Oct 31 2017
08:26 AM
- last edited on
Jul 24 2020
02:28 AM
by
TechCommunityAP
Oct 31 2017
08:26 AM
- last edited on
Jul 24 2020
02:28 AM
by
TechCommunityAP
I need to get a list of all cloud only accounts (onmicrosoft.com). I can see in Azure AD User Reports the Source field will help narrow this down for me as we sync our on-prem AD to the cloud, so those have a Source of 'Windows Server AD' and the cloud accounts have a Source of 'Azure Active Directory'. However it doesn't appear you can do any filtering within the user report. Is there a PowerShell command I could run that would give me a list of all users with a source of Azure Active Directory?
Oct 31 2017 12:14 PM
You can use something like this:
Get-MsolUser | ? {-not $_.LastDirSyncTime}
Nov 02 2017 04:22 PM
If you're using the newer AzureAD module:
Get-AzureADUser | Where {$_.DirSyncEnabled -ne $true}
Interestingly, the values appear to be either "True" or "null", not "False.
PS C:\> Get-AzureADUser | Group-Object -Property:DirSyncEnabled Count Name Group ----- ---- ----- 98 True {class User {... 2 {class User {...
Apr 17 2018 08:08 AM
The trouble I'm having with this command is that it does not return all objects. While the documentation states that there is an -All flag that should achieve this,(https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureaduser?view=azureadps-2.0) it does not appear to work.
Running Get-Help Get-AzureADUser does not show the -All flag.
PS C:\Windows\system32> Get-Help Get-AzureADUser
NAME
Get-AzureADUser
SYNOPSIS
Retrieves a specific user from Azure Active Directory
SYNTAX
Get-AzureADUser [-Top <Nullable`1[Int32]>] [-Filter <String>] [<CommonParameters>]
Get-AzureADUser [-SearchString <String>] [<CommonParameters>]
Get-AzureADUser -ObjectId <String> [<CommonParameters>]
DESCRIPTION
RELATED LINKS
REMARKS
To see the examples, type: "get-help Get-AzureADUser -examples".
For more information, type: "get-help Get-AzureADUser -detailed".
For technical information, type: "get-help Get-AzureADUser -full".
For online help, type: "get-help Get-AzureADUser -online"
Apr 17 2018 10:06 AM
"All" is a Boolean parameter, so you have to use it like this:
Get-AzureADUser -All $true
I know, stupid, just add it to the list of inconveniences for the module...
Apr 17 2018 11:26 AM
Yes, I read that was the case, but it does not work. This is the result I get from that command.
PS C:\Windows\system32> Get-AzureADUser -All $True
Get-AzureADUser : A parameter cannot be found that matches parameter name 'All'.
At line:1 char:17
+ Get-AzureADUser -All $True
+ ~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-AzureADUser], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.Open.AzureAD16.PowerShell.GetUser
Apr 17 2018 11:58 AM
What version of the AzureAD module is that?
Apr 17 2018 12:55 PM
I updated it in the process of trying to figure this out.
PS C:\Windows\system32> Get-Module -Name AzureAD
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Binary 2.0.0.33 AzureAD {Add-AzureADApplicationOwner, Add-AzureADDeviceRegisteredOwner, Add-AzureADDeviceRegisteredUser, A...
Apr 17 2018 10:32 PM
That's still a very old one, released year and a half ago. Get the latest one, 2.0.1.6: https://www.powershellgallery.com/packages/AzureAD/2.0.1.6
Apr 18 2018 06:42 AM
That was the issue. I had previously run the install-module command which replaced the version I had installed. I assumed it updated to the latest version but that was not the case. Nothing I did worked until I removed the AzureAD module completely. Thank you.
Jan 19 2020 10:28 PM
@Vasil Michev This is not just enough, as it also list Guest users. Also add filter to exclude guest so that you only gets enterprise cloud only users.