Get a report of all cloud accounts

Regular Contributor

I need to get a list of all cloud only accounts (  I can see in Azure AD User Reports the Source field will help narrow this down for me as we sync our on-prem AD to the cloud, so those have a Source of 'Windows Server AD' and the cloud accounts have a Source of 'Azure Active Directory'.  However it doesn't appear you can do any filtering within the user report.  Is there a PowerShell command I could run that would give me a list of all users with a source of Azure Active Directory?  

11 Replies

You can use something like this:


 Get-MsolUser | ? {-not $_.LastDirSyncTime}

If you're using the newer AzureAD module:


Get-AzureADUser | Where {$_.DirSyncEnabled -ne $true}

Interestingly, the values appear to be either "True" or "null", not "False.


PS C:\> Get-AzureADUser | Group-Object -Property:DirSyncEnabled

Count Name                      Group
----- ----                      -----
   98 True                      {class User {...
    2                           {class User {...

The trouble I'm having with this command is that it does not return all objects. While the documentation states that there is an -All flag that should achieve this,( it does not appear to work.


Running Get-Help Get-AzureADUser does not show the -All flag.


PS C:\Windows\system32> Get-Help Get-AzureADUser
Retrieves a specific user from Azure Active Directory
Get-AzureADUser [-Top <Nullable`1[Int32]>] [-Filter <String>] [<CommonParameters>]
Get-AzureADUser [-SearchString <String>] [<CommonParameters>]
Get-AzureADUser -ObjectId <String> [<CommonParameters>]
To see the examples, type: "get-help Get-AzureADUser -examples".
For more information, type: "get-help Get-AzureADUser -detailed".
For technical information, type: "get-help Get-AzureADUser -full".
For online help, type: "get-help Get-AzureADUser -online"



"All" is a Boolean parameter, so you have to use it like this:


Get-AzureADUser -All $true


I know, stupid, just add it to the list of inconveniences for the module...


Yes, I read that was the case, but it does not work. This is the result I get from that command.


PS C:\Windows\system32> Get-AzureADUser -All $True
Get-AzureADUser : A parameter cannot be found that matches parameter name 'All'.
At line:1 char:17
+ Get-AzureADUser -All $True
+ ~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-AzureADUser], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.Open.AzureAD16.PowerShell.GetUser



What version of the AzureAD module is that?


I updated it in the process of trying to figure this out.

PS C:\Windows\system32> Get-Module -Name AzureAD

ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Binary AzureAD {Add-AzureADApplicationOwner, Add-AzureADDeviceRegisteredOwner, Add-AzureADDeviceRegisteredUser, A...

That's still a very old one, released year and a half ago. Get the latest one,


That was the issue. I had previously run the install-module command which replaced the version I had installed. I assumed it updated to the latest version but that was not the case. Nothing I did worked until I removed the AzureAD module completely. Thank you.


No worries, one less mystery :) 


@Vasil Michev  This is not just enough, as it also list Guest users. Also add filter to exclude guest so that you only gets enterprise cloud only users.