Edit

Share via

Get-EntraUser

  • Reference
Module:
Microsoft.Graph.Entra

Gets a user.

Syntax

Get-EntraUser
   [-Filter <String>]
   [-All]
   [-Top <Int32>]
   [-Property <String[]>]
   [<CommonParameters>]
Get-EntraUser
   [-SearchString <String>]
   [-All]
   [-Property <String[]>]
   [<CommonParameters>]
Get-EntraUser
   -ObjectId <String>
   [-All]
   [-Property <String[]>]
   [<CommonParameters>]

Description

The Get-EntraUser cmdlet gets a user from Microsoft Entra ID.

Examples

Example 1: Get top three users

Connect-Entra -Scopes 'User.Read.All'
Get-EntraUser -Top 3

DisplayName      Id                                   Mail                  UserPrincipalName
-----------      --                                   ----                  -----------------
Angel Brown      cccccccc-2222-3333-4444-dddddddddddd AngelB@contoso.com    AngelB@contoso.com
Avery Smith      dddddddd-3333-4444-5555-eeeeeeeeeeee AveryS@contoso.com    AveryS@contoso.com
Sawyer Miller    eeeeeeee-4444-5555-6666-ffffffffffff SawyerM@contoso.com   SawyerM@contoso.com

This example demonstrates how to get top three users from Microsoft Entra ID.

Example 2: Get a user by ID

Connect-Entra -Scopes 'User.Read.All'
Get-EntraUser -ObjectId 'SawyerM@contoso.com'

DisplayName Id                                   Mail                                 UserPrincipalName
----------- --                                   ----                                 -----------------
Sawyer Miller bbbbbbbb-1111-2222-3333-cccccccccccc sawyerm@tenant.com sawyerm@tenant.com

This command gets the specified user.

  • -ObjectId Specifies the ID as a user principal name (UPN) or ObjectId.

Example 3: Search among retrieved users

Connect-Entra -Scopes 'User.Read.All'
Get-EntraUser -SearchString 'New'

DisplayName        Id                                   Mail UserPrincipalName
-----------        --                                   ---- -----------------
New User88         bbbbbbbb-1111-2222-3333-cccccccccccc      demo99@tenant.com
New User           cccccccc-2222-3333-4444-dddddddddddd      NewUser@tenant.com

This cmdlet gets all users that match the value of SearchString against the first characters in DisplayName or UserPrincipalName.

Example 4: Get a user by userPrincipalName

Connect-Entra -Scopes 'User.Read.All'
Get-EntraUser -Filter "userPrincipalName eq 'SawyerM@contoso.com'"

DisplayName Id                                   Mail UserPrincipalName
----------- --                                   ---- -----------------
Sawyer Miller    cccccccc-2222-3333-4444-dddddddddddd      SawyerM@contoso.com

This command gets the specified user.

Example 5: Get a user by MailNickname

Connect-Entra -Scopes 'User.Read.All'
Get-EntraUser -Filter "startswith(MailNickname,'Ada')"

DisplayName     Id                                   Mail                                UserPrincipalName
-----------     --                                   ----                                -----------------
Mark Adams bbbbbbbb-1111-2222-3333-cccccccccccc Adams@contoso.com Adams@contoso.com

In this example, we retrieve all users whose MailNickname starts with Ada.

Example 6: Get SignInActivity of a User

Connect-Entra -Scopes 'User.Read.All','AuditLog.Read.All'
Get-EntraUser -ObjectId 'SawyerM@contoso.com' -Property 'SignInActivity' | Select-Object -ExpandProperty 'SignInActivity'

lastNonInteractiveSignInRequestId : bbbbbbbb-1111-2222-3333-aaaaaaaaaaaa
lastSignInRequestId               : cccccccc-2222-3333-4444-dddddddddddd
lastSuccessfulSignInDateTime      : 9/9/2024 1:12:13 PM
lastNonInteractiveSignInDateTime  : 9/9/2024 1:12:13 PM
lastSuccessfulSignInRequestId     : bbbbbbbb-1111-2222-3333-aaaaaaaaaaaa
lastSignInDateTime                : 9/7/2024 9:15:41 AM

This example demonstrates how to retrieve the SignInActivity of a specific user by selecting a property.

Example 7: List users with disabled accounts

Connect-Entra -Scopes 'User.Read.All'
Get-EntraUser -Filter "accountEnabled eq false" | Select-Object DisplayName, Id, Mail, UserPrincipalName

DisplayName        Id                                   Mail UserPrincipalName
-----------        --                                   ---- -----------------
New User           cccccccc-2222-3333-4444-dddddddddddd      NewUser@tenant.com

This example demonstrates how to retrieve all users with disabled accounts.

Parameters

-All

List all pages.

Type:System.Management.Automation.SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Filter

Specifies an OData v4.0 filter statement. This parameter controls which objects are returned. Details on querying with OData can be found here.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ObjectId

Specifies the ID (as a User Principal Name (UPN) or ObjectId) of a user in Microsoft Entra ID.

Type:System.String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Property

Specifies properties to be returned.

Type:System.String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SearchString

Specifies a search string.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Top

Specifies the maximum number of records to return.

Type:System.Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False