How do I retrieve Azure AD users with an alternate email address tin a CSV file?
I tried this but the CSV AlternateEmailAddresses column is empty.
Get-AzADUser | select AlternateEmailAddresses | export-csv azureadusers.csv
I have tested in my environment.
Please use Get-AzureADUser instead of Get-AzADUser as there continues to be a lack of properties returned when comparing "Get-AzureADUser" vs. "Get-AzADUser"
Please use the below command to export Azure AD users with alternate email address to csv file.
Get-AzureADUser |select UserPrincipalName , #{n='OtherMails'; e={$_.OtherMails -join ' '}} | export-csv azureadusers.csv
Reference : https://github.com/Azure/azure-powershell/issues/10497
AzureAD is deprecated and the command "Get-AzureADUser" should not be used when not required. It also use Azure Active Directory Scope and is also deprecated and every scopes should use Graph API.
The way you need to do your query with Az Powershell is like this :
#Get users with alternate emails:
$users = Get-AzADUser -Select "otherMails", "Mail","Id","DisplayName", "UserPrincipalName"
#Selecting users other mails:
$users | Select OtherMail
As you can see, there is alot here not making sense. Why Fetching "otherMails" when it is mapped to "OtherMail" property? MS is not even respecting his own standard...
Related
I'm hoping to use the updated graph powershell commands to be able to pull more information on deleted users.
I'm trying to use:
Get-AzureADUser -Filter "aad.IsDeleted eq 'True'"
but it returns the error:
The child type 'aaad.IsDeleted' in a cast was not an entitity type.
Ho do I filter for deleted accounts, if possible, so that I can also do a select to include additional parameters / attributes?
I'm hoping to be able to know when an account was deleted, a description, etc.
Moving some users to cloud only so we need to move them in AD to a container that is excluded from AD Connect. Then need to use a script to undelete them and validate licenses are still in use.
I know with
get-MsolUser -ReturnDeletedUsers
works, however I haven't been able to figure out how to return additional values / parameters / attributes.
It doesn't appear that Get-AzureADUser or Get-AzADUser have a way of filtering or returning deleted users. You can't even use -Filter as the property is not returned from the API call.
You can however workaround this slightly and call the API directly.
$result = Invoke-AzRestMethod -Uri 'https://graph.microsoft.com/beta/directory/deleteditems/microsoft.graph.user'
$jsonOutput = $result.content | ConvertFrom-Json
$jsonOutput.value | Select-Object id, displayName, mail, deletedDateTime
There are a couple of examples on github where people have written functions to assist with making those calls:
https://github.com/Azure/GuardrailsSolutionAccelerator/blob/0f3f4994c03d8e47d7d67bd790ba3b290f37560a/src/GUARDRAIL%202%20MANAGEMENT%20OF%20ADMINISTRATIVE%20PRIVILEGES/Audit/Check-DeletedAndDisabledUsers.psm1
and
https://github.com/Panzerbjrn/AzureGraphApiHelper/blob/4cd2dcd1067bdabd349b044f1760bb958d54179d/AzureGraphApiHelper/Functions/Get-AGDeletedUsers.ps1
• You can surely get all the details of the deleted Azure AD user accounts from your tenant through the below command. Also, you can use filter and attributes as shown below along with this command for sorting out specific details for a particular deleted user account: -
Command: -
Get-MsolUser -ReturnDeletedUsers -MaxResults 50 -EnabledFilter All | Export-Csv -Path C:\Users\v-kartikb\Downloads\Reatapp\delete4.csv ’
Output: -
Similarly, if you want to get any information regarding a specific user or search a user ID based on the search string, then please refer to the below commands: -
Get-MsolUser -ReturnDeletedUsers | FL UserPrincipalName,ObjectID
Get-MsolUser –ReturnDeletedUsers –SearchString <User UPN>| FLUserPrincipalName,ObjectID
Also, do ensure that you will have to sign into Microsoft Office 365 service for executing the above commands successfully by executing the below command successfully: -
Connect-MsolService
Also, you can get the details of any deleted user if you have the object ID with you by executing the below Azure AD command through powershell: -
Connect-AzureAD
Get-AzureADMSDeletedDirectoryObject -Id <ObjectID>
Output: -
Please find the below link for more details regarding the above commands: -
http://ajaxtechinc.com/question/manage-delete-users-office-365-recycle-bin/
This can be accomplished using the graph api and the Azure CLI for auth
$deletedUsers = az rest `
--method "GET" `
--url "https://graph.microsoft.com/v1.0/directory/deletedItems/microsoft.graph.user" `
--headers "Content-Type=application/json" | ConvertFrom-Json
I need to add the Sites.FullControl.All api permission in an app registration via powershell, but i can't find the id . already have find the id of various api like AllSites.FullControl with the command
`$svcSharePoint = Get-AzureADServicePrincipal -All $true | ? { $_.DisplayName -eq "Office 365 SharePoint Online" }
$svcSharePoint.Oauth2Permissions | FT ID, Value
`
Any Ideas?
This is what I'm expecting.
I tested in my environment. I'm able to retrieve the IDs of Application permissions successfully like below:
Please note that Sites.FullControl.All is an Application Permission not Delegated Permission.
Using below cmdlet, you will only get a list of delegated permissions IDs.
$svcSharePoint.Oauth2Permissions | FT ID, Value
To get a list of application permissions IDs, you have to make use of below cmdlet:
$svcSharePoint.AppRoles | FT ID, Value
The ID of Sites.FullControl.All permission is 678536fe-1083-478a-9c59-b99265e6b0d3
I'm looking for a way to retrieve information about all users that belong to a particular group and store the results in CSV.
So, I use the following Azure AD command for the purpose:
Get-AzureADGroupMember -ObjectId "xxx" | get-azureaduser | Export-Csv -nti users.csv
However, the command only returns 100 users maximum.
Is there a way to return all the users that belong to a group from the CLI?
Try Get-AzureADGroupMember -ObjectId "xxx" -all $true | ...
Look at https://learn.microsoft.com/en-us/powershell/module/azuread/get-azureadgroupmember?view=azureadps-2.0 for reference
Using PowerShell, you can add the parameter -top xxx (-top 500 for example), or -all for all group members.
You can use Get-AzADUser instead!
I am trying to get a list of users' emails from o365 using graph API. I am able to get the complete list using following API https://graph.microsoft.com/v1.0/users?$select=mail
The problem is o365 contains multiple domains and I want to list users from specific domains only.
Is there a way to do this?
You do not specify a domain. The service will determine the domain based on the access token that is provided with the request.
You can fetch this using an advanced Graph query filter. Please refer microsoft documentation https://learn.microsoft.com/en-us/graph/aad-advanced-queries
Use the header ConsistencyLevel and its value as eventual and pass the filter endsWith(mail,' your domain name') in your API call.
Refere the image
Sadly the endsWith query-filter ist not supported yet. But there is a way around it, it's not so elegant since we're first getting all the users and then reselect the ones with the specific domain:
Connect-MgGraph -Scopes "User.Read.All"
$DisabledDomainUsers = Get-MgUser -Filter 'accountEnabled eq false' -All | Where-Object {$_.Mail -like "*#domain.ch"}
The following Modules are needed to use the commands above:
Install-Module Microsoft.Graph -Scope CurrentUser
Install-Module Microsoft.Graph.Users -Scope CurrentUser
I'm trying to retrieve the list of available PowerApps from my Office 365 tenant. Is there a set of APIs that I could use to get the information about PowerApps (existing environments, all PowerApps, PowerApps shared with me, etc.)?
I couldn't find any documentation on this.
You can try PowerShell to get all the necessary details like below:
Display a list of all PowerApps
Get-AdminPowerApp
Returns a list of all PowerApps across the tenant, with details of each (e.g., application name (guid), display name, creator, etc).
Display the number of apps each user owns
Get-AdminPowerApp | Select –ExpandProperty Owner | Select –ExpandProperty displayname | Group
Display the number of apps in each environment
Get-AdminPowerApp | Select -ExpandProperty EnvironmentName | Group | %{ New-Object -TypeName PSObject -Property #{ DisplayName = (Get-AdminPowerAppEnvironment -EnvironmentName $_.Name | Select -ExpandProperty displayName); Count = $_.Count } }
Read more
You can use the PowerApps for Admins connectors in Flow to retrieve all this information. Use them as your web service and write the data anywhere you like. Its a little more automated than a local terminal.
If you're super hacky, you might spin up a PowerShell Azure Function instance to run those PS scripts serverless!