Share via

PowerShell Get-AzureADUser -Filter example and the properties question?

EnterpriseArchitect 6,041 Reputation points
2023-02-21T05:15:45.73+00:00

Hi All,

I wonder if we can perform server-side filtering with the Get-AzureADUser cmdlet ?

URL: https://learn.microsoft.com/en-us/powershell/module/azuread/get-azureaduser?view=azureadps-2.0#-filter

or this is just limited to the properties returned by: 

Get-AzureADUser -Top 1 | Get-Member -MemberType Properties

I am trying to do the below filtering, but it does not work for all of the combinations:

Get-AzureADUser -All $true -Filter "(AccountEnabled -eq $true) -and (AssignedLicense -ne $null) -and (Mail -ne $null)"
Get-AzureADUser -All $true -Filter "(AccountEnabled -eq '$true') -and (AssignedLicense -ne '$null') -and (Mail -ne '$null')"
Get-AzureADUser -All $true -Filter "AccountEnabled eq true -and AssignedLicense ne null -and Mail ne null"
Get-AzureADUser -All $true -Filter '(AccountEnabled -eq "$true") -and (AssignedLicense -ne "$null") -and (Mail -ne "$null")'
Get-AzureADUser -All $true -Filter '(AccountEnabled -eq $true) -and (AssignedLicense -ne $null) -and (Mail -ne $null)'
Get-AzureADUser -All $true -Filter 'AccountEnabled -eq "$true" -and AssignedLicense -ne "$null" -and Mail -ne "$null"'
Get-AzureADUser -All $true -Filter 'AccountEnabled -eq $true -and AssignedLicense -ne $null -and Mail -ne $null'
Get-AzureADUser -All $true -Filter {AccountEnabled -eq $true -and AssignedLicense -ne $null -and Mail -ne $null}

Error:

Get-AzureADUser : Error occurred while executing GetUsers Code: Request_BadRequest Message: Syntax error

Thank you in advance.

Windows for business Windows Server User experience PowerShell
Microsoft Security Microsoft Entra Microsoft Entra ID
Microsoft Security Microsoft Graph
0 comments
Accepted answer
  1. Vasil Michev 119.5K Reputation points MVP Volunteer Moderator
    2023-02-21T09:55:09.17+00:00

    First of all, you should be switching to the Graph module. The list of properties you can filter on in are generally listed here: https://learn.microsoft.com/en-us/graph/aad-advanced-queries?tabs=http#user-properties

    Select-MgProfile beta

    Get-MgUser -Filter "accountEnabled eq true and mail ne null and assignedLicenses/`$count ne 0" -ConsistencyLevel "eventual" -CountVariable count

    The filter syntax overall is crap, and PowerShell doesn't help with that. You should use the string value 'true' (without quotes!) instead of $true. 'mail' is a string value, and while you can use null against it, it's does not support the 'ne' operator. And license filtering is even crappier. Use the Graph PowerShell example above ^^

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Fabricio Godoy 2,626 Reputation points
    2023-02-21T06:35:34.2633333+00:00

    Hello @EnterpriseArchitect

    I'm sorry, I don't understand what exactly you wanted.

    If I understand, u need this 3 informations from users: EnableAccount, License and mail ?

    Connect-AzureAD

    Get-AzureADUser | Select-Object DisplayName, AccountEnabled, @{Name="License";Expression={$_.AssignedLicenses}}, Mail

    That's it? please, explain if not.

    Regards

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.