password $securePassword -ForceChangePasswordNextSignIn ``` -This command sets the specified user's password with ForceChangePasswordNextLogin parameter. +This command sets the specified user's password with ForceChangePasswordNextSignIn parameter. - `-UserId` parameter specifies the ID of a user in Microsoft Entra ID. - `-Password` parameter specifies the password to set. -- `-ForceChangePasswordNextLogin` parameter forces a user to change their password during their next log in. +- `-ForceChangePasswordNextSignIn` parameter forces a user to change their password during their next log in. ## PARAMETERS -### -EnforceChangePasswordPolicy +### -ForceChangePasswordNextSignInWithMfa If set to true, force the user to change their password. ```yaml -Type: System.Boolean +Type: System.Management.Automation.SwitchParameter Parameter Sets: (All) Aliases: Required: False Position: Named Default value: None -Accept pipeline input: True (ByPropertyName, ByValue) +Accept pipeline input: False Accept wildcard characters: False ``` -### -ForceChangePasswordNextLogin +### -ForceChangePasswordNextSignIn Forces a user to change their password during their next sign in. ```yaml -Type: System.Boolean +Type: System.Management.Automation.SwitchParameter Parameter Sets: (All) Aliases: Required: False Position: Named Default value: None -Accept pipeline input: True (ByPropertyName, ByValue) +Accept pipeline input: False Accept wildcard characters: False ``` diff --git a/module/docs/entra-powershell-v1.0/Users/Set-EntraUserPassword.md b/module/docs/entra-powershell-v1.0/Users/Set-EntraUserPasswordProfile.md similarity index 69% rename from module/docs/entra-powershell-v1.0/Users/Set-EntraUserPassword.md rename to module/docs/entra-powershell-v1.0/Users/Set-EntraUserPasswordProfile.md index ee1f77a144..a9b06af9e2 100644 --- a/module/docs/entra-powershell-v1.0/Users/Set-EntraUserPassword.md +++ b/module/docs/entra-powershell-v1.0/Users/Set-EntraUserPasswordProfile.md @@ -1,6 +1,6 @@ --- author: msewaweru -description: This article provides details on the Set-EntraUserPassword command. +description: This article provides details on the Set-EntraUserPasswordProfile command. external help file: Microsoft.Entra.Users-Help.xml Locale: en-US manager: mwongerapk @@ -9,12 +9,12 @@ ms.author: eunicewaweru ms.date: 06/26/2024 ms.reviewer: stevemutungi ms.topic: reference -online version: https://learn.microsoft.com/powershell/module/Microsoft.Entra/Set-EntraUserPassword +online version: https://learn.microsoft.com/powershell/module/Microsoft.Entra/Set-EntraUserPasswordProfile schema: 2.0.0 -title: Set-EntraUserPassword +title: Set-EntraUserPasswordProfile --- -# Set-EntraUserPassword +# Set-EntraUserPasswordProfile ## SYNOPSIS @@ -23,9 +23,9 @@ Sets the password of a user. ## SYNTAX ```powershell -Set-EntraUserPassword - [-ForceChangePasswordNextLogin ] - [-EnforceChangePasswordPolicy ] +Set-EntraUserPasswordProfile + [-ForceChangePasswordNextSignIn] + [-ForceChangePasswordNextSignInWithMfa] -UserId -Password [] @@ -33,7 +33,7 @@ Set-EntraUserPassword ## DESCRIPTION -The `Set-EntraUserPassword` cmdlet sets the password for a user in Microsoft Entra ID. +The `Set-EntraUserPasswordProfile` cmdlet with alias `Set-EntraUserPassword` sets the password for a user in Microsoft Entra ID. Any user can update their password without belonging to any administrator role. @@ -45,7 +45,7 @@ Any user can update their password without belonging to any administrator role. Connect-Entra -Scopes 'Directory.AccessAsUser.All' $newPassword = '' $securePassword = ConvertTo-SecureString $newPassword -AsPlainText -Force -Set-EntraUserPassword -UserId 'SawyerM@contoso.com' -Password $securePassword +Set-EntraUserPasswordProfile -UserId 'SawyerM@contoso.com' -Password $securePassword ``` This command sets the specified user's password. @@ -53,67 +53,67 @@ This command sets the specified user's password. - `-UserId` parameter specifies the ID of a user in Microsoft Entra ID. - `-Password` parameter specifies the password to set. -### Example 2: Set a user's password with EnforceChangePasswordPolicy parameter +### Example 2: Set a user's password with ForceChangePasswordNextSignInWithMfa parameter ```powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All' $newPassword= '' $securePassword = ConvertTo-SecureString $newPassword -AsPlainText -Force -Set-EntraUserPassword -UserId 'SawyerM@contoso.com' -Password $securePassword -EnforceChangePasswordPolicy $True +Set-EntraUserPasswordProfile -UserId 'SawyerM@contoso.com' -Password $securePassword -ForceChangePasswordNextSignInWithMfa ``` -This command sets the specified user's password with EnforceChangePasswordPolicy parameter. +This command sets the specified user's password with ForceChangePasswordNextSignInWithMfa parameter. - `-UserId` parameter specifies the ID of a user in Microsoft Entra ID. - `-Password` parameter specifies the password to set. -- `-EnforceChangePasswordPolicy` parameter force the user to change their password, if set to true. +- `-ForceChangePasswordNextSignInWithMfa` parameter force the user to change their password. -### Example 3: Set a user's password with ForceChangePasswordNextLogin parameter +### Example 3: Set a user's password with ForceChangePasswordNextSignIn parameter ```powershell connect-Entra -Scopes 'Directory.AccessAsUser.All' $newPassword= '' $securePassword = ConvertTo-SecureString $newPassword -AsPlainText -Force -Set-EntraUserPassword -UserId 'SawyerM@contoso.com' -Password $securePassword -ForceChangePasswordNextLogin $True +Set-EntraUserPasswordProfile -UserId 'SawyerM@contoso.com' -Password $securePassword -ForceChangePasswordNextSignIn ``` -This command sets the specified user's password with ForceChangePasswordNextLogin parameter. +This command sets the specified user's password with ForceChangePasswordNextSignIn parameter. - `-UserId` parameter specifies the ID of a user in Microsoft Entra ID. - `-Password` parameter specifies the password to set. -- `-ForceChangePasswordNextLogin` parameter forces a user to change their password during their next log in. +- `-ForceChangePasswordNextSignIn` parameter forces a user to change their password during their next log in. ## PARAMETERS -### -EnforceChangePasswordPolicy +### -ForceChangePasswordNextSignInWithMfa If set to true, force the user to change their password. ```yaml -Type: System.Boolean +Type: System.Management.Automation.SwitchParameter Parameter Sets: (All) Aliases: Required: False Position: Named Default value: None -Accept pipeline input: True (ByPropertyName, ByValue) +Accept pipeline input: False Accept wildcard characters: False ``` -### -ForceChangePasswordNextLogin +### -ForceChangePasswordNextSignIn Forces a user to change their password during their next sign in. ```yaml -Type: System.Boolean +Type: System.Management.Automation.SwitchParameter Parameter Sets: (All) Aliases: Required: False Position: Named Default value: None -Accept pipeline input: True (ByPropertyName, ByValue) +Accept pipeline input: False Accept wildcard characters: False ``` diff --git a/src/AzureADPreviewToEntraBetaMapping.json b/src/AzureADPreviewToEntraBetaMapping.json index de99e2a1d6..fd391b5ae3 100644 --- a/src/AzureADPreviewToEntraBetaMapping.json +++ b/src/AzureADPreviewToEntraBetaMapping.json @@ -308,7 +308,7 @@ "Set-AzureADUserExtension" : "Set-EntraBetaUserExtension", "Set-AzureADUserLicense" : "Set-EntraBetaUserLicense", "Set-AzureADUserManager" : "Set-EntraBetaUserManager", - "Set-AzureADUserPassword" : "Set-EntraBetaUserPassword", + "Set-AzureADUserPassword" : "Set-EntraBetaUserPasswordProfile", "Set-AzureADUserThumbnailPhoto" : "Set-EntraBetaUserThumbnailPhoto", "Update-AzureADSignedInUserPassword" : "Set-EntraBetaSignedInUserPassword" } diff --git a/src/AzureADToEntraMapping.json b/src/AzureADToEntraMapping.json index ddb87316b3..9e67d7b645 100644 --- a/src/AzureADToEntraMapping.json +++ b/src/AzureADToEntraMapping.json @@ -226,7 +226,7 @@ "Set-AzureADUserExtension" : "Set-EntraUserExtension", "Set-AzureADUserLicense" : "Set-EntraUserLicense", "Set-AzureADUserManager" : "Set-EntraUserManager", - "Set-AzureADUserPassword" : "Set-EntraUserPassword", + "Set-AzureADUserPassword" : "Set-EntraUserPasswordProfile", "Set-AzureADUserThumbnailPhoto" : "Set-EntraUserThumbnailPhoto", "Update-AzureADSignedInUserPassword" : "Set-EntraSignedInUserPassword" } \ No newline at end of file diff --git a/src/CompatibilityAdapterBuilder.ps1 b/src/CompatibilityAdapterBuilder.ps1 index 7b181511e3..b82fb7e873 100644 --- a/src/CompatibilityAdapterBuilder.ps1 +++ b/src/CompatibilityAdapterBuilder.ps1 @@ -128,7 +128,7 @@ class CompatibilityAdapterBuilder { 'Set-EntraBetaPolicy', 'Set-EntraBetaCustomSecurityAttributeDefinition', 'Get-EntraBetaPrivilegedResource', - 'Set-EntraBetaUserPassword', + 'Set-EntraBetaUserPasswordProfile', 'New-EntraBetaApplicationFromApplicationTemplate', 'Set-EntraBetaPrivilegedRoleSetting', 'Remove-EntraBetaApplicationKey', diff --git a/test/Entra/Users/Set-EntraUserPassword.Tests.ps1 b/test/Entra/Users/Set-EntraUserPasswordProfile.Tests.ps1 similarity index 56% rename from test/Entra/Users/Set-EntraUserPassword.Tests.ps1 rename to test/Entra/Users/Set-EntraUserPasswordProfile.Tests.ps1 index 660c9c3e82..d012d2b2c2 100644 --- a/test/Entra/Users/Set-EntraUserPassword.Tests.ps1 +++ b/test/Entra/Users/Set-EntraUserPasswordProfile.Tests.ps1 @@ -15,93 +15,122 @@ BeforeAll { Mock -CommandName Get-EntraContext -MockWith { @{Scopes = @("Directory.AccessAsUser.All") } } -ModuleName Microsoft.Entra.Users } -Describe "Set-EntraUserPassword" { - Context "Test for Set-EntraUserPassword" { +Describe "Set-EntraUserPasswordProfile" { + Context "Test for Set-EntraUserPasswordProfile" { It "Should return empty object" { $userUPN = "mock106@M365x99297270.OnMicrosoft.com" $newPassword = "New@12345" $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force - $result = Set-EntraUserPassword -UserId $userUPN -Password $secPassword -ForceChangePasswordNextLogin $true -EnforceChangePasswordPolicy $true + $result = Set-EntraUserPasswordProfile -UserId $userUPN -Password $secPassword -ForceChangePasswordNextSignIn -ForceChangePasswordNextSignInWithMfa $result | Should -BeNullOrEmpty Should -Invoke -CommandName Update-MgUser -ModuleName Microsoft.Entra.Users -Times 1 } It "Should fail when UserId is empty" { - $userUPN = "mock106@M365x99297270.OnMicrosoft.com" $newPassword = "New@12345" $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force - { Set-EntraUserPassword -UserId -Password $secPassword } | Should -Throw "Missing an argument for parameter 'UserId'*" + { Set-EntraUserPasswordProfile -UserId -Password $secPassword } | Should -Throw "Missing an argument for parameter 'UserId'*" } It "Should fail when UserId is invalid" { - $userUPN = "mock106@M365x99297270.OnMicrosoft.com" $newPassword = "New@12345" $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force - { Set-EntraUserPassword -UserId "" -Password $secPassword } | Should -Throw "Cannot validate argument on parameter 'UserId'. UserId must be a valid email address or GUID." + { Set-EntraUserPasswordProfile -UserId "" -Password $secPassword } | Should -Throw "Cannot validate argument on parameter 'UserId'. UserId must be a valid email address or GUID." } It "Should fail when Password is empty" { $userUPN = "mock106@M365x99297270.OnMicrosoft.com" - $newPassword = "New@12345" - $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force - { Set-EntraUserPassword -UserId $userUPN -Password } | Should -Throw "Missing an argument for parameter 'Password'*" + { Set-EntraUserPasswordProfile -UserId $userUPN -Password -ForceChangePasswordNextSignIn -ForceChangePasswordNextSignInWithMfa } | Should -Throw "Missing an argument for parameter 'Password'*" } It "Should fail when Password is invalid" { $userUPN = "mock106@M365x99297270.OnMicrosoft.com" - $newPassword = "New@12345" - $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force - { Set-EntraUserPassword -UserId $userUPN -Password "" } | Should -Throw "Cannot process argument transformation on parameter 'Password'*" + { Set-EntraUserPasswordProfile -UserId $userUPN -Password "" } | Should -Throw "Cannot process argument transformation on parameter 'Password'*" } - It "Should fail when ForceChangePasswordNextLogin is empty" { + It "Should contain 'User-Agent' header" { + $userAgentHeaderValue = "PowerShell/$psVersion EntraPowershell/$entraVersion Set-EntraUserPasswordProfile" $userUPN = "mock106@M365x99297270.OnMicrosoft.com" $newPassword = "New@12345" $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force - { Set-EntraUserPassword -UserId $userUPN -Password $secPassword -ForceChangePasswordNextLogin } | Should -Throw "Missing an argument for parameter 'ForceChangePasswordNextLogin'*" + $result = Set-EntraUserPasswordProfile -UserId $userUPN -Password $secPassword -ForceChangePasswordNextSignIn -ForceChangePasswordNextSignInWithMfa + $result | Should -BeNullOrEmpty + $userAgentHeaderValue = "PowerShell/$psVersion EntraPowershell/$entraVersion Set-EntraUserPasswordProfile" + Should -Invoke -CommandName Update-MgUser -ModuleName Microsoft.Entra.Users -Times 1 -ParameterFilter { + $Headers.'User-Agent' | Should -Be $userAgentHeaderValue + $true + } } - It "Should fail when ForceChangePasswordNextLogin is invalid" { + It "Should execute successfully without throwing an error " { + # Disable confirmation prompts + $originalDebugPreference = $DebugPreference + $DebugPreference = 'Continue' $userUPN = "mock106@M365x99297270.OnMicrosoft.com" $newPassword = "New@12345" $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force - { Set-EntraUserPassword -UserId $userUPN -Password $secPassword -ForceChangePasswordNextLogin xyz } | Should -Throw "Cannot process argument transformation on parameter 'ForceChangePasswordNextLogin'*" + + try { + # Act & Assert: Ensure the function doesn't throw an exception + { Set-EntraUserPasswordProfile -UserId $userUPN -Password $secPassword -ForceChangePasswordNextSignIn -ForceChangePasswordNextSignInWithMfa -Debug } | Should -Not -Throw + } + finally { + # Restore original confirmation preference + $DebugPreference = $originalDebugPreference + } } - It "Should fail when EnforceChangePasswordPolicy is empty" { + It "Should execute successfully without throwing an error when using parameter aliases" { + # Disable confirmation prompts + $originalDebugPreference = $DebugPreference + $DebugPreference = 'Continue' $userUPN = "mock106@M365x99297270.OnMicrosoft.com" $newPassword = "New@12345" $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force - { Set-EntraUserPassword -UserId $userUPN -Password $secPassword -EnforceChangePasswordPolicy } | Should -Throw "Missing an argument for parameter 'EnforceChangePasswordPolicy'*" + + try { + # Act & Assert: Ensure the function doesn't throw an exception + { Set-EntraUserPasswordProfile -ObjectId $userUPN -Password $secPassword -ForceChangePasswordNextLogin -EnforceChangePasswordPolicy -Debug } | Should -Not -Throw + } + finally { + # Restore original confirmation preference + $DebugPreference = $originalDebugPreference + } } - It "Should fail when EnforceChangePasswordPolicy is invalid" { + } +} + +Describe "Set-EntraUserPassword" { + Context "Test for the alias Set-EntraUserPassword" { + It "Should return empty object" { $userUPN = "mock106@M365x99297270.OnMicrosoft.com" $newPassword = "New@12345" $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force - { Set-EntraUserPassword -UserId $userUPN -Password $secPassword -EnforceChangePasswordPolicy xyz } | Should -Throw "Cannot process argument transformation on parameter 'EnforceChangePasswordPolicy'*" - } - It "Should contain ForceChangePasswordNextSignIn in parameters when passed ForceChangePasswordNextLogin to it" { - Mock -CommandName Update-MgUser -MockWith { $args } -ModuleName Microsoft.Entra.Users + $result = Set-EntraUserPassword -UserId $userUPN -Password $secPassword -ForceChangePasswordNextSignIn -ForceChangePasswordNextSignInWithMfa + $result | Should -BeNullOrEmpty - $userUPN = "mock106@M365x99297270.OnMicrosoft.com" + Should -Invoke -CommandName Update-MgUser -ModuleName Microsoft.Entra.Users -Times 1 + } + It "Should fail when UserId is empty" { $newPassword = "New@12345" $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force - $result = Set-EntraUserPassword -UserId $userUPN -Password $secPassword -ForceChangePasswordNextLogin $true -EnforceChangePasswordPolicy $true - $params = Get-Parameters -data $result - $params.PasswordProfile.ForceChangePasswordNextSignIn | Should -Be $true + { Set-EntraUserPassword -UserId -Password $secPassword } | Should -Throw "Missing an argument for parameter 'UserId'*" } - It "Should contain ForceChangePasswordNextSignInWithMfa in parameters when passed EnforceChangePasswordPolicy to it" { - Mock -CommandName Update-MgUser -MockWith { $args } -ModuleName Microsoft.Entra.Users - - $userUPN = "mock106@M365x99297270.OnMicrosoft.com" + It "Should fail when UserId is invalid" { $newPassword = "New@12345" $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force - $result = Set-EntraUserPassword -UserId $userUPN -Password $secPassword -ForceChangePasswordNextLogin $true -EnforceChangePasswordPolicy $true - $params = Get-Parameters -data $result - $params.PasswordProfile.ForceChangePasswordNextSignInWithMfa | Should -Be $true + { Set-EntraUserPassword -UserId "" -Password $secPassword } | Should -Throw "Cannot validate argument on parameter 'UserId'. UserId must be a valid email address or GUID." + } + It "Should fail when Password is empty" { + $userUPN = "mock106@M365x99297270.OnMicrosoft.com" + { Set-EntraUserPassword -UserId $userUPN -Password } | Should -Throw "Missing an argument for parameter 'Password'*" + } + It "Should fail when Password is invalid" { + $userUPN = "mock106@M365x99297270.OnMicrosoft.com" + { Set-EntraUserPassword -UserId $userUPN -Password "" } | Should -Throw "Cannot process argument transformation on parameter 'Password'*" } It "Should contain 'User-Agent' header" { - $userAgentHeaderValue = "PowerShell/$psVersion EntraPowershell/$entraVersion Set-EntraUserPassword" + $userAgentHeaderValue = "PowerShell/$psVersion EntraPowershell/$entraVersion Set-EntraUserPasswordProfile" $userUPN = "mock106@M365x99297270.OnMicrosoft.com" $newPassword = "New@12345" $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force - $result = Set-EntraUserPassword -UserId $userUPN -Password $secPassword -ForceChangePasswordNextLogin $true -EnforceChangePasswordPolicy $true + $result = Set-EntraUserPassword -UserId $userUPN -Password $secPassword -ForceChangePasswordNextSignIn -ForceChangePasswordNextSignInWithMfa $result | Should -BeNullOrEmpty - $userAgentHeaderValue = "PowerShell/$psVersion EntraPowershell/$entraVersion Set-EntraUserPassword" + $userAgentHeaderValue = "PowerShell/$psVersion EntraPowershell/$entraVersion Set-EntraUserPasswordProfile" Should -Invoke -CommandName Update-MgUser -ModuleName Microsoft.Entra.Users -Times 1 -ParameterFilter { $Headers.'User-Agent' | Should -Be $userAgentHeaderValue $true @@ -117,7 +146,7 @@ Describe "Set-EntraUserPassword" { try { # Act & Assert: Ensure the function doesn't throw an exception - { Set-EntraUserPassword -UserId $userUPN -Password $secPassword -ForceChangePasswordNextLogin $true -EnforceChangePasswordPolicy $true -Debug } | Should -Not -Throw + { Set-EntraUserPassword -UserId $userUPN -Password $secPassword -ForceChangePasswordNextSignIn -ForceChangePasswordNextSignInWithMfa -Debug } | Should -Not -Throw } finally { # Restore original confirmation preference @@ -125,5 +154,5 @@ Describe "Set-EntraUserPassword" { } } } -} +} diff --git a/test/EntraBeta/Users/Set-EntraBetaUserPasswordProfile.Tests.ps1 b/test/EntraBeta/Users/Set-EntraBetaUserPasswordProfile.Tests.ps1 new file mode 100644 index 0000000000..f4807e1270 --- /dev/null +++ b/test/EntraBeta/Users/Set-EntraBetaUserPasswordProfile.Tests.ps1 @@ -0,0 +1,158 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ + +[System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingConvertToSecureStringWithPlainText", "")] +param() + +BeforeAll { + if ((Get-Module -Name Microsoft.Entra.Beta.Users) -eq $null) { + Import-Module Microsoft.Entra.Beta.Users + } + Import-Module (Join-Path $PSScriptRoot "..\..\Common-Functions.ps1") -Force + + Mock -CommandName Update-MgBetaUser -MockWith {} -ModuleName Microsoft.Entra.Beta.Users + Mock -CommandName Get-EntraContext -MockWith { @{Scopes = @("Directory.AccessAsUser.All") } } -ModuleName Microsoft.Entra.Beta.Users +} + +Describe "Set-EntraBetaUserPasswordProfile" { + Context "Test for Set-EntraBetaUserPasswordProfile" { + It "Should return empty object" { + $userUPN = "mock106@M365x99297270.OnMicrosoft.com" + $newPassword = "New@12345" + $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force + $result = Set-EntraBetaUserPasswordProfile -UserId $userUPN -Password $secPassword -ForceChangePasswordNextSignIn -ForceChangePasswordNextSignInWithMfa + $result | Should -BeNullOrEmpty + + Should -Invoke -CommandName Update-MgBetaUser -ModuleName Microsoft.Entra.Beta.Users -Times 1 + } + It "Should fail when UserId is empty" { + $newPassword = "New@12345" + $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force + { Set-EntraBetaUserPasswordProfile -UserId -Password $secPassword } | Should -Throw "Missing an argument for parameter 'UserId'*" + } + It "Should fail when UserId is invalid" { + $newPassword = "New@12345" + $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force + { Set-EntraBetaUserPasswordProfile -UserId "" -Password $secPassword } | Should -Throw "Cannot validate argument on parameter 'UserId'. UserId must be a valid email address or GUID." + } + It "Should fail when Password is empty" { + $userUPN = "mock106@M365x99297270.OnMicrosoft.com" + { Set-EntraBetaUserPasswordProfile -UserId $userUPN -Password -ForceChangePasswordNextSignIn -ForceChangePasswordNextSignInWithMfa } | Should -Throw "Missing an argument for parameter 'Password'*" + } + It "Should fail when Password is invalid" { + $userUPN = "mock106@M365x99297270.OnMicrosoft.com" + { Set-EntraBetaUserPasswordProfile -UserId $userUPN -Password "" } | Should -Throw "Cannot process argument transformation on parameter 'Password'*" + } + It "Should contain 'User-Agent' header" { + $userAgentHeaderValue = "PowerShell/$psVersion EntraPowershell/$entraVersion Set-EntraBetaUserPasswordProfile" + $userUPN = "mock106@M365x99297270.OnMicrosoft.com" + $newPassword = "New@12345" + $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force + $result = Set-EntraBetaUserPasswordProfile -UserId $userUPN -Password $secPassword -ForceChangePasswordNextSignIn -ForceChangePasswordNextSignInWithMfa + $result | Should -BeNullOrEmpty + $userAgentHeaderValue = "PowerShell/$psVersion EntraPowershell/$entraVersion Set-EntraBetaUserPasswordProfile" + Should -Invoke -CommandName Update-MgBetaUser -ModuleName Microsoft.Entra.Beta.Users -Times 1 -ParameterFilter { + $Headers.'User-Agent' | Should -Be $userAgentHeaderValue + $true + } + } + It "Should execute successfully without throwing an error " { + # Disable confirmation prompts + $originalDebugPreference = $DebugPreference + $DebugPreference = 'Continue' + $userUPN = "mock106@M365x99297270.OnMicrosoft.com" + $newPassword = "New@12345" + $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force + + try { + # Act & Assert: Ensure the function doesn't throw an exception + { Set-EntraBetaUserPasswordProfile -UserId $userUPN -Password $secPassword -ForceChangePasswordNextSignIn -ForceChangePasswordNextSignInWithMfa -Debug } | Should -Not -Throw + } + finally { + # Restore original confirmation preference + $DebugPreference = $originalDebugPreference + } + } + It "Should execute successfully without throwing an error when using parameter aliases" { + # Disable confirmation prompts + $originalDebugPreference = $DebugPreference + $DebugPreference = 'Continue' + $userUPN = "mock106@M365x99297270.OnMicrosoft.com" + $newPassword = "New@12345" + $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force + + try { + # Act & Assert: Ensure the function doesn't throw an exception + { Set-EntraBetaUserPasswordProfile -ObjectId $userUPN -Password $secPassword -ForceChangePasswordNextLogin -EnforceChangePasswordPolicy -Debug } | Should -Not -Throw + } + finally { + # Restore original confirmation preference + $DebugPreference = $originalDebugPreference + } + } + } +} + +Describe "Set-EntraBetaUserPassword" { + Context "Test for the alias Set-EntraBetaUserPassword" { + It "Should return empty object" { + $userUPN = "mock106@M365x99297270.OnMicrosoft.com" + $newPassword = "New@12345" + $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force + $result = Set-EntraBetaUserPassword -UserId $userUPN -Password $secPassword -ForceChangePasswordNextSignIn -ForceChangePasswordNextSignInWithMfa + $result | Should -BeNullOrEmpty + + Should -Invoke -CommandName Update-MgBetaUser -ModuleName Microsoft.Entra.Beta.Users -Times 1 + } + It "Should fail when UserId is empty" { + $newPassword = "New@12345" + $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force + { Set-EntraBetaUserPassword -UserId -Password $secPassword } | Should -Throw "Missing an argument for parameter 'UserId'*" + } + It "Should fail when UserId is invalid" { + $newPassword = "New@12345" + $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force + { Set-EntraBetaUserPassword -UserId "" -Password $secPassword } | Should -Throw "Cannot validate argument on parameter 'UserId'. UserId must be a valid email address or GUID." + } + It "Should fail when Password is empty" { + $userUPN = "mock106@M365x99297270.OnMicrosoft.com" + { Set-EntraBetaUserPassword -UserId $userUPN -Password } | Should -Throw "Missing an argument for parameter 'Password'*" + } + It "Should fail when Password is invalid" { + $userUPN = "mock106@M365x99297270.OnMicrosoft.com" + { Set-EntraBetaUserPassword -UserId $userUPN -Password "" } | Should -Throw "Cannot process argument transformation on parameter 'Password'*" + } + It "Should contain 'User-Agent' header" { + $userAgentHeaderValue = "PowerShell/$psVersion EntraPowershell/$entraVersion Set-EntraBetaUserPasswordProfile" + $userUPN = "mock106@M365x99297270.OnMicrosoft.com" + $newPassword = "New@12345" + $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force + $result = Set-EntraBetaUserPassword -UserId $userUPN -Password $secPassword -ForceChangePasswordNextSignIn -ForceChangePasswordNextSignInWithMfa + $result | Should -BeNullOrEmpty + $userAgentHeaderValue = "PowerShell/$psVersion EntraPowershell/$entraVersion Set-EntraBetaUserPasswordProfile" + Should -Invoke -CommandName Update-MgBetaUser -ModuleName Microsoft.Entra.Beta.Users -Times 1 -ParameterFilter { + $Headers.'User-Agent' | Should -Be $userAgentHeaderValue + $true + } + } + It "Should execute successfully without throwing an error " { + # Disable confirmation prompts + $originalDebugPreference = $DebugPreference + $DebugPreference = 'Continue' + $userUPN = "mock106@M365x99297270.OnMicrosoft.com" + $newPassword = "New@12345" + $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force + + try { + # Act & Assert: Ensure the function doesn't throw an exception + { Set-EntraBetaUserPassword -UserId $userUPN -Password $secPassword -ForceChangePasswordNextSignIn -ForceChangePasswordNextSignInWithMfa -Debug } | Should -Not -Throw + } + finally { + # Restore original confirmation preference + $DebugPreference = $originalDebugPreference + } + } + } +} +