After my last post on auto refreshing data entities after a deployment, I want to show you how to enable users in your system after a database refresh. A big ‘thank you’ goes out, as always, to @splaxi for delivering the d365fo – toolset and for the idea on this post.
We will use the d365fo.integrations once more so that we don’t need a line of X++ code.

Enable or disable users locally

I’ll skip the setup part as I covered it already in my last post .
If everything is in place, we can try to enable a user. I disabled the contoso user ‘Richard Carey’.

Simply trigger the following command in an elevated PowerShell prompt:

$token = Get-D365ODataToken
Update-D365ODataEntity -EntityName SystemUsers -Key "UserID='RichardC'" -Payload '{"Enabled": "true"}' -token $token

This will trigger a search on the SystemUsers entity with the key being the user id ‘RichardC’. The “Payload” variable has the field name and the value we want to set. After the command completes, we can see the user being enabled.

Enable users through an Azure DevOps Pipeline

After the boring part of enabling the users locally comes the fun part, enabling them automatically with the help of the Azure Pipelines. Basically the script isn’t very different from the one to refresh the data entities. Again we create a PowerShell task in a build or release pipeline:

You can choose to call the script either via a checked in script, which I prefer, or just paste it in there as an inline task.
Let’s have a look at the script, which you can also download on GitHub

Install-PackageProvider nuget -Scope CurrentUser -Force -Confirm:$false
write-host "nuget installed"
Install-Module -Name AZ -AllowClobber -Scope CurrentUser -Force -Confirm:$False -SkipPublisherCheck
write-host "az installed"
Install-Module -Name d365fo.integrations  -AllowClobber -Scope CurrentUser -Force -Confirm:$false
write-host "d365fo.integrations installed"
Add-D365ODataConfig -Name "D365EnableUsers" -Tenant "AzureTenantId" -url "" -ClientId "AzureApplicationId" -ClientSecret "AzureApplicationClientSecret"
write-host "Config added"
Set-D365ActiveODataConfig -Name D365EnableUsers
write-host "Config as default"

$token = Get-D365ODataToken
write-host "Token generated"

$SystemUsers = Get-D365ODataEntityData -EntityName SystemUsers -ODataQuery '$filter=Enabled eq false' -Token $token
#select the disabled users

$payload = '{"Enabled": "true"}'
#set the field names and the desired values to update

foreach ($user in $SystemUsers)
    #iterate through the users and create the [key, payload] array
    $userId = $user.UserID
        $SystemUsersToUpdateNew += [PSCustomObject]@{Key = "UserID='$userId'"; Payload = $payload}
    else {
        $SystemUsersToUpdateNew  = @([PSCustomObject]@{Key = "UserID='$userId'"; Payload = $payload})        

Update-D365ODataEntityBatchMode -EntityName "SystemUsers" -Payload $SystemUsersToUpdateNew -Verbose -Token $token
#call the update command 

First of all we install the d365fo.integrations module and set the oData configuration for the module.
Then we call the Get-D365ODataEntityData command to get all the disabled users. Here we can also filter the data. So we could, for example, filter only for users from a specific tenant.
The payload variable specifies the field names and the value we want them to be updated to.
Next we iterate through the result set and create an array with the user id as the key value and the payload variable as the payload value.
The last step is to call the Update-D365ODataEntityBatchMode command with the SystemUsers entity specified and the payload array with the users we want to update.
Here is the result of my sample pipeline which enabled around 50 users:

Be aware that if you use the script after a database refresh, the application id will be the id from the production environment. Also this should be linked to the admin user, as this is the only one which will be active after the refresh.