Export Users with PowerShell Script

GuestGuivenchi 105 Reputation points
2024-02-17T02:14:13.96+00:00

I manage an Azure AD Does anyone have a PowerShell script that can help me get all users from Azure Active directory with UserPrincipalName, DisplayName, UserType,Department, EmployeeType,MFAState, MFADefaultMethod, MFAPhoneNumber, PrimarySMTP,Aliases, WhenCreated, CreationType ,Employee type,Accountstatus, Manager, CompanyName, Identities, Type license. Thanks for the help.

PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,463 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,421 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Vahid Ghafarpour 21,080 Reputation points
    2024-02-17T02:39:31.6133333+00:00

    Thanks for posting your question in the Microsoft Q&A forum. Did you check the script generated by ChatGPT?

    # Import the AzureAD module
    Import-Module AzureAD
    # Connect to Azure AD
    Connect-AzureAD
    # Get all users from Azure AD
    $users = Get-AzureADUser -All $true
    # Loop through each user and retrieve the required information
    $userInfo = @()
    foreach ($user in $users) {
        $userPrincipalName = $user.UserPrincipalName
        $displayName = $user.DisplayName
        $userType = $user.UserType
        $department = $user.Department
        $employeeType = $user.EmployeeType
        $mfaState = $user.StrongAuthenticationMethods.State
        $mfaDefaultMethod = $user.StrongAuthenticationMethods.DefaultMethodType
        $mfaPhoneNumber = $user.MobilePhone
        $primarySMTP = $user.Mail
        $aliases = $user.ProxyAddresses -join ','
        $whenCreated = $user.WhenCreated
        $creationType = $user.CreationType
        $accountEnabled = $user.AccountEnabled
        $manager = ($user.Manager -split ',')[0]
        $companyName = $user.CompanyName
        $identities = $user.Identities
        $licenseType = $user.Licenses.LicenseProperties -join ','
        $userInfo += [PSCustomObject]@{
            UserPrincipalName = $userPrincipalName
            DisplayName = $displayName
            UserType = $userType
            Department = $department
            EmployeeType = $employeeType
            MFAState = $mfaState
            MFADefaultMethod = $mfaDefaultMethod
            MFAPhoneNumber = $mfaPhoneNumber
            PrimarySMTP = $primarySMTP
            Aliases = $aliases
            WhenCreated = $whenCreated
            CreationType = $creationType
            AccountEnabled = $accountEnabled
            Manager = $manager
            CompanyName = $companyName
            Identities = $identities
            LicenseType = $licenseType
        }
    }
    # Output the user information
    $userInfo | Export-Csv -Path "C:\Users\User\Documents\UserInfo.csv" -NoTypeInformation
    # Disconnect from Azure AD
    Disconnect-AzureAD
    
    
    

    ** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful **


  2. Navya 9,640 Reputation points Microsoft Vendor
    2024-02-19T14:37:01.8066667+00:00

    Hi @GuestGuivenchi ,

    Thank you for posting this in Microsoft Q&A.

    I understand you want to get all users from Azure Active directory with UserPrincipalName, DisplayName, UserType,Department, EmployeeType,MFAState,MFADefaultMethod,MFAPhoneNumber, PrimarySMTP,Aliases, WhenCreated, CreationType ,Employee type,Accountstatus, Manager, CompanyName, Identities, Type license.

    My research suggests that it is not possible to obtain all the data in a single Module.

    Below is the sample PowerShell code to get data.

    Connect-MsolService
    connect-AzureAD
    $Users = Get-MsolUser -All 
    $Report = [System.Collections.Generic.List[Object]]::new() # Create output file
    Write-Host "Processing" $Users.Count "accounts..." 
    ForEach ($User in $Users) {
        $MFADefaultMethod = ($User.StrongAuthenticationMethods | Where-Object { $_.IsDefault -eq "True" }).MethodType
        $MFAPhoneNumber = $User.StrongAuthenticationUserDetails.PhoneNumber
        $PrimarySMTP = $User.ProxyAddresses | Where-Object { $_ -clike "SMTP*" } | ForEach-Object { $_ -replace "SMTP:", "" }
        $Aliases = $User.ProxyAddresses | Where-Object { $_ -clike "smtp*" } | ForEach-Object { $_ -replace "smtp:", "" }
        If ($User.StrongAuthenticationRequirements) {
            $MFAState = $User.StrongAuthenticationRequirements.State
        }
        Else {
            $MFAState = 'Disabled'
        }
        If ($MFADefaultMethod) {
            Switch ($MFADefaultMethod) {
                "OneWaySMS" { $MFADefaultMethod = "Text code authentication phone" }
                "TwoWayVoiceMobile" { $MFADefaultMethod = "Call authentication phone" }
                "TwoWayVoiceOffice" { $MFADefaultMethod = "Call office phone" }
                "PhoneAppOTP" { $MFADefaultMethod = "Authenticator app or hardware token" }
                "PhoneAppNotification" { $MFADefaultMethod = "Microsoft authenticator app" }
            }
        }
        Else {
            $MFADefaultMethod = "Not enabled"
        }
       
       $DisabledUsers = Get-MgUser -All -Filter "accountEnabled eq false" 
        $ReportLine = [PSCustomObject] @{
            UserPrincipalName = $User.UserPrincipalName
            DisplayName       = $User.DisplayName
            FirstName           = $User.FirstName
            LastName          = $User.LastName
            UserType          = $User.UserType
            Department        = $User.Department
            MFAState          = $MFAState
            MFADefaultMethod  = $MFADefaultMethod
            MFAPhoneNumber    = $MFAPhoneNumber
            PrimarySMTP       = ($PrimarySMTP -join ',')
            Aliases           = ($Aliases -join ',')
            AccountStatus     = if ($DisabledUsers -contains $User.UserPrincipalName) { "Disabled" } else { "Enabled" }
            Manager           = (Get-MgUser -UserId $User.UserPrincipalName -ExpandProperty Manager | Select-Object @{Name = 'Manager'; Expression = { $_.Manager.AdditionalProperties.mail } }).Manager
            CompanyName       = (Get-MgUser -UserId $User.UserPrincipalName -Property CompanyName).CompanyName
            License           = $user.IsLicensed
            Licensedetails     = $User.Licenses
                   
        }
                     
        $Report.Add($ReportLine)
    }
    Write-Host "Report is in c:\temp\MFAUsers.csv"
    $Report | Select-Object UserPrincipalName, DisplayName, FirstName, LastName, UserType, Department, MFAState, MFADefaultMethod, MFAPhoneNumber, PrimarySMTP, Aliases, AccountStatus, Manager, CompanyName,License,  Licensedetails | Sort-Object UserPrincipalName | Out-GridView
    $Report | Sort-Object UserPrincipalName | Export-CSV -Encoding UTF8 -NoTypeInformation "c:\temp\MFAUsers.csv"
    
    
    

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    Please remember to "Accept Answer" if answer helped you. This will help us as well as others in the community who might be researching similar questions.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.