Certainly, I am using Get-AzureADUser, Get-AzureAdAuditSigninLogs and Get-AzureADUserLicenseDetail cmdlet for this how to find all Azure AD users with PowerShell tutorial. Likewise on-premises Active Directory, we can manage Azure AD with PowerShell and Azure AD admin center.
Further, We can manage users from Microsoft 365 or Azure Active Directory (Azure AD) admin centers. But, You can also manage them through PowerShell.
Find Azure AD Users with Get-AzureADUser in PowerShell
Specifically, you can use Get-AzureADUser to get a user from Azure Active Directory (AD). Further, this Get-AzureADUser cmdlet have following parameters.
- All – Firstly, If True, return all users and If false, return the number of objects specified by the Top parameter
- Top – Secondly, Specifies the maximum number of records to return like Top 10.
- Filter – Consequently, Filter retrieve multiple objects based on a oDate v3 query. Not all of the OData v3.0 functions and operators are supported at this time.
- SearchString – Further, SearchString get all Azure AD users that match the searchString.
- ObjectId – Finally, ObjectId specifies the ID (as a UPN or ObjectId) of a user in Azure AD.
Certainly, the Get-AzureADUser cmdlet only returns 100 records. Therefore, Add the -All $True parameter to get all results.
Get All Azure AD Users
Before explaining the Get-AzureADUser cmdlet in details, Let’s get all Azure AD Users. Similarly, the command with -All $True parameter, you will get all Azuer AD users.
Get-AzureADUser -All $True
Meanwhile, In above result set, I am intentionally omitting some results in the image above.
Get Single Azure AD User By Id
Certainly, You can look up a single user in Azure AD with ObjectID parameter. In fact, ObjectId accepts the UserPrincipalName (UPN) and ID (Object ID) as a value.
Get-AzureADUser -ObjectId mrizwan@rizwanranjha.com
Certainly, above command with -ObjectId parameter will only return four fields of Azure AD User. Therefore, you can use ObjectId with two methods to return all user properties.
- Firstly, you need to add fl in the end of command to get all Azure AD User properties.
Get-AzureADUser -ObjectId mrizwan@macrosoftinc.com | fl
- Secondly, you can also use select * in the end of command to get all user properties of the given UserPrincipalName (UPN).
Get-AzureADUser -ObjectId mrizwan@rizwanranjha.com | select *
Get AzureADUser Filter Usage
In fact, Filter parameter is very useful and the filter query is based on the oDate v3 filter statement. For example, we can search for all users with the Country “United States”.
Get-AzureADUser -Filter "Country eq 'United States'"
Most importantly, You can not use all oData v3 parameters with Get-AzureADUser but here are four usable operators.
| Operator | Description | Example |
|---|---|---|
| eq | Equal | Country eq ‘United States |
| and | Logical and | Country eq ‘United States and JobTitle eq ‘IT’ |
| or | Logical or | JobTitle eq ‘IT’ or JobTitle eq ‘Admin’ |
| startswith | Starts with (String prefixString) | startswith (JobTitle,’Ad’) |
Search Azure AD Users using the SearchString
Specifically, According to the Get-AzureADUser documentation, the SearchString parameter only searches against the first characters in the DisplayName or UserPrincipalName.
This cmdlet gets all users that match the value of SearchString against the first characters in DisplayName or UserPrincipalName.
https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureaduser?view=azureadps-2.0#example-3-search-among-retrieved-users
Additionally, I found SearchString is working with few more fields, here are these for your reference.
- UserPrincipalName – Firstly, Match the value of SearchString against the first characters.
- DisplayName – Secondly, Match the value of SearchString against the first characters.
- Job Title – Thirdly, Match the exact value of SearchString.
- Department – Further, Match the exact value of SearchString.
- City – Furthermore, Match the exact value of SearchString.
- State – Likewise, Match the exact value of SearchString.
- Country – Finally, Match the exact value of SearchString.
#Below example Match the value of SearchString against the first characters. Get-AzureADUser -SearchString "mrizwan" #Below example Match the value of SearchString against the first characters. Get-AzureADUser -SearchString "Rizwan"
Azure AD Users Parameters with Where-Object
Meanwhile, When you use Get-AzureADUser with default parameters, it searches everything on the server. Consequently, you can use Where-Object to filter the results locally in PowerShell.
Get-AzureADUser -All $true | Where-Object {$_.DisplayName -like "*Rizwan*"}
Hopefully, This tutorial will help you to find Azure AD Users. If you found it helpful, do like my page on Facebook and show up yourself in comments.
