PowerShell Script – Get-MsolUserInformation
The Get-MsolUserInformation cmdlet provides an easy way to retrieve all users that are a member or guest and/or are registered in Azure Directory or Active Directory.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 |
function Get-MsolUserInformation { <# .Synopsis Get-MsolUserInformation .DESCRIPTION The Get-MsolUserInformation cmdlet provides an easy way to retrieve all users that are a member or guest and or are registered in Azure Directory or Active Directory. In addition a new property is added to the output called SynchType which is either set to "InCloud" or "ADSynched". .PARAMETER UserPrincipalName The user ID of the user to retrieve. .PARAMETER OutputMode Basic or Detailed. Basic only outputs DisplayName,SynchType,UserPrincipalName Detailed outputs all user attributes .PARAMETER UserType Member or Guest .PARAMETER Directory InCloud = in Azure Directory only, ADSynched = registered in Active Directory and Synched to Azure Directory. .EXAMPLE Get-MsolUserInformation -UserPrincipalName alex@foocorp.com -OutputMode Basic This command shows basic user information for user alex@foocorp.com .EXAMPLE Get-MsolUserInformation -OutputMode Detailed This command retrieves "all" user information for the retrieved users. Use -OutputMode Basic to show the following information: DisplayName,UserType, SynchType,UserPrincipalName .EXAMPLE Get-MsolUserInformation -UserType Member This command retrieves all users that are registered on the tenant and therefore their UserType attribute is set to "Member". Use - Usertype Guest to list all "Guest" users. .EXAMPLE Get-MsolUserInformation -Directory ADSynched This command retrieves all Active Directory Synched users. .EXAMPLE Get-MsolUserInformation -Directory InCloud This command lists all users that are registered in Azure Directory only. .EXAMPLE Get-MsolUserInformation -UserType Member -Directory InCloud This command lists all users that are a member and only registered in AzureDirectory. .EXAMPLE Get-MsolUserInformation -UserType Member -Directory InCloud | Where-Object {$_.PasswordNeverExpires -eq $rue} This command lists all Azure Directory users that have the PasswordNeverExpires property set to true. .NOTES Version 1.0, 20.11.2016, Alex Verboon #> [CmdLetBinding(DefaultParameterSetName="None")] Param ( # The user ID of the user to retrieve. [Parameter(ParameterSetName = "OneUser", Mandatory=$false, ValueFromPipelineByPropertyName=$true )] $UserPrincipalName, # The user type can be Member of Guest [Parameter(ParameterSetName = "Allusers", Mandatory=$false, ValueFromPipelineByPropertyName=$true )] [ValidateSet("Member","Guest")] [string]$UserType, # The source Directory where the user is created, Azure Directory or Active Directory [Parameter(ParameterSetName = "Allusers", Mandatory=$false, ValueFromPipelineByPropertyName=$true )] [ValidateSet("InCloud","ADSynched")] [string]$Directory, # Defines the output mode, Basic or Detailed. [Parameter(Mandatory=$false, ValueFromPipelineByPropertyName=$true )] [ValidateSet("Basic","Detailed")] [string]$OutputMode="Detailed" ) Begin { Try { Get-MsolDomain -ErrorAction Stop > $null } catch { write-error "You must call the Connect-MsolService cmdlet before calling any other cmdlets" Throw } if (-not $PSBoundParameters.ContainsKey("UserPrincipalName")) { if (-not $PSBoundParameters.ContainsKey("UserType")) { If($Directory -eq "InCloud") { $AzureAdUsers = Get-MsolUser | Where-Object {$_.LastDirSyncTime -eq $null} } Elseif ($Directory -eq "ADSynched") { $AzureAdUsers = Get-MsolUser | Where-Object {$_.LastDirSyncTime -ne $null} } Else { $AzureAdUsers = Get-MsolUser } } Else { if ($Directory -eq "InCloud") { $AzureAdUsers = Get-MsolUser | Where-Object {$_.UserType -eq "$UserType" -and $_.LastDirSyncTime -eq $null} } Elseif ($Directory -eq "ADSynched") { # This will not return any results as users of type "Guest" aren't synched with AD. $AzureAdUsers = Get-MsolUser | Where-Object {$_.UserType -eq "$UserType" -and $_.LastDirSyncTime -ne $null} } Else { $AzureAdUsers = Get-MsolUser | Where-Object {$_.UserType -eq "$UserType"} } } } Else { $AzureAdUsers = Get-MsolUser -UserPrincipalName $UserPrincipalName } } Process { $AzureAdUsers | foreach {$_ | Add-member -MemberType NoteProperty -Name SynchType ` -Value ($synchTypevalue = If ($_.LastDirSyncTime -eq $null) { "InCloud" } Else { "ADSynched" } ) } } End { If ($OutputMode -eq "Basic") { $output = $AzureAdUsers | Select-Object DisplayName,UserType, SynchType,UserPrincipalName } If ($OutputMode -eq "Detailed") { $output = $AzureAdUsers } $output } } |