Wildcards using get-azureaduser

Copper Contributor

Hello, 

         I am having a little trouble trying to query my azuread instance using powershell. 

I am running the follow command

 

Get-AzureADUser -Filter "userPrincipalName eq '*@someemail.com'"

 

This does not return any results and im not sure why.

The main reason for doing this is that our tenant is made up of several different agencies. I am only trying resolve a list of users for my agency which can be identified by the email domain. 

Is there something i am missing to be able to achieve this?

4 Replies

 Hello @Acidrs,

-Filter parameter is  an oData v3.0 filter statement and do not accept wildcards(*).

You can use startswith within your filter statement bool startswith(string string, string prefixString):

 

Get-AzureADUser -Filter "startswith(UserPrincipalName,'Sam')"

 

Another option would be to use -SearchString (which also do not accept wildcards...):

Get-AzureADUser -SearchString Melissa

Please read here for more details.

 

To accomplish your goal you would need to get all users and then use Where-Object and -like operator:

 

 Get-AzureADUser | Where-Object {$_.UserPrincipalName -like "*@someemail.com"}

 

Hope that helps.

 

 

Filtering in the Graph/Azure AD is crap, no other way of putting it. They recently added few minor improvements, but there's a looooong way to go still.

 

Anyway, for your specific scenario, it's probably best to use the Get-AzureADDomainNameReference cmdlet, which will return a list of object "matching" given domain. You can filter the results client-side to get just the users:

 

Get-AzureADDomainNameReference -Name michev.info  | ? {$_.ObjectType -eq "User"}

 

Get-AzureADDomainNameReference doesn't work for federated domains, so might need to resort to dumb get|where construct

@Acidrs if you are managing a multi tenant environment and connect to each tenant using the tenant id eg. 

Connect-AzureAD -Credential $credentials -TenantId $tenantid

then the best way to filter the userprincipalname bases on domains is by using the example stated in the previous comment: 

Get-AzureADUser -All 1| where {$_.UserPrincipalName -like "*@domain.com"}

If you are managing one tenant with multiple domains then the fastest way to get objects with a specific domain is to use the MSOL module. 
eg. 

Get-MsolUser -All -DomainName domain.com

 I have used this multiple times in the past without any issues.