View Microsoft 365 user accounts with PowerShell - Microsoft 365 Enterprise (2023)

Table of Contents
In this article Use the Azure Active Directory PowerShell for Graph module View all accounts View a specific account View additional property values for a specific account View account synchronization status View accounts based on a common property Use the Microsoft Azure Active Directory Module for Windows PowerShell View all accounts View a specific account View accounts based on a common property View additional property values for accounts See also Videos
  • Article
  • 8 minutes to read

This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.

You can use the Microsoft 365 admin center to view the accounts for your Microsoft 365 tenant. PowerShell for Microsoft 365 enables this but also provides additional functionality.

Use the Azure Active Directory PowerShell for Graph module

First, connect to your Microsoft 365 tenant.

View all accounts

To display the full list of user accounts, run this command:

Get-AzureADUser

You should get information similar to this:

ObjectId DisplayName UserPrincipalName-------- ----------- -----------------032fc1fc-b5a2-46f1-8635-3d7dcb52c48d Adele Vance AdeleV@litwareinc.OnMicr...bd1e6af1-41e7-4f77-a2ac-5b209950135c Global Administrator admin@litwareinc.onmicro...ec37a4d6-232e-4eb7-82a5-1613490642a5 Alex Wilber AlexW@litwareinc.OnMicro...be4bdddd-c790-424c-9f96-a0cf609b7815 Allan Deyoung AllanD@litwareinc.OnMicr...598ab87b-76f0-4bf9-9538-bd46b10f4438 Christie Cline ChristieC@litwareinc.OnM...40722671-e520-4a5f-97d4-0bc9e9b2dc0f Debra Berger DebraB@litwareinc.OnMicr...

View a specific account

To display a specific user account, run the following command. Fill in the sign-in account name of the user account, which is also known as the user principal name (UPN). Remove the "<" and ">" characters.

Get-AzureADUser -ObjectID <sign-in name of the user account>

Here's an example:

Get-AzureADUser -ObjectID BelindaN@litwareinc.onmicosoft.com

View additional property values for a specific account

By default, the Get-AzureADUser cmdlet only displays the ObjectID, DisplayName, and UserPrincipalName properties of accounts.

To be more selective about the properties to display, use the Select cmdlet in combination with the Get-AzureADUser cmdlet. To combine the two cmdlets, use the "pipe" character ("|"), which tells Azure Active Directory PowerShell for Graph to take the results of one command and send it to the next command. Here's an example command that displays the DisplayName, Department, and UsageLocation for every user account:

Get-AzureADUser | Select DisplayName,Department,UsageLocation

This command instructs PowerShell to:

  1. Get all the information on the user accounts (Get-AzureADUser) and send it to the next command (|).

  2. Display only the user account name, department, and usage location (Select DisplayName, Department, UsageLocation).

    (Video) Office 365 & Microsoft 365 : Create user accounts with PowerShell..

To see all the properties for a specific user account, use the Select cmdlet and the wildcard character (*). Here's an example:

Get-AzureADUser -ObjectID BelindaN@litwareinc.onmicosoft.com | Select *

As another example, run the following command to check the enabled status of a specific user account:

Get-AzureADUser -ObjectID <sign-in name of the user account> | Select DisplayName,UserPrincipalName,AccountEnabled

View account synchronization status

User accounts have two sources:

You can use the following command to find accounts that are synchronizing from on-premise AD. It instructs PowerShell to get all users who have the attribute DirSyncEnabled set to True.

Get-AzureADUser | Where {$_.DirSyncEnabled -eq $true}

You can use the following command to find cloud-only accounts. It instructs PowerShell to get all users who have the attribute DirSyncEnabled set to False or not set (Null).An account that was never synced from on-premise AD has DirSyncEnabled set to Null. An account that was synced initially from on-premise AD but is no longer being synced has DirSyncEnabled set to False.

Get-AzureADUser | Where {$_.DirSyncEnabled -ne $true}

View accounts based on a common property

To be more selective about the list of accounts to display, you can use the Where cmdlet in combination with the Get-AzureADUser cmdlet. To combine the two cmdlets, use the "pipe" character ("|"), which tells Azure Active Directory PowerShell for Graph to take the results of one command and send it to the next command. Here's an example command that displays only those user accounts that have an unspecified usage location:

Get-AzureADUser | Where {$_.UsageLocation -eq $Null}

This command instructs Azure Active Directory PowerShell for Graph to:

  1. Get all the information on the user accounts (Get-AzureADUser) and send it to the next command (|).

  2. Find all the user accounts that have an unspecified usage location (Where {$_.UsageLocation -eq $Null}). Inside the braces, the command instructs PowerShell to only find the set of accounts for which the UsageLocation user account property ($_.UsageLocation) is not specified (-eq $Null).

The UsageLocation property is only one of many properties associated with a user account. To display all the properties for a specific user account, use the Select cmdlet and the wildcard character (*). Here's an example:

Get-AzureADUser -ObjectID BelindaN@litwareinc.onmicosoft.com | Select *

For example, City is the name of a user account property. You can use the following command to list all accounts of users who live in London:

Get-AzureADUser | Where {$_.City -eq "London"}

Tip

The syntax for the Where cmdlet in these examples is Where {$_. [user account property name] [comparison operator] [value] }.> [comparison operator] is -eq for equals, -ne for not equals, -lt for less than, -gt for greater than, and others. [value] is typically a string (a sequence of letters, numbers, and other characters), a numerical value, or $Null for unspecified. For more information, see Where.

(Video) Connect to Microsoft 365 using PowerShell

Use the Microsoft Azure Active Directory Module for Windows PowerShell

First, connect to your Microsoft 365 tenant.

View all accounts

To display the full list of user accounts, run this command:

Get-MsolUser

Note

PowerShell Core doesn't support the Microsoft Azure Active Directory Module for Windows PowerShell module and cmdlets with Msol in their name. Run these cmdlets from Windows PowerShell.

You should get information similar to this:

UserPrincipalName DisplayName isLicensed----------------- ----------- ----------BonnieK@litwareinc.onmicrosoft.com Bonnie Kearney TrueFabriceC@litwareinc.onmicrosoft.com Fabrice Canel TrueBrianJ@litwareinc.onmicrosoft.com Brian Johnson False AnneWlitwareinc.onmicrosoft.com Anne Wallace TrueScottW@litwareinc.onmicrosoft.com Scott Wallace False

The Get-MsolUser cmdlet also has a set of parameters to filter the set of user accounts displayed. For example, for the list of unlicensed users (users who have been added to Microsoft 365 but haven't yet been licensed to use any of the services), run this command:

Get-MsolUser -UnlicensedUsersOnly

You should get information similar to this:

UserPrincipalName DisplayName isLicensed----------------- ----------- ----------BrianJ@litwareinc.onmicrosoft.com Brian Johnson FalseScottW@litwareinc.onmicrosoft.com Scott Wallace False

For information about additional parameters to filter the set of user accounts that are displayed, see Get-MsolUser.

View a specific account

To display a specific user account, run the following command. Fill in the sign-in name of the user account, which is also known as the user principal name (UPN). Remove the "<" and ">" characters.

Get-MsolUser -UserPrincipalName <sign-in name of the user account>

View accounts based on a common property

To be more selective about the list of accounts to display, you can use the Where cmdlet in combination with the Get-MsolUser cmdlet. To combine the two cmdlets, use the "pipe" character ("|"), which tells PowerShell to take the results of one command and send it to the next command. Here's an example that displays only those user accounts that have an unspecified usage location:

Get-MsolUser | Where {$_.UsageLocation -eq $Null}

This command instructs PowerShell to:

(Video) Manage Microsoft 365 accounts with PowerShell | IT Support skills

  1. Get all the information on the user accounts (Get-MsolUser) and send it to the next command (|).

  2. Find all user accounts that have an unspecified usage location (Where {$_.UsageLocation -eq $Null}). Inside the braces, the command instructs PowerShell to find only the set of accounts for which the UsageLocation user account property ($_.UsageLocation) is not specified (-eq $Null).

You should get information similar to this:

UserPrincipalName DisplayName isLicensed----------------- ----------- ----------BrianJ@litwareinc.onmicrosoft.com Brian Johnson False ScottW@litwareinc.onmicrosoft.com Scott Wallace False

The UsageLocation property is only one of many properties associated with a user account. To see all of the properties for user accounts, use the Select cmdlet and the wildcard character (*) to display them all for a specific user account. Here's an example:

Get-MsolUser -UserPrincipalName BelindaN@litwareinc.onmicosoft.com | Select *

For example, City is the name of a user account property. You can use the following command to list all of the user accounts for users who live in London:

Get-MsolUser | Where {$_.City -eq "London"}

Tip

The syntax for the Where cmdlet in these examples is Where {$_. [user account property name] [comparison operator] [value] }. [comparison operator] is -eq for equals, -ne for not equals, -lt for less than, -gt for greater than, and others. [value] is typically a string (a sequence of letters, numbers, and other characters), a numerical value, or $Null for unspecified. For more information, see Where.

To check the blocked status of a user account, use the following command:

Get-MsolUser -UserPrincipalName <UPN of user account> | Select DisplayName,BlockCredential

View additional property values for accounts

By default, the Get-MsolUser cmdlet displays these three properties of user accounts:

  • UserPrincipalName

  • DisplayName

  • isLicensed

If you need additional properties, such as the department where the user works and the country/region where they use Microsoft 365 services, you can run Get-MsolUser in combination with the Select cmdlet to specify the list of user account properties. Here's an example:

(Video) Mastering Office 365 with PowerShell - Session 1 | Manage licenses, users, create users in bulk

Get-MsolUser | Select DisplayName, Department, UsageLocation

This command instructs PowerShell to:

  1. Get all the information about the user accounts (Get-MsolUser) and send it to the next command (|).

  2. Display only the user account name, department, and usage location (Select DisplayName, Department, UsageLocation).

You should get information similar to this:

DisplayName Department UsageLocation----------- ---------- -------------Bonnie Kearney Sales & Marketing USFabrice Canel Legal USBrian JohnsonAnne Wallace Executive Management USAlex Darrow Sales & Marketing USScott Wallace Operations

The Select cmdlet lets you choose what properties to display. To display all the properties for a specific user account, use the wildcard character (*). Here's an example:

Get-MsolUser -UserPrincipalName BelindaN@litwareinc.onmicosoft.com | Select *

To be more selective about the list of accounts to display, you can also use the Where cmdlet. Here's an example command that displays only those user accounts that have an unspecified usage location:

Get-MsolUser | Where {$_.UsageLocation -eq $Null} | Select DisplayName, Department, UsageLocation

This command instructs PowerShell to:

  1. Get all the information about the user accounts (Get-MsolUser) and send it to the next command (|).

  2. Find all user accounts that have an unspecified usage location (Where {$_.UsageLocation -eq $Null}), and send the resulting information to the next command (|). Inside the braces, the command instructs PowerShell to only find the set of accounts for which the UsageLocation user account property ($_.UsageLocation) is not specified (-eq $Null).

  3. Display only the user account name, department, and usage location (Select DisplayName, Department, UsageLocation).

You should get information similar to this:

DisplayName Department UsageLocation----------- ---------- -------------Brian Johnson Scott Wallace Operations

If you're using directory synchronization to create and manage your Microsoft 365 users, you can display the local account from which a Microsoft 365 user has been projected. The following example assumes that:

  • Azure AD Connect is configured to use the default source anchor of ObjectGUID. (For more information about configuring a source anchor, see Azure AD Connect: Design concepts).
  • The Active Directory Domain Services module for PowerShell has been installed (see RSAT tools).
Get-ADUser ([guid][System.Convert]::FromBase64String((Get-MsolUser -UserPrincipalName <UPN of user account>).ImmutableID)).guid

See also

Manage Microsoft 365 user accounts, licenses, and groups with PowerShell

Manage Microsoft 365 with PowerShell

(Video) How to Connect to Microsoft 365 with PowerShell

Get started with PowerShell for Microsoft 365

Videos

1. 2.Creating Microsoft 365 User Account with Powershell
(Thant Zin Phyo)
2. Install and Configure PowerShell for Office 365
(Shane Young)
3. How to get a list of Products & licensed Users in Office365 using PowerShell
(TechTrip)
4. POWERSHELL FOR MICROSOFT 365
(Fitit)
5. Setting up PowerShell for use with Microsoft 365
(Robert Crane)
6. How to Access User Activity Report in Microsoft 365
(TechSoupVideo)
Top Articles
Latest Posts
Article information

Author: Msgr. Refugio Daniel

Last Updated: 04/14/2023

Views: 5841

Rating: 4.3 / 5 (54 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Msgr. Refugio Daniel

Birthday: 1999-09-15

Address: 8416 Beatty Center, Derekfort, VA 72092-0500

Phone: +6838967160603

Job: Mining Executive

Hobby: Woodworking, Knitting, Fishing, Coffee roasting, Kayaking, Horseback riding, Kite flying

Introduction: My name is Msgr. Refugio Daniel, I am a fine, precious, encouraging, calm, glamorous, vivacious, friendly person who loves writing and wants to share my knowledge and understanding with you.