Hi I am trying to get through powershell the Join Date for all our Azure AD only devices and if possible the account that joined the device?
Get-AzureADDevice and $_.DeviceTrustType do not hold this information.
Dsregcmd only holds registered date - I am hoping to get the actual AD Azure join date and account. Thanks
I tried to reproduce the same in my environment and got the below results:
I have one Azure AD joined device in my directory like below:
To know the device details like join date and account that performed this, you can check Audit Logs like below in Portal:
Mostly joined date and registered date will be same with seconds' gap.
To get the same details via PowerShell, you can execute below command like this:
Get-AzureADAuditDirectoryLogs | where-object Category -eq "Device" | select activityDisplayName,activityDateTime,InitiatedBy | ft
Response:
To get full details of specific activity like Register device, you can filter the command like below:
Get-AzureADAuditDirectoryLogs -Filter "activityDisplayName eq 'Register device' " | where-object Category -eq "Device" | fl
Response:
To get full details of specific activity like Add device, you can filter the command like below:
Get-AzureADAuditDirectoryLogs -Filter "activityDisplayName eq 'Add device' " | where-object Category -eq "Device" | fl
Response:
Related
I'm hoping to use the updated graph powershell commands to be able to pull more information on deleted users.
I'm trying to use:
Get-AzureADUser -Filter "aad.IsDeleted eq 'True'"
but it returns the error:
The child type 'aaad.IsDeleted' in a cast was not an entitity type.
Ho do I filter for deleted accounts, if possible, so that I can also do a select to include additional parameters / attributes?
I'm hoping to be able to know when an account was deleted, a description, etc.
Moving some users to cloud only so we need to move them in AD to a container that is excluded from AD Connect. Then need to use a script to undelete them and validate licenses are still in use.
I know with
get-MsolUser -ReturnDeletedUsers
works, however I haven't been able to figure out how to return additional values / parameters / attributes.
It doesn't appear that Get-AzureADUser or Get-AzADUser have a way of filtering or returning deleted users. You can't even use -Filter as the property is not returned from the API call.
You can however workaround this slightly and call the API directly.
$result = Invoke-AzRestMethod -Uri 'https://graph.microsoft.com/beta/directory/deleteditems/microsoft.graph.user'
$jsonOutput = $result.content | ConvertFrom-Json
$jsonOutput.value | Select-Object id, displayName, mail, deletedDateTime
There are a couple of examples on github where people have written functions to assist with making those calls:
https://github.com/Azure/GuardrailsSolutionAccelerator/blob/0f3f4994c03d8e47d7d67bd790ba3b290f37560a/src/GUARDRAIL%202%20MANAGEMENT%20OF%20ADMINISTRATIVE%20PRIVILEGES/Audit/Check-DeletedAndDisabledUsers.psm1
and
https://github.com/Panzerbjrn/AzureGraphApiHelper/blob/4cd2dcd1067bdabd349b044f1760bb958d54179d/AzureGraphApiHelper/Functions/Get-AGDeletedUsers.ps1
• You can surely get all the details of the deleted Azure AD user accounts from your tenant through the below command. Also, you can use filter and attributes as shown below along with this command for sorting out specific details for a particular deleted user account: -
Command: -
Get-MsolUser -ReturnDeletedUsers -MaxResults 50 -EnabledFilter All | Export-Csv -Path C:\Users\v-kartikb\Downloads\Reatapp\delete4.csv ’
Output: -
Similarly, if you want to get any information regarding a specific user or search a user ID based on the search string, then please refer to the below commands: -
Get-MsolUser -ReturnDeletedUsers | FL UserPrincipalName,ObjectID
Get-MsolUser –ReturnDeletedUsers –SearchString <User UPN>| FLUserPrincipalName,ObjectID
Also, do ensure that you will have to sign into Microsoft Office 365 service for executing the above commands successfully by executing the below command successfully: -
Connect-MsolService
Also, you can get the details of any deleted user if you have the object ID with you by executing the below Azure AD command through powershell: -
Connect-AzureAD
Get-AzureADMSDeletedDirectoryObject -Id <ObjectID>
Output: -
Please find the below link for more details regarding the above commands: -
http://ajaxtechinc.com/question/manage-delete-users-office-365-recycle-bin/
This can be accomplished using the graph api and the Azure CLI for auth
$deletedUsers = az rest `
--method "GET" `
--url "https://graph.microsoft.com/v1.0/directory/deletedItems/microsoft.graph.user" `
--headers "Content-Type=application/json" | ConvertFrom-Json
How do I retrieve Azure AD users with an alternate email address tin a CSV file?
I tried this but the CSV AlternateEmailAddresses column is empty.
Get-AzADUser | select AlternateEmailAddresses | export-csv azureadusers.csv
I have tested in my environment.
Please use Get-AzureADUser instead of Get-AzADUser as there continues to be a lack of properties returned when comparing "Get-AzureADUser" vs. "Get-AzADUser"
Please use the below command to export Azure AD users with alternate email address to csv file.
Get-AzureADUser |select UserPrincipalName , #{n='OtherMails'; e={$_.OtherMails -join ' '}} | export-csv azureadusers.csv
Reference : https://github.com/Azure/azure-powershell/issues/10497
AzureAD is deprecated and the command "Get-AzureADUser" should not be used when not required. It also use Azure Active Directory Scope and is also deprecated and every scopes should use Graph API.
The way you need to do your query with Az Powershell is like this :
#Get users with alternate emails:
$users = Get-AzADUser -Select "otherMails", "Mail","Id","DisplayName", "UserPrincipalName"
#Selecting users other mails:
$users | Select OtherMail
As you can see, there is alot here not making sense. Why Fetching "otherMails" when it is mapped to "OtherMail" property? MS is not even respecting his own standard...
I'm looking for a way to retrieve information about all users that belong to a particular group and store the results in CSV.
So, I use the following Azure AD command for the purpose:
Get-AzureADGroupMember -ObjectId "xxx" | get-azureaduser | Export-Csv -nti users.csv
However, the command only returns 100 users maximum.
Is there a way to return all the users that belong to a group from the CLI?
Try Get-AzureADGroupMember -ObjectId "xxx" -all $true | ...
Look at https://learn.microsoft.com/en-us/powershell/module/azuread/get-azureadgroupmember?view=azureadps-2.0 for reference
Using PowerShell, you can add the parameter -top xxx (-top 500 for example), or -all for all group members.
You can use Get-AzADUser instead!
I'm trying to retrieve the list of available PowerApps from my Office 365 tenant. Is there a set of APIs that I could use to get the information about PowerApps (existing environments, all PowerApps, PowerApps shared with me, etc.)?
I couldn't find any documentation on this.
You can try PowerShell to get all the necessary details like below:
Display a list of all PowerApps
Get-AdminPowerApp
Returns a list of all PowerApps across the tenant, with details of each (e.g., application name (guid), display name, creator, etc).
Display the number of apps each user owns
Get-AdminPowerApp | Select –ExpandProperty Owner | Select –ExpandProperty displayname | Group
Display the number of apps in each environment
Get-AdminPowerApp | Select -ExpandProperty EnvironmentName | Group | %{ New-Object -TypeName PSObject -Property #{ DisplayName = (Get-AdminPowerAppEnvironment -EnvironmentName $_.Name | Select -ExpandProperty displayName); Count = $_.Count } }
Read more
You can use the PowerApps for Admins connectors in Flow to retrieve all this information. Use them as your web service and write the data anywhere you like. Its a little more automated than a local terminal.
If you're super hacky, you might spin up a PowerShell Azure Function instance to run those PS scripts serverless!
Im trying to list all azure ad groups where the displayname ends with "Reader"
Get-AzureRmADGroup -SearchString "Reader"
And the Microsoft example says
Example 2: Get groups by search string
This command gets all Active Directory groups that **include** Patti in the display name.
Windows PowerShell
PS C:\> Get-AzureRmADGroup -SearchString "Patti"
But my result is blank when i try to do this, what I'm i missing?
Try the command below.
Get-AzureRmADGroup | Where-Object {$_.DisplayName -like "*Reader"}
Test Result(In order to speed up the operation, use a -First 5, you can ignore it):