How to filter Get-MsolUser
You can try this:
Get-MsolUser -EnabledFilter EnabledOnly -SearchString "Bassie"
Otherwise, you'll have to be more specific and do something like this:
Get-MsolUser -EnabledFilter EnabledOnly -UserPrincipalName "[email protected]"
For getting the password list, in my case our Office 365/Azure AD tenant syncs from an on-premise server, so I'd just ask the local AD using the old LDAP CmdLet. If you can't do that, you're probably gonna have to pull down all of the user accounts. If it takes too long, you could do this as a scheduled task somewhere during off hours.
Related videos on Youtube
Comments
-
Bassie almost 2 years
I am trying to get a set of users from AAD but can't seem to work out how to apply a filter to the query.
Eventually, I need a list of users whose password has not been updated for 80+ days.
Is there really no way of filtering
Get-MsolUser
? The closest thing I could find is something like thisGet-MsolUser -All -EnabledFilter EnabledOnly | Where { $_.DisplayName -match "Bassie" }
But this takes way too long, as I guess it is retrieving every single user then checking each one for the the
match
.Can't I just filter the initial query, like we used to do with LDAP and
Get-ADUser
?If not, why? It seems crazy to remove that kind of functionality, especially considering there is no way of checking the password change date using MS graph API.
-
Bassie almost 6 yearsOk thanks Joel - I don't really understand why ms would remove such a useful feature.. Maybe they will bring it back eventually..
-
Joel Coehoorn almost 6 yearsRunning lots of tenants on what are essentially shared machines means the system is sensitive to different kinds of load. I'd guess this kind of filter has a much higher cost to operate. Also, this de-couples them from LDAP. Shedding the LDAP roots allows them to move AD in new directions not limited by the LDAP spec. Especially for the password search, the new NIST standards no longer recommend expiring passwords like that anyway (studies show this actually reduces security). Moreover, a big part of what cloud-based AzureAD is trying to do is enable all new identity management paradigms.