How to filter Get-MsolUser

powershell office365 azure-active-directory
15,566

You can try this:

Get-MsolUser -EnabledFilter EnabledOnly -SearchString "Bassie"

Otherwise, you'll have to be more specific and do something like this:

Get-MsolUser -EnabledFilter EnabledOnly -UserPrincipalName "[email protected]"

For getting the password list, in my case our Office 365/Azure AD tenant syncs from an on-premise server, so I'd just ask the local AD using the old LDAP CmdLet. If you can't do that, you're probably gonna have to pull down all of the user accounts. If it takes too long, you could do this as a scheduled task somewhere during off hours.

Share:
15,566

Related videos on Youtube

Bassie
Author by

Bassie

Trying to develop

Updated on June 04, 2022

Comments

  • Bassie
    Bassie almost 2 years

    I am trying to get a set of users from AAD but can't seem to work out how to apply a filter to the query.

    Eventually, I need a list of users whose password has not been updated for 80+ days.

    Is there really no way of filtering Get-MsolUser? The closest thing I could find is something like this

    Get-MsolUser -All -EnabledFilter EnabledOnly | Where { $_.DisplayName -match "Bassie" }

    But this takes way too long, as I guess it is retrieving every single user then checking each one for the the match.

    Can't I just filter the initial query, like we used to do with LDAP and Get-ADUser?

    If not, why? It seems crazy to remove that kind of functionality, especially considering there is no way of checking the password change date using MS graph API.

  • Bassie
    Bassie almost 6 years
    Ok thanks Joel - I don't really understand why ms would remove such a useful feature.. Maybe they will bring it back eventually..
  • Joel Coehoorn
    Joel Coehoorn almost 6 years
    Running lots of tenants on what are essentially shared machines means the system is sensitive to different kinds of load. I'd guess this kind of filter has a much higher cost to operate. Also, this de-couples them from LDAP. Shedding the LDAP roots allows them to move AD in new directions not limited by the LDAP spec. Especially for the password search, the new NIST standards no longer recommend expiring passwords like that anyway (studies show this actually reduces security). Moreover, a big part of what cloud-based AzureAD is trying to do is enable all new identity management paradigms.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Update the companyName attribute for an Azure AD user via PowerShell
How do I get all the details of an Azure AD computer object?
How to use powershell to return all exchange distribution groups for a user
AADSTS90102: 'redirect_uri' value must be a valid absolute Uri
Get-AzureKeyVaultSecret : Operation returned an invalid status code 'Forbidden'
Powershell: Get-AzureADGroupMember doesnt give me the whole list
How to get Azure AD user's last login time?
Service ADSync was not found on computer
How can I see users' Office 365 Password date (date last changed, date it will expire, etc.)?
Unable to Connect to Office 365 via Powershell on Windows 10