Table of Contents
Getting started with Get-MgUser
Before we can start, make sure that you have installed the Microsoft Graph Module in PowerShell. In this article, you can find a complete guide on how to install the module.
The Get MgUser cmdlet allows you to find and extract user information from the Azure Active Directory. There are a couple of parameters that we can use to find or filter the users:
- UserId – Return specific user based on UPN or ObjectID
- Filter – Retrieve multiple objects based on a oDate v3 query
- Search – Get all users that match the searchString
- Top – Return n number of results
- All – Return all results (by default the first 100 items are returned)
Good to know is the cmdlet returns only the first 100 results by default. So make sure that you use the -all parameter to get all results when needed.
So the first step is to connect the Microsoft Graph with the correct scope. We are only going to retrieve user data, so we can use the User.Read.All scope.
Connect-MgGraph -Scopes 'User.Read.All'PS C:\WINDOWS\system32> Get-MgUser -All
Id DisplayName Mail UserPrincipalName UserType
-- ----------- ---- ----------------- --------
3bf811c7-6c3c-4bcd-ae94-262d801cadc8 Adele Vance AdeleV@leoguides.info AdeleV@leoguides.info
8f4ff43a-a19b-4f95-8fdf-65a07199307c Leo Guides admin@leoguides.info admin@leoguides.info
c24ddf57-38b9-4c56-a7b0-ce5547e9ff92 Alexander Harper Alexander.Harper@leoguides.info
12e766aa-a101-457a-9d21-5548686bdc40 Alex Wilber AlexW@leoguides.info AlexW@leoguides.info
8d46b857-3853-4af3-8b77-9a53451cd36f Benjamin Isabella Benjamin.Isabella@leoguides.info
c77aec12-d0cc-4fb7-849b-c5cf8a53de54 Chris chris@leoguides.info chris@leoguides.info
2b3bfac1-131a-45a7-a632-12bdbf5e02d4 Diego Siciliani DiegoS@leoguides.info DiegoS@leoguides.info
edd7061c-1311-4960-bfb7-12432861cb9d Elijah Charlotte Elijah.Charlotte@leoguides.info
93fb7bef-d58f-4041-8b81-27161b23a5b0 Grady Archie GradyA@leoguides.info GradyA@leoguides.info
a570ca2d-9ee1-44d8-a494-379aceaf4e98 Henrietta Mueller HenriettaM@leoguides.info HenriettaM@leoguides.info
c4f53ce7-cbd5-454d-b0e5-cf0c16739835 Henry Evelyn Henry.Evelyn@leoguides.infoTo get a single user we can use the UserId of the user. This can either be the UserPrincipalName of the user or the actual user id:
# Get the user by the UserPrincipalName
Get-MgUser -UserId admin@leoguides.info
# Get the user by the actual id:
Get-MgUser -UserId 8f4ff43a-a19b-4f95-8fdf-65a07199307cUsing Filters with Get-MgUser
Just like with the Get-AzureAduser cmdlet we can filter the users. The filter is based on the oDate v3 query, but not all operators are supported. We can only use the following operators to filter to users:
| Operator | Description | Example |
|---|---|---|
| eq | Equals to | jobtitle eq ‘Marketing Assistant’ |
| and | And | jobtitle eq ‘Recruiter’ and jobtitle eq ‘hr’ |
| or | Or | jobtitle eq ‘Recruiter’ or jobtitle eq ‘hr’ |
| startswith | String starts with | startswith(jobtitle,’recr’) |
Important is that you wrap the filter query in double-quotes and the string that you want to filter on in single-quotes. Only when you filter on a boolean you don’t need to put quotes around the true or false statement.
So let’s take a look at a couple of examples using the -filter parameter. To find a user by the display name we can specify the complete name of the user or use the startsWith operator. Keep in mind that we can’t use wildcard or the -like operator here.
Find the user based on the full name.
PS C:\WINDOWS\system32> Get-MgUser -Filter "DisplayName eq 'Leo Guides'"
Id DisplayName Mail UserPrincipalName UserType
-- ----------- ---- ----------------- --------
8f4ff43a-a19b-4f95-8fdf-65a07199307c Leo Guides admin@leoguides.info admin@leoguides.infoFind the user by the first part of the name.
PS C:\WINDOWS\system32> Get-MgUser -Filter "startsWith(DisplayName, 'A')"
Id DisplayName Mail UserPrincipalName UserType
-- ----------- ---- ----------------- --------
3bf811c7-6c3c-4bcd-ae94-262d801cadc8 Adele Vance AdeleV@leoguides.info AdeleV@leoguides.info
12e766aa-a101-457a-9d21-5548686bdc40 Alex Wilber AlexW@leoguides.info AlexW@leoguides.info
c24ddf57-38b9-4c56-a7b0-ce5547e9ff92 Alexander Harper Alexander.Harper@leoguides.infoThe same method can also be used to get all users with the job title “Marketing Assistant” for example:
PS C:\WINDOWS\system32> Get-MgUser -Filter "jobtitle eq 'Marketing Assistant'"
Id DisplayName Mail UserPrincipalName UserType
-- ----------- ---- ----------------- --------
12e766aa-a101-457a-9d21-5548686bdc40 Alex Wilber AlexW@leoguides.info AlexW@leoguides.infoTo get for example only the enabled user accounts with the Get-MgUser cmdlet we can use the following command:
PS C:\WINDOWS\system32> Get-MgUser -Filter 'accountEnabled eq true' -All
Id DisplayName Mail UserPrincipalName UserType
-- ----------- ---- ----------------- --------
8f4ff43a-a19b-4f95-8fdf-65a07199307c Leo Guides admin@leoguides.info admin@leoguides.info
f667aed6-e180-429b-8e9d-7f42969a1a0a Patti Fernandez PattiF@leoguides.info PattiF@leoguides.info
e424d90f-d41e-46c4-92d5-874aac4d95cf Miriam Graham MiriamG@leoguides.info MiriamG@leoguides.info
73805874-c800-41b3-ac8b-0781032d5cd2 Nestor Wilke NestorW@leoguides.info NestorW@leoguides.info
3bf811c7-6c3c-4bcd-ae94-262d801cadc8 Adele Vance AdeleV@leoguides.info AdeleV@leoguides.info
12e766aa-a101-457a-9d21-5548686bdc40 Alex Wilber AlexW@leoguides.info AlexW@leoguides.info
2b3bfac1-131a-45a7-a632-12bdbf5e02d4 Diego Siciliani DiegoS@leoguides.info DiegoS@leoguides.infoNote that I have added the -all parameter. By default, the Get MgUser cmdlet only returns the first 100 results. By adding the -all parameter we get all the results returned.
We can also filter on multiple conditions, by using and or or in the filter query:
PS C:\WINDOWS\system32> Get-MgUser -Filter "department eq 'R&D' and jobtitle eq 'Designer'"
Id DisplayName Mail UserPrincipalName UserType
-- ----------- ---- ----------------- --------
93fb7bef-d58f-4041-8b81-27161b23a5b0 Grady Archie GradyA@leoguides.info GradyA@leoguides.infoUsing Search to Find Users
Besides the filter parameter, we can also use the -Search parameter to find users. The parameter requires a property that you want to search on and a value. You will also need to set the -consistencylevel to eventual.
The advantage of the -search parameter is that it allows us to search on any part of the value. So for example, if want to search on a part of the name we can use :
PS C:\WINDOWS\system32> Get-MgUser -Search 'DisplayName:leo' -ConsistencyLevel eventual
Id DisplayName Mail UserPrincipalName UserType
-- ----------- ---- ----------------- --------
8f4ff43a-a19b-4f95-8fdf-65a07199307c Leo Guides admin@leoguides.info admin@leoguides.info
