question

GlennMaxwell-2309 avatar image
0 Votes"
GlennMaxwell-2309 asked RichardMueller-8175 answered

Export users using AD attributes

Hi experts
I am using exchange hybrid environment, users are first created on exchange onprem and then migrated to cloud. i have a requirement to export users to csv file with the below requirement.

In active directory in ADSIEdit, i have the below attributes for every user.
Department Number: 100
Department: IT
extension attribute10: |manager1|manager2|manager3||

i have requirement to export all the users to csv file whose title or PersonalTitle in ADSIedit is "System Admin",or "System Engineer" or "System Analyst" for the department IT or for the Department Number: 100 and which has manager3 in extension attribute10. Is it possible to export this information, if so please help me with the syntax.

azure-ad-user-provisioningazure-ad-access-reviews
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

markushanisch avatar image
0 Votes"
markushanisch answered

@GlennMaxwell-2309
If you want to do this with Azure AD cmdlets, you first of all need to make sure that all the user properties are accessible from Azure AD, in particular the extension attribute, you want to export.
Have a look here for instance: using-ad-extensionattributes-in-azure-ad

Why? Because AD extension attributes aren't synced by AD Connect by default - only if you specified this previously already.
Afterwards, you can access the AD User Extension attributes by means of Get-AzureADUserExtension cmdlet.

Just consider, if you want to make these extension attributes accessible by means of Azure AD in advance, e.g. you might do not want to make "employeeID" or "employeeNumber" accessible as you may store sensitive data.

Using the Acitve Directory PowerShell module, you should find lots of resource by a simple Google search request, e.g.:
import-module activedirectory
Get-ADUser -Filter {department -eq "IT"} | Select sAMAccountName, givenName, sn | Export-Csv -Path c:\Scripts\Users.csv
(Source: powershell-get-aduser-filtering-department.html)

Last but not least, depending on the amount of user in your AD, it is maybe even easier if you simply get all user's desired attributes to a csv first and filter the csv output by means of Microsoft Excel / Power Query (Get & Transform).
get-aduser -properties * | select displayname, department, departmentnumber, title | export-csv c:\path\to\your.csv
(Source: user-get-aduser-to-list-all-properties-and-export-to-csv)

PS: Make sure to use an elevated PowerShell session.
PPS: This is just a rough guideline. Code is untested.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FrankHuMSFT-3200 avatar image
0 Votes"
FrankHuMSFT-3200 answered

Hey GlennMaxwell-2309,


Assuming you're referring to the users in Azure AD, you can do this using either the microsoft graph api or powershell. I'll describe using the powershell module.

First install the PS module following these instructions : https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-adv2?view=azureadps-2.0

Then using the get-azureaduser command you can filter based on your requirements. See here for more information on that : https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureaduser?view=azureadps-2.0

The OData spec is described here, but your requirements should keep the filter query pretty simple i.e. -Filter "title eq 'System Admin'": https://www.odata.org/documentation/odata-version-3-0/odata-version-3-0-core-protocol/#queryingcollections


Please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RichardMueller-8175 avatar image
0 Votes"
RichardMueller-8175 answered

To ensure you get the properties you want from Get-ADUser, specify them with the -Properties parameter. Some, like DisplayName, Department, departmentNumber, and Title are not default properties. They will not be retrieved for all users unless the first user retrieved has values assigned for the properties. I know it means listing them twice, but I would use PowerShell similar to below to retrieve properties for all users in AD:

Get-ADUser -Filter * -Properties DisplayName, Department, departmentNumber, Title | Select DisplayName, Department, departmentNumber, Title | Export-Csv c:\path\your.csv

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.