How to list users synced from onprem AD and cloud-only users?

New Contributor

Hello guys!


I was tasked to list users synced from onprem AD and cloud only users


I have downloaded and imported AzureAD PS module


Azure portal shows several users with source 'Azure Active Directory'.


I'm first trying to list these cloud-only users by running a command command  Get-AzureADUser | where {$_.dirsyncenabled -eq $false} but it yields only one user when there should be a lot more.


I also need to list users synced from onprem AD.


My command does not seem to do the trick. Can you help me out?

8 Replies
best response confirmed by Teijo Hämäläinen (New Contributor)

@Teijo Hämäläinen I would try following Get-MsolUser -All | ?{-not $_.lastdirsynctime}

There's also Get-MsolUser -Synchronized. Using the server-side filtering is faster approach, and also makes sure you don't get a trimmed list because of hitting the limit for number of objects returned (like when you have the Get-AzureADUser cmdlet above, without the -All switch, and filtering client-side).

thanks, definitely a better solution.



@Martin RublikThere is another easier option to use it. Cloud only and on prem users have big difference - Its called Immutable ID


So Get-MsolUser | where-Object {$_.ImmutableId -eq $null} -> for On prem users

Get-MsolUser | where-Object {$_.ImmutableId -ne $null} for Azure AD users ( Cloud users)


@Martin Rublik 


Thank you Martin (and Scorpio and Vasil), your solution help me forward.




I think should be other way around :)


Get-MsolUser | where-Object {$_.ImmutableId -eq $null} -> for Azure AD cloud users;

Get-MsolUser | where-Object {$_.ImmutableId -ne $null} -> for On premise users;

@Scorpio69  Definitively need -All switch to get all users.

Get-MsolUser -All | where-Object {$_.ImmutableId -eq $null}


@Teijo Hämäläinen 


I would recommend using the AzureAD PowerShell Module. You can use the following command to get a list of all Cloud Only Accounts:

Get-AzureADUser -All $true | Where-Object {$_.ImmutableId -eq $null}


If you want a list with the Cloud Only Accounts without guests, you could use the following command:

Get-AzureADUser -All $true | Where-Object {$_.ImmutableId -eq $null -and $_.UserPrincipalName -notlike "*#EXT#*"}