Skip to main content
Jorge Bernhardt Jorge Bernhardt
  1. Posts/

How to change the owner of an Azure Active Directory device

·505 words·3 mins· 100 views · 5 likes ·
Add-AzureADDeviceRegisteredOwner Connect-AzureAD Get-AzureADDevice Get-AzureADDeviceRegisteredOwner

In Azure AD, you can see that each device has an owner. The owner is the user who joined the device to Azure AD, which is sometimes the administrator account. If you want to change the owner, you won’t be able to do so through the Azure portal. That is why in this post, I will show you how to change the owner of an Azure AD device using PowerShell.

PowerShell Workaround>

PowerShell Workaround #

First, you must ensure the AzureAD module is installed on your computer and then imported into your PowerShell session. To do that, you should use the following commands.

Install-Module AzureAD
Import-module AzureAD

Once you have imported the module, you are ready to start.

Connect to Azure Active Directory.>

Connect to Azure Active Directory. #

The easiest way to get started is to log in interactively at the command line.

Connect-AzureAD
Locate the device>

Locate the device #

To get the device object in your tenant, you must use the Get-AzureADDevice cmdlet and pass the device name in the -SearchString parameter.

$device=Get-AzureADDevice `
    -searchString "SAD001"

To change the owner property on a device, you must know the value of the “ObjectId” property of the device in question. I will store the device object in the $device variable to improve the code reading. If you don’t know the device name or want to list all devices, you should use the Get-AzureADDevice cmdlet without any parameters.

Check the current owner of the device>

Check the current owner of the device #

To get the current registered owner for the device, you should use the Get-AzureADDeviceRegisteredOwner cmdlet with the following syntax.

(Get-AzureADDeviceRegisteredOwner -ObjectId $device.ObjectId).DisplayName

**Important: **Hybrid Azure AD joined Windows 10, or newer devices don’t have an owner.

Add an owner for the device>

Add an owner for the device #

To add a user as an owner to a device, the user must be registered in your tenant and know the value of the user’s “ObjectId” property. I will store the user object in the $user variable to improve code readability.

$owner=Get-AzureADUser `
    -searchString "Jorge Bernhardt"

Once the user object is stored in the $owner variable, you should use the Add-AzureADDeviceRegisteredOwner cmdlet with the following syntax to add the user as the device’s new owner.

Add-AzureADDeviceRegisteredOwner `
    -ObjectId $device.ObjectId `
    -RefObjectId $owner.ObjectId

The device object can have more than one owner, but the Azure portal will only display the last added owner.

Remove the owner of the device>

Remove the owner of the device #

Using the following syntax, you can always remove a device owner using the Remove-AzureADDeviceRegisteredOwner cmdlet.

$user=Get-AzureADUser `
    -searchString "some user"
Remove-AzureADDeviceRegisteredOwner `
    -ObjectId $device.ObjectId `
    -OwnerId $user.ObjectId
Verify the changes made>

Verify the changes made #

Once the previous step is done, to verify that the change was successful, use the Get-AzureADDeviceRegisteredOwner cmdlet with the following syntax.

Get-AzureADDeviceRegisteredOwner `
    -ObjectId $device.ObjectId

Get-AzureADDeviceRegisteredOwner
Thanks for reading my post. I hope you find it helpful. If you want to learn more about managing devices in Azure AD, check out this link.