SOLVED

Find all the AzureADUsers created after a certain date via PowerShell Graph

Brass Contributor

Hello everyone,

As Microsoft will eventually retire the AzureAD and MSOL PowerShell modules (March 2023?), I am trying to update all the PowerShell scripts based on those modules with new ones based on Microsoft Graph API calls and PowerShell Graph SDK. 

I am struggling with a script which should find all the AzureAD members created after 1 July 2022 inside a specific Security Group. The script should generate a list of these "new starters" and retrieve the following information: DisplayName, UPN, ID, Email, JobTitle.

 

This is what I got so far:

[datetime]$Date = (Get-Date).adddays(-60)
$Users = Get-MgGroupMember -GroupId xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -All
$Users.Count
$UsersCreatedDate = $Users.ForEach{
    Get-MgUser -UserId $_.Id | Select-Object -Property Id, UserPrincipalName, JobTitle, CreatedDateTime
}

Getting all the users takes some time (we have around 400 members in that Security group), I am not sure if there is a quicker way to get those information.

Then I tried to filter that list using the "where-object"

$UsersCreatedDate | Where-Object {($_.CreatedDateTime -gt '$Date')}
but to no avail. I am always getting the error
Could not compare "06/20/2017 09:00:00" to "$DateTime". Error: "Cannot convert value "$DateTime" to type "System.DateTime". Error: "String was not recognized as a valid DateTime.""
What am I doing wrong?

Any help would be much appreciated! 

Many thanks in advance

 

Francesco

7 Replies
best response confirmed by fstorer (Brass Contributor)
Solution

@fstorer 

Why the quote around the $Date ??

remove them and you are good.

$UsersCreatedDate | Where-Object {($_.CreatedDateTime -gt $Date)}

Also don't forget to include the all the required property in the Get-MgUser

 

Get-MgUser -UserId $_.Id -Property CreatedDateTime,JobTitle,UserPrincipalName,id

Thanks for pointing out that mistake! All works fine now and I was able to get my list!

@fstorer 

 

You can leverage server-side filtering for this purpose rather than less-efficient client-side filtering.

 

The one thing to be wary of is that the supplied date needs to be in ISO 8601 format, which isn't clear from much of the docs.microsoft.com documentation (where the examples are plain wrong.)

 

This basic example searches shows how to find users created within the past year.

 

Get-MgUser -Filter "CreatedDateTime ge $([datetime]::UtcNow.AddYears(-1).ToString("s"))Z" | ft -AutoSize Id, UserPrincipalName, CreatedDateTime

 

LainRobertson_0-1660486343982.png

 

Cheers,

Lain

@LainRobertson 

Many many thanks for your tip, it's indeed a lot faster! I also noticed that I have to select the "beta" MGProfile in order to see the CreatedDateTime.

This way I got immediately all the users created after a specific date (staff and students and shared mailboxes), is there a way to add a filter in that line and search ONLY members assigned to a specific Security Group (so I can get only the staff users)?

Many thanks again for your help!  

@fstorer 

 

Not that I can see. You'd have to go about it one of two ways:

 

  1. Either pull the memberOf attribute in the Get-MgUser call (my preference); or
  2. Use Get-MgGroup and pull the expanded members.

 

In both cases, you'll have client-side filtering to do. I prefer option 1 because I'd normally expect to pull less data using that approach but it'd be up to your preference.

 

Here's a slightly adjusted example that pulls memberOf, after which you'd use your usual client-side "Where-Object" to filter on the groups.

 

Note, the groups are provided in their GUID form, meaning you'd need to look that up first.

 

Get-MgUser -Filter "CreatedDateTime ge $([datetime]::UtcNow.AddYears(-1).ToString("s"))Z" -ExpandProperty memberOf | Select-Object DisplayName, memberOf;

 

LainRobertson_0-1660519418579.png

 

Cheers,

Lain

@LainRobertson 

Thank you for your suggestion! 

However, when I try to filter on the groups I don't get anything. The new members have multiple groups assigned, but they are all members of a specific security group.

I am not sure how to search for the specific GUID inside the "MemberOf" property:

 

 

Get-MgUser -Filter "CreatedDateTime ge $([datetime]::UtcNow.AddDays(-62).ToString("s"))Z" -ExpandProperty memberOf | Where-Object {($_.MemberOf -in 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx')} | Select-Object Id, DisplayName, UserPrincipalName, JobTitle, CreatedDateTime

 

 

 What am I doing wrong? Am I using the wrong operator? Or is it because of the "ExpandProperty"?

Many thanks in advance!

@fstorer 

 

MemberOf itself is a "complex" type. You have to go one step further and compare it's child property named Id.

 

Also, remember that MemberOf is the collection, not a single value, meaning you need to treat it as the thing you're searching in, not the other way around as you have it in the example below. What this means is that you want to leverage the "-contains" operator.

 

Get-MgUser -Filter "CreatedDateTime ge $([datetime]::UtcNow.AddYears(-1).ToString("s"))Z" -ExpandProperty memberOf | Where-Object { $_.memberOf.Id -contains "93401cff-c750-4dd8-900e-cc2adcc067b7" } | Select-Object DisplayName, memberOf;

 

LainRobertson_0-1660557426063.png

 

Cheers,

Lain

1 best response

Accepted Solutions
best response confirmed by fstorer (Brass Contributor)
Solution

@fstorer 

Why the quote around the $Date ??

remove them and you are good.

$UsersCreatedDate | Where-Object {($_.CreatedDateTime -gt $Date)}

Also don't forget to include the all the required property in the Get-MgUser

 

Get-MgUser -UserId $_.Id -Property CreatedDateTime,JobTitle,UserPrincipalName,id

View solution in original post