Wildcards using get-azureaduser

%3CLINGO-SUB%20id%3D%22lingo-sub-1501993%22%20slang%3D%22en-US%22%3EWildcards%20using%20get-azureaduser%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1501993%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BI%20am%20having%20a%20little%20trouble%20trying%20to%20query%20my%20azuread%20instance%20using%20powershell.%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20running%20the%20follow%20command%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3EGet-AzureADUser%20-Filter%20%22userPrincipalName%20eq%20'*%40someemail.com'%22%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20does%20not%20return%20any%20results%20and%20im%20not%20sure%20why.%3C%2FP%3E%3CP%3EThe%20main%20reason%20for%20doing%20this%20is%20that%20our%20tenant%20is%20made%20up%20of%20several%20different%20agencies.%20I%20am%20only%20trying%20resolve%20a%20list%20of%20users%20for%20my%20agency%20which%20can%20be%20identified%20by%20the%20email%20domain.%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20something%20i%20am%20missing%20to%20be%20able%20to%20achieve%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1501993%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1502452%22%20slang%3D%22en-US%22%3ERe%3A%20Wildcards%20using%20get-azureaduser%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1502452%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3BHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F715800%22%20target%3D%22_blank%22%3E%40Acidrs%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%3CSTRONG%3E-Filter%3C%2FSTRONG%3E%20parameter%20is%26nbsp%3B%26nbsp%3Ban%20%3CA%20href%3D%22https%3A%2F%2Fwww.odata.org%2Fdocumentation%2Fodata-version-3-0%2Fodata-version-3-0-core-protocol%2F%23queryingcollections%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EoData%20v3.0%3C%2FA%3E%20filter%20statement%20and%20do%20not%20accept%20wildcards(%3CSTRONG%3E*%3C%2FSTRONG%3E).%3C%2FP%3E%3CP%3EYou%20can%20use%20startswith%20within%20your%20filter%20statement%26nbsp%3B%3CSTRONG%3Ebool%20startswith(string%20string%2C%20string%20prefixString)%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3EGet-AzureADUser%20-Filter%20%22startswith(UserPrincipalName%2C'Sam')%22%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnother%20option%20would%20be%20to%20use%20%3CSTRONG%3E-SearchString%3C%2FSTRONG%3E%20(which%20also%20do%20not%20accept%20wildcards...)%3A%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3EGet-AzureADUser%20-SearchString%20Melissa%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3EPlease%20read%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Fazuread%2Fget-azureaduser%3Fview%3Dazureadps-2.0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E%20for%20more%20details.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20accomplish%20your%20goal%20you%20would%20need%20to%20get%20all%20users%20and%20then%20use%20%3CSTRONG%3EWhere-Object%3C%2FSTRONG%3E%26nbsp%3Band%20%3CSTRONG%3E-like%26nbsp%3B%3C%2FSTRONG%3Eoperator%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3E%20Get-AzureADUser%20%7C%20Where-Object%20%7B%24_.UserPrincipalName%20-like%20%22*%40someemail.com%22%7D%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20that%20helps.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1502518%22%20slang%3D%22en-US%22%3ERe%3A%20Wildcards%20using%20get-azureaduser%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1502518%22%20slang%3D%22en-US%22%3E%3CP%3EFiltering%20in%20the%20Graph%2FAzure%20AD%20is%20crap%2C%20no%20other%20way%20of%20putting%20it.%20They%20recently%20added%20few%20minor%20improvements%2C%20but%20there's%20a%20looooong%20way%20to%20go%20still.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAnyway%2C%20for%20your%20specific%20scenario%2C%20it's%20probably%20best%20to%20use%20the%26nbsp%3B%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3EGet-AzureADDomainNameReference%20cmdlet%3C%2FFONT%3E%2C%20which%20will%20return%20a%20list%20of%20object%20%22matching%22%20given%20domain.%20You%20can%20filter%20the%20results%20client-side%20to%20get%20just%20the%20users%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3EGet-AzureADDomainNameReference%20-Name%20michev.info%26nbsp%3B%20%7C%20%3F%20%7B%24_.ObjectType%20-eq%20%22User%22%7D%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Visitor

Hello, 

         I am having a little trouble trying to query my azuread instance using powershell. 

I am running the follow command

 

Get-AzureADUser -Filter "userPrincipalName eq '*@someemail.com'"

 

This does not return any results and im not sure why.

The main reason for doing this is that our tenant is made up of several different agencies. I am only trying resolve a list of users for my agency which can be identified by the email domain. 

Is there something i am missing to be able to achieve this?

2 Replies
Highlighted

 Hello @Acidrs,

-Filter parameter is  an oData v3.0 filter statement and do not accept wildcards(*).

You can use startswith within your filter statement bool startswith(string string, string prefixString):

 

Get-AzureADUser -Filter "startswith(UserPrincipalName,'Sam')"

 

Another option would be to use -SearchString (which also do not accept wildcards...):

Get-AzureADUser -SearchString Melissa

Please read here for more details.

 

To accomplish your goal you would need to get all users and then use Where-Object and -like operator:

 

 Get-AzureADUser | Where-Object {$_.UserPrincipalName -like "*@someemail.com"}

 

Hope that helps.

 

 

Highlighted

Filtering in the Graph/Azure AD is crap, no other way of putting it. They recently added few minor improvements, but there's a looooong way to go still.

 

Anyway, for your specific scenario, it's probably best to use the Get-AzureADDomainNameReference cmdlet, which will return a list of object "matching" given domain. You can filter the results client-side to get just the users:

 

Get-AzureADDomainNameReference -Name michev.info  | ? {$_.ObjectType -eq "User"}