Feb 18 2019
- last edited on
Jan 14 2022
I am trying to find a way to provision users to an API enabled SaaS application when the account gets synchronized to Azure. Unfortunately the SaaS app is not really SCIM compliant and runs basic auth. I am looking to do something serverless like Automation Runbooks. I have tried Graph and PowerShell but am not finding a good way to Filter users based on createdDateTime for all users in last x amount of time. In fact, it seems I can only read createdDateTime for a user if I specify their objectID and not their UPN which seems odd to me. PowerShell seems to have problems with the same type of filtering with extensionproperty.createddatetime
I have lots of examples that don't work such as:
$When = ((Get-Date).AddDays(-30)).Date
Get-AzureADUser -Filter datetime 'extensionproperty.CreatedDateTime -ge $When'
But these queries works:
((get-azureaduser -objectID <objectid> ).extensionproperty).createdDateTime
It's totally likely that I don't understand the odata query syntax or have been looking at this too long LOL
Has anyone tried this?
Another angle I thought of might be to watch the Azure Audit logs for Add User but that seems pretty far down the rabbit hole and might involve an event hub.
Thanks in advance for any help, other ideas, concerns, commiseration, etc.
Sep 30 2019 08:58 AM - edited Sep 30 2019 08:59 AM
I have the same problem. Did you solve this for you?
I want to write some powershell, that returns me the last created users.