Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Get a report of all cloud accounts

Steel Contributor

I need to get a list of all cloud only accounts (onmicrosoft.com).  I can see in Azure AD User Reports the Source field will help narrow this down for me as we sync our on-prem AD to the cloud, so those have a Source of 'Windows Server AD' and the cloud accounts have a Source of 'Azure Active Directory'.  However it doesn't appear you can do any filtering within the user report.  Is there a PowerShell command I could run that would give me a list of all users with a source of Azure Active Directory?  

11 Replies

You can use something like this:

 

 Get-MsolUser | ? {-not $_.LastDirSyncTime}

If you're using the newer AzureAD module:

 

Get-AzureADUser | Where {$_.DirSyncEnabled -ne $true}

Interestingly, the values appear to be either "True" or "null", not "False.

 

PS C:\> Get-AzureADUser | Group-Object -Property:DirSyncEnabled

Count Name                      Group
----- ----                      -----
   98 True                      {class User {...
    2                           {class User {...

The trouble I'm having with this command is that it does not return all objects. While the documentation states that there is an -All flag that should achieve this,(https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureaduser?view=azureadps-2.0) it does not appear to work.

 

Running Get-Help Get-AzureADUser does not show the -All flag.

 

PS C:\Windows\system32> Get-Help Get-AzureADUser
NAME
Get-AzureADUser
SYNOPSIS
Retrieves a specific user from Azure Active Directory
SYNTAX
Get-AzureADUser [-Top <Nullable`1[Int32]>] [-Filter <String>] [<CommonParameters>]
Get-AzureADUser [-SearchString <String>] [<CommonParameters>]
Get-AzureADUser -ObjectId <String> [<CommonParameters>]
DESCRIPTION
RELATED LINKS
REMARKS
To see the examples, type: "get-help Get-AzureADUser -examples".
For more information, type: "get-help Get-AzureADUser -detailed".
For technical information, type: "get-help Get-AzureADUser -full".
For online help, type: "get-help Get-AzureADUser -online"

 

"All" is a Boolean parameter, so you have to use it like this:

 

Get-AzureADUser -All $true

 

I know, stupid, just add it to the list of inconveniences for the module...

Yes, I read that was the case, but it does not work. This is the result I get from that command.

 

PS C:\Windows\system32> Get-AzureADUser -All $True
Get-AzureADUser : A parameter cannot be found that matches parameter name 'All'.
At line:1 char:17
+ Get-AzureADUser -All $True
+ ~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-AzureADUser], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.Open.AzureAD16.PowerShell.GetUser

 

What version of the AzureAD module is that?

I updated it in the process of trying to figure this out.


PS C:\Windows\system32> Get-Module -Name AzureAD

ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Binary 2.0.0.33 AzureAD {Add-AzureADApplicationOwner, Add-AzureADDeviceRegisteredOwner, Add-AzureADDeviceRegisteredUser, A...

That's still a very old one, released year and a half ago. Get the latest one, 2.0.1.6: https://www.powershellgallery.com/packages/AzureAD/2.0.1.6

That was the issue. I had previously run the install-module command which replaced the version I had installed. I assumed it updated to the latest version but that was not the case. Nothing I did worked until I removed the AzureAD module completely. Thank you.

No worries, one less mystery :) 

@Vasil Michev  This is not just enough, as it also list Guest users. Also add filter to exclude guest so that you only gets enterprise cloud only users.