This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
is there a way to retrieve the Identity Issuer information for an Azure AD user (external) via PowerShell ?
Thank you,
Luca
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 2%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELS%3C/text%3E%3C/svg%3E)
You can get this if you specify the -Property Identities. The example provided below returns blank values because the property is not specified with the cmdlet.
Get-MgUser -Property Identities
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
@Luca Fabbri ,
I understand that you are trying to get information on whether we have a PowerShell cmdlet to obtain the Identity Issuer information for any Azure AD User . I tried three different PowerShell modules related to user information and this is currently not available through PowerShell . I am assuming that you are trying to get information on your external guest users from other tenants who have been invited like you see on the portal .
I tried three different powershell modules as below but could not get that exact information in any of them . So I can conclude that this information is only available from portal as seen above and not using any powershell cmdlet at this point .
PS C:\> Get-MsolUser -ObjectId 13d6b73e-xxxx-xxxx-xxxx-974125e0e66a | fl
ExtensionData : System.Runtime.Serialization.ExtensionDataObject
AlternateEmailAddresses : {adm@0000000.onmicrosoft.com}
AlternateMobilePhones : {}
AlternativeSecurityIds : {16 3 191 253 139 203 84 181}
BlockCredential : False
City :
CloudExchangeRecipientDisplayType : 6
Country :
Department :
DirSyncProvisioningErrors : {}
DisplayName : Umbrella A
Errors :
Fax :
FirstName : shashi
ImmutableId :
IndirectLicenseErrors : {}
IsBlackberryUser : False
IsLicensed : False
LastDirSyncTime :
LastName :
LastPasswordChangeTimestamp : 6/23/2020 5:11:13 PM
LicenseAssignmentDetails : {}
LicenseReconciliationNeeded : False
Licenses : {}
LiveId : 1003200000000000
MSExchRecipientTypeDetails :
MSRtcSipDeploymentLocator :
MSRtcSipPrimaryUserAddress :
MobilePhone :
ObjectId : 13d6b73e-xxxx-xxxx-xxxx-974125e0e66a
Office :
OverallProvisioningStatus : None
PasswordNeverExpires :
PasswordResetNotRequiredDuringActivate :
PhoneNumber :
PortalSettings :
PostalCode :
PreferredDataLocation :
PreferredLanguage :
ProxyAddresses : {SMTP:adm@0000000.onmicrosoft.com}
ReleaseTrack :
ServiceInformation : {}
SignInName : adm@0000000.onmicrosoft.com
SoftDeletionTimestamp :
State :
StreetAddress :
StrongAuthenticationMethods : {Microsoft.Online.Administration.StrongAuthenticationMethod, Microsoft.Online.Administration.StrongAuthenticationMethod}
StrongAuthenticationPhoneAppDetails : {}
StrongAuthenticationProofupTime :
StrongAuthenticationRequirements : {}
StrongAuthenticationUserDetails :
StrongPasswordRequired :
StsRefreshTokensValidFrom : 6/23/2020 5:11:13 PM
Title :
UsageLocation : IN
UserLandingPageIdentifierForO365Shell :
UserPrincipalName : adm_0000000.onmicrosoft.com#EXT#@A1111.onmicrosoft.com
UserThemeIdentifierForO365Shell :
UserType : Guest
ValidationStatus : Healthy
WhenCreated : 6/23/2020 5:11:13 PM
If you use the Get-AzureADUser cmdlet then you can filter them by value of CreationType parameter which will be Invitation for external users always. It will include everyone who has redeemed an invitation which will give you list of all users who are external users in the tenant. (this includes Microsoft Account and B2B users from external AzureAD tenant)
PS C:\> get-AzureADUser -ObjectId 13d6b73e-xxxx-xxxx-xxxx-974125e0e66a | fl
ExtensionProperty : {[odata.metadata, https://graph.windows.net/adfxxxxa-xxxx-xxxx-xxxx-581xxxx7a74f/$metadata#directoryObjects/@Element], [odata.type,
Microsoft.DirectoryServices.User], [createdDateTime, 6/23/2020 5:11:13 PM], [employeeId, ]...}
DeletionTimestamp :
ObjectId : 13d6b73e-xxxx-xxxx-xxxx-974125e0e66a
ObjectType : User
AccountEnabled : True
AgeGroup :
AssignedLicenses : {}
AssignedPlans : {}
City :
CompanyName :
ConsentProvidedForMinor :
Country :
CreationType : Invitation
Department :
DirSyncEnabled :
DisplayName : Umbrella Admin
FacsimileTelephoneNumber :
GivenName : shashi
IsCompromised :
ImmutableId :
JobTitle :
LastDirSyncTime :
LegalAgeGroupClassification :
Mail : adm@0000000.onmicrosoft.com
MailNickName : adm_0000000.onmicrosoft.com#EXT#
Mobile :
OnPremisesSecurityIdentifier :
OtherMails : {adm@0000000.onmicrosoft.com}
PasswordPolicies :
PasswordProfile :
PhysicalDeliveryOfficeName :
PostalCode :
PreferredLanguage :
ProvisionedPlans : {}
ProvisioningErrors : {}
ProxyAddresses : {SMTP:adm@0000000.onmicrosoft.com}
RefreshTokensValidFromDateTime : 6/23/2020 5:11:13 PM
ShowInAddressList : False
SignInNames : {}
SipProxyAddress :
State :
StreetAddress :
Surname : shailaj
TelephoneNumber :
UsageLocation : IN
UserPrincipalName : adm_0000000.onmicrosoft.com#EXT#@x11111.onmicrosoft.com
UserState : Accepted
UserStateChangedOn : 2020-06-23T17:11:52Z
UserType : Guest
I tried checking the extension attribute as well however it does not have the Issuer Identity information as well
PS C:\> Get-AzureADUserExtension -ObjectId 13d6b73e-xxxx-xxxx-xxxx-974125e0e66a | fl
Key : odata.metadata
Value : https://graph.windows.net/adfxxxxa-xxxx-xxxx-xxxx-581xxxx7a74f/$metadata#directoryObjects/@Element
Key : odata.type
Value : Microsoft.DirectoryServices.User
Key : createdDateTime
Value : 6/23/2020 5:11:13 PM
Key : employeeId
Value :
Key : onPremisesDistinguishedName
Value :
Key : userIdentities
Value : []
I also tried the Microsoft Graph powershell module for querying the users as well but that also does not provide this kind of information for users from external directory
PS C:\> Get-MgUser -UserId 13d6b73e-xxxx-xxxx-xxxx-974125e0e66a | fl
AboutMe :
AccountEnabled :
Activities :
AgeGroup :
AgreementAcceptances :
AppRoleAssignments :
AssignedLicenses :
AssignedPlans :
Authentication : Microsoft.Graph.PowerShell.Models.MicrosoftGraphAuthentication1
Birthday :
BusinessPhones : {}
Calendar : Microsoft.Graph.PowerShell.Models.MicrosoftGraphCalendar1
CalendarGroups :
CalendarView :
Calendars :
Chats :
City :
CompanyName :
ConsentProvidedForMinor :
ContactFolders :
Contacts :
Country :
CreatedDateTime :
CreatedObjects :
CreationType :
DeletedDateTime :
Department :
DeviceEnrollmentLimit :
DeviceManagementTroubleshootingEvents :
DirectReports :
DisplayName : Umbrella A
Drive : Microsoft.Graph.PowerShell.Models.MicrosoftGraphDrive1
Drives :
EmployeeHireDate :
EmployeeId :
EmployeeOrgData : Microsoft.Graph.PowerShell.Models.MicrosoftGraphEmployeeOrgData
EmployeeType :
Events :
Extensions :
ExternalUserState :
ExternalUserStateChangeDateTime :
FaxNumber :
FollowedSites :
GivenName : sam
HireDate :
Id : 13d6b73e-xxxx-xxxx-xxxx-974125e0e66a
Identities :
ImAddresses :
InferenceClassification : Microsoft.Graph.PowerShell.Models.MicrosoftGraphInferenceClassification
Insights : Microsoft.Graph.PowerShell.Models.MicrosoftGraphOfficeGraphInsights
Interests :
IsResourceAccount :
JobTitle :
JoinedTeams :
LastPasswordChangeDateTime :
LegalAgeGroupClassification :
LicenseAssignmentStates :
LicenseDetails :
Mail : adm@0000000.onmicrosoft.com
MailFolders :
MailNickname :
MailboxSettings : Microsoft.Graph.PowerShell.Models.MicrosoftGraphMailboxSettings1
ManagedAppRegistrations :
ManagedDevices :
Manager : Microsoft.Graph.PowerShell.Models.MicrosoftGraphDirectoryObject
MemberOf :
Messages :
MobilePhone :
MySite :
Oauth2PermissionGrants :
OfficeLocation :
OnPremisesDistinguishedName :
OnPremisesDomainName :
OnPremisesExtensionAttributes : Microsoft.Graph.PowerShell.Models.MicrosoftGraphOnPremisesExtensionAttributes
OnPremisesImmutableId :
OnPremisesLastSyncDateTime :
OnPremisesProvisioningErrors :
OnPremisesSamAccountName :
OnPremisesSecurityIdentifier :
OnPremisesSyncEnabled :
OnPremisesUserPrincipalName :
Onenote : Microsoft.Graph.PowerShell.Models.MicrosoftGraphOnenote1
OnlineMeetings :
OtherMails :
Outlook : Microsoft.Graph.PowerShell.Models.MicrosoftGraphOutlookUser1
OwnedDevices :
OwnedObjects :
PasswordPolicies :
PasswordProfile : Microsoft.Graph.PowerShell.Models.MicrosoftGraphPasswordProfile
PastProjects :
People :
Photo : Microsoft.Graph.PowerShell.Models.MicrosoftGraphProfilePhoto
Photos :
Planner : Microsoft.Graph.PowerShell.Models.MicrosoftGraphPlannerUser1
PostalCode :
PreferredLanguage :
PreferredName :
Presence : Microsoft.Graph.PowerShell.Models.MicrosoftGraphPresence1
ProvisionedPlans :
ProxyAddresses :
RegisteredDevices :
Responsibilities :
Schools :
ScopedRoleMemberOf :
Settings : Microsoft.Graph.PowerShell.Models.MicrosoftGraphUserSettings1
ShowInAddressList :
SignInSessionsValidFromDateTime :
Skills :
State :
StreetAddress :
Surname : sm
Teamwork : Microsoft.Graph.PowerShell.Models.MicrosoftGraphUserTeamwork1
Todo : Microsoft.Graph.PowerShell.Models.MicrosoftGraphTodo
TransitiveMemberOf :
UsageLocation :
UserPrincipalName : adm_0000000.onmicrosoft.com#EXT#@A111.onmicrosoft.com
UserType :
AdditionalProperties : {[@odata.context, https://graph.microsoft.com/v1.0/$metadata#users/$entity]}
Hope this helps. Unfortunately the information you require is not available at the moment through any powershell cmdlet and only available from the portal. If the information shared is useful , please do accept the post as answer as it will be helpful to other community members searching the similar queries. Should you have any other query , do let us know and we will be happy to help .
Thank you.
----------------------------------------------------------------------------------------------------------------------------------------------------------
whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
Hello @Shashi Shailaj ,
thank you for detailing your investigation.
Regards,
Luca
Hello @Shashi Shailaj ,
here an update and answer to my first question.
Basically most of the information (if not all) accessible/readable on Azure Portal can be retrieved through Microsoft Graph.
With reference to this MSFT article: Get a user, getting a user returns a default set of properties only (businessPhones, displayName, givenName, id, jobTitle, mail, mobilePhone, officeLocation, preferredLanguage, surname, userPrincipalName). So I have to append $select to the request to get the other properties like Identities:
https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}?$select=identities
Below the results.
External Azure AD
Microsoft Account
Google Account
One-Time Password
Bye,
Luca
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 18%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJZ%3C/text%3E%3C/svg%3E)
Hello Luca,
Could you please share the final Poweshell script?
Hi József.
Just replace $id with actual ID (or UPN):
Get-MgUser -UserId $id -Property Identities | select -ExpandProperty Identities | fl