Public/generated/Get-KriticalUtcmAADUser.ps1

# Kritical.PS.UTCM | Microsoft Graph UTCM REST API toolkit
# (c) 2026 Kritical Pty Ltd | https://kritical.net
# Kritical brand banner is rendered at module load via Write-KriticalUtcmBanner.

function Get-KriticalUtcmAADUser {
<#
.SYNOPSIS
    Kritical.UTCM shim for M365DSC resource AADUser.

.DESCRIPTION

    Search-replace safe: callers that today invoke
        Get-M365DSCAADUser -Credential $cred -TenantId $tid
    can rename to
        Get-KriticalUtcmAADUser -Credential $cred -TenantId $tid
    with ZERO other edits. Parameter shape matches the M365DSC .schema.mof
    exactly. By default -PreferM365DscBehavior is true.

    Actual Graph dispatch is delegated to Invoke-KriticalUtcmM365DscSchemaBridge.
    Bridge maps resource → Graph endpoint per per-resource wave; where mapping
    is not yet shipped, bridge returns an object with Verdict='UNMAPPED'.

.NOTES
    Workload: Entra
    Param count: 32
#>

[CmdletBinding()]
param(
        # The login name of the user
[Parameter(Mandatory)] [string]$UserPrincipalName,
        # Specifies whether the user account is enabled or not. Required when a user is created.
[bool]$AccountEnabled,
        # The display name for the user
[string]$DisplayName,
        # The first name of the user
[string]$FirstName,
        # The last name of the user
[string]$LastName,
        # The country code the user will be assigned to
[string]$UsageLocation,
        # The password for the account. The parameter is a PSCredential object, but only the Password component will be used. If Password is not supplied for a new resource a new random password will be generated. Property will only be used when creating the user and not on subsequent updates.
[string]$Password,
        # The City name of the user
[string]$City,
        # The Country name of the user
[string]$Country,
        # The Department name of the user
[string]$Department,
        # The Fax Number of the user
[string]$Fax,
        # The Mobile Phone Number of the user
[string]$MobilePhone,
        # The Office Name of the user
[string]$Office,
        # The mail address of the user
[string]$Mail,
        # Specifies whether the user password expires periodically. Default value is false
[bool]$PasswordNeverExpires,
        # Specifies password policies for the user.
[string]$PasswordPolicies,
        # The Phone Number of the user
[string]$PhoneNumber,
        # The Postal Code of the user
[string]$PostalCode,
        # The Preferred Language of the user
[string]$PreferredLanguage,
        # Specifies the state or province where the user is located
[string]$State,
        # Specifies the street address of the user
[string]$StreetAddress,
        # Specifies the title of the user
[string]$Title,
        # Specifies the title of the user
[ValidateSet('Guest','Member','Other','Viral')] [string]$UserType,
        # Present ensures the user exists, absent ensures it is removed
[ValidateSet('Present','Absent')] [string]$Ensure,
        # Credentials of the Exchange Global Admin
[string]$Credential,
        # Id of the Azure Active Directory application to authenticate with.
[string]$ApplicationId,
        # Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com
[string]$TenantId,
        # Secret of the Azure Active Directory application used for authentication.
[string]$ApplicationSecret,
        # Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
[string]$CertificateThumbprint,
        # Username can be made up to anything but password will be used for CertificatePassword
[string]$CertificatePassword,
        # Path to certificate used in service principal usually a PFX file.
[string]$CertificatePath,
        # Managed ID being used for authentication.
[bool]$ManagedIdentity
)
    Invoke-KriticalUtcmM365DscSchemaBridge -ResourceName 'AADUser' -Workload 'Entra' -Verb 'Get' -CallerParams $PSBoundParameters
}