Need some help - how does this work?

Need some help understanding the syntax here. This code works and outputs the info to the screen. I really need the info in ps variables, not on the screen.

$UPN =
Get-AzureADUser -ObjectId $UPN | Select-Object UserprincipalName,@{
    N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}
  1. The first pipe does what? I think it passes all the data to the Select-Object. How do I assign certain parts of this to individual variables?

  2. The @{ does what?

  3. The {$_ does what?

  4. Can someone explain the above syntax and how it works.

Basically, I want to be able to get the value of PasswordNeverExpires or DisablePasswordExpiration, not sure which is which.

Appreciate your help!


Hello Paul,

Here’s how the command works

Get-AzureADUser command will try to fetch the Account in Azure AD with the provided UPN viz

since this command has many member properties, we can use select-object (alternatively Select) to select specific properties of it.

By default, there is no property directly from the command we used, so we want to perform some operation and get the data that is required, so we use the format @{Name = ‘Name’; Expression = {’’}}


  1. To query the user account’s password type, i.e. expires or never expires, we need to check the property PasswordPolicies.

  2. If this contains DisablePasswordExpiration, then PasswordNeverExpires will be ‘TRUE’ which means the account is set to expire

In Detail:

To check this, you can type:

Get-AzureADUser -ObjectId $UPN | Select-Object UserprincipalName, PasswordPolicies

Since PasswordPolicies is property of the command, and we have already piped it out, we can just select the property again by $_.propertyname

where, $_ has the current item in the pipeline

An example:

command|Select PropertyName1, @{

is same as

Command|select PropertyName1,PropertyName2

Note that @{N =‘n’; E={e}} (common syntax) is used while select-object is being used.

If the property PasswordPolicies contains DisablePasswordExpiration, then PasswordNeverExpires will be ‘TRUE’ which means the account is set to expire

so we have the expression as below:

$_.PasswordPolicies -contains "DisablePasswordExpiration"

which we use it in command as

Select-Object UserprincipalName,@{
    N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}

Hope this solves your query…

1 Like

This is so incredibly helpful! Wow! Lots to digest…

How would I assign the value to a variable?

Would it be this:

$value = $_.PasswordPolicies -contains "DisablePasswordExpiration"

You can simply pipe the select-object to a variable like this:
$UPN =
Get-AzureADUser -ObjectId $UPN | Select-Object UserprincipalName,@{
N=“PasswordNeverExpires”;E={$_.PasswordPolicies -contains “DisablePasswordExpiration”}
} | $value
@Rahul20 Please correct me if i am wrong