Dec 20 2019
- last edited on
Jul 24 2020
Can anyone let me know if there is a conversion available for the ObjectId property that comes out of Get-AzureADUserLicenseDetail?
It's always 43 characters and I'm pretty certain the first 21 characters are always the same (as if it's something like <tenant>:<SkuId> under the covers).
Why I care is that I'm working on using PowerShell for AAD license reporting. I've been comparing MSOnline to AzureAD/AzureADPreview, and have found these things that are better in MSOnline:
I'm trying to find ways to retrieve the same info using only the AzureAD module, and during that I've noticed that the ObjectId that comes out of Get-AzureADUserLicenseDetail is not a proper Guid.
I am overdue in learning C# and MS Graph because it seems like the PowerShell module is getting less than its fair share of TLC. BUT, until then, would love to be able to at least use just AzureAD module since we know MSOnline is not getting any updates (reference: GitHub issue revealing this fact)
Everywhere else that I see AAD developers have included an 'ObjectId' property, it has been in Guid format. I was hoping to check these ObjectId's with Get-AzureADObjectByObjectId, but it won't take this non-Guid format (I've also noticed that all kinds of ObjectIds that I pull out of sub-properties from AzureADUser's/AzureADGroup's produce no output when checked with Get-AzureADObjectByObjectId, but that's unrelated, just an observation).
Dec 21 2019 09:55 AM
That's simply some sort of internal id, you don't really need it for anything. The important part is the SKUId, which you can correlate to what the MSOL cmdlets are showing, and of course the individual services/plans.
Dec 21 2019 03:25 PM
@Vasil Michev Thanks for the response. I do get / am after the SkuId/SkuPartNumber's and have a hashtable to show the product friendly names, etc. But what I can't get so far with AzureAD module is the assignment path. If you look in the Azure AD Portal under Licenses > All products >
Office 365 E3 (as an example) > Licensed users, the Assignment Paths column is the info I'm after.
With MSOnline, it's possible, and I'm consuming it successfully now. Direct-assigned and group-assigned licenses are identified separately in the MsolUser objects' properties. But so far I haven't found the same info available in AzureADuser nor AzureADUserLicenseDetail objects.
So I've just been inspecting the AzureAD objects and all their available properties. When I came across the unfamiliar ObjectId format but could see it is consistent, I was thinking maybe it could translate to say a combo of the SkuId, and the group's, and user's ObjectId's, converted to a specific format similar to how ImmutableId is a base64 string derived from or calculated from ObjectGuid.
Looping back to the MSOnline module, I am currently able to get everything I need from it, to confirm. I like to use AzureAD module for other tasks, over MSOnline however, so am just kind of checking around to see if I can pull the same info using only the newer module. No real urgency of any kind as long as MSOnline stays living and available in its current form.
Dec 22 2019 05:06 AM
Dec 22 2019 09:35 AM
Well I cannot speak on behalf of Microsoft here, but they do have some plans on retiring the MSOnline module/bringing all missing functionality to the AAD one. When this will happen I'm not sure, it's long overdue if you ask me.