Hello,
I am trying to query our Azure AD for the presence of domains other than our own (i.e. External guest users).
Examining the UPN of such a User I see “username_otherDomainName.com#EXT#@ourdomain.com” listed
How can I use Azure AD PowerShell cmdlets to query and list all of them?
I’ve tried using Operators that work in local Powershell but they appear to not work in Azure AD PowerShell.
Get-AzureADUser -Filter "userPrincipalName -contains 'EXT'" -top 10
Any help is appreciated.
There may be a better way to do this but if you want to use a filter then you should use the -like operator. -contains is for checking if a value is in a collection.
Get-AzureADUser -Filter "userPrincipalName -like '*EXT*'" -top 10
$names = @('buffy','willow','giles','spike')
$names -contains 'willow'
$names -contains 'xander'
Edit: actually, checking the docs for this, I remember the Azure cmdlets don’t use the standard syntax. It uses oData filters and if I remember rightly from my testing, only a subset of those filters work. I think you might have to get all the users and filter afterwards with Where-Object. Still an Azure newbie I’m afraid so hopefully someone with more experience in AzureAD will correct me if I’m wrong.
The AzureAD module is very, very restricted compared to the AD modules.
You can use -SearchString as a “startswith” type of filter on DisplayName
# basically startswith(DisplayName,'value')"
Get-AzureADUser -SearchString value
For filtering against the userprincipalname, you basically have startswith, eq, and any. If you have the entire userprincipalname, then just use
Get-AzureADUser -Filter "UserPrincipalName eq '$($input.UserPrincipalName)'"
If you have the beginning, use startswith
Get-AzureADUser -Filter "startswith(UserPrincipalName,'value')"
Otherwise you are going to have to filter after the query with Where-Object. Another possible solution I found is
Get-AzureADDomainNameReference -Name somedomain.com | where {$_.ObjectType -eq "User"}
Here’s the weird way you can filter for enabled accounts
Get-AzureADUser -Filter "Accountenabled eq true"
It limits the results to 100 by default and this weird syntax is how you can fix that
Get-AzureADUser -Filter "Accountenabled eq true" -All $true
Thanks Doug I did read that earlier but don’t see a way (other than ‘startswith’) to get the string inside the UPN.
krzydoug_DougsDomain#EXT#@powershell.org
How would I find you and all other 3rd party users/domains in Azure with #EXT# as an unchanging string?
I would assume something like this
Get-AzureADUser -All $true | Where-Object UserPrincipalName -match '#EXT#'
That returned a whole heckuva lot more users than MS’ supplied query:
Get-AzureADUser -Filter "UserType eq 'Guest'"
Thank you Doug