MS AD/Azure

Connect-AzAccount

User Accounts

Extracting U-Accounts by Filter

Get-AzureADUser -All $true | Where-Object {($_.Company -eq "Company-Name-1") -or ($_.Company -eq "Company-Name-2")} | Select displayName, state, department, country, objectID, userPrincipalName | Export-Csv -path here.csv

Get-AzureADUser

Exports every user account on Azure. Exporting displayName - state etc into a CSV file

 Get-AzureADUser -All $true | Select displayName, state, department, country, office, userPrincipalName | Export-Csv -path C:\psexport\Azure_User_Mapping.csv
Get-AzureADUser -All $true | Select displayName, state, department, country, objectID, userPrincipalName | Export-Csv -path C:\psexport\Azure_User_Mapping_With_AccObID.csv
LogoGet-AzureADUser (AzureAD)MicrosoftLearn

Azure AZ Module

LogoAzure PowerShell documentationMicrosoftLearn

Filters

LogoUse the $filter query parameter to filter a collection of objects - Microsoft GraphMicrosoftLearn

User Accounts

LogoGet-AzADUser (Az.Resources)MicrosoftLearn
// Some code

Litigation Hold Audit

Get-Mailbox -ResultSize Unlimited -Filter "RecipientTypeDetails -eq 'UserMailbox'" | FL Name,LitigationHoldEnabled,InPlaceHolds | Export-Csv -Path .\Litigation-hold-audit.csv

O365 User Licences Audit

  • Connect via Powershell. 

Connect-MsolService

  • Run Get-MsolAccountSku to get a list of the current licenses in your Office 365 tenant. Make a note of the AccountSkuId value for the license you want to filter on. 

Get-MsolAccountSku

  • Now you can edit this short script to get the users matching that license. In this case, we’re getting users with a specific license.

Get-MsolUser -All | Where-Object {($_.licenses).AccountSkuId -match "LICENCETYPE"}

  • More filtering

Get-MsolUser -All | Where-Object {($_.licenses).AccountSkuId -match "LICENCETYPE"} | Select displayName, state, department, country, office, | Export-Csv filename.csv

Azure Powershell Graph Module

LogoInstall the Microsoft Graph PowerShell SDKMicrosoftLearn
LogoGet started with the Microsoft Graph PowerShell SDKMicrosoftLearn

Authentication

The PowerShell SDK supports two types of authentication: delegated access, and app-only access. In this guide, you'll use delegated access to sign in as a user, grant consent to the SDK to act on your behalf, and call the Microsoft Graph.

Microsoft Active Directory

LogoWindows Server 2022 and Windows 11 PowerShell modulesMicrosoftLearn

User module

LogoGet-ADUser (ActiveDirectory)MicrosoftLearn
# Exporting all active users and some specific attributes
Get-ADUser -LDAPFilter '(!userAccountControl:1.2.840.113556.1.4.803:=2)' -Properties cn, department, description, manager, extensionAttribute11, | Export-Csv -Path "C:\Powershell-Exports\file.csv"

# Filtering user ccounts that have a specific 'state' field.
Get-ADUser -Filter 'State -like "USR"' -Properties * # This one shows all attributes that these accounts have
 
Get-ADUser -Identity "upn" -Properties extensionAttribute11
 
Get-ADUser -Identity "upn" -Properties *


# This one grabs accounts tagged as 'USR' and prints their extension attributes
Get-ADUser -Filter 'State -like "USR"' -Properties department,extensionAttribute11,extensionAttribute12,extensionAttribute13 | Export-Csv -Path "C:\Powershell-Exports\1password-user-extensions.csv"

List members of a group 

# Install the AzureAD module if not already installed
Install-Module -Name AzureAD

# Connect to Azure AD with your admin account
Connect-AzureAD

# Get the group by its display name or object ID
$group = Get-AzureADGroup -SearchString "Your Group Name"

# Get members of the group
$members = Get-AzureADGroupMember -All $true -ObjectId $group.ObjectId

# Display member details
$members | Select-Object DisplayName, UserPrincipalName, ObjectId

Azure CLI

LogoInstall Azure CLI on macOSMicrosoftLearn
LogoGet started with Azure Command-Line Interface (CLI)MicrosoftLearn

PreviousAdministrator PortalsNextPython

Last updated

Was this helpful?