Use PowerShell for view Office 365 objects | Part 2#3 5/5 (1) 44 min read

In the current article, we review the various examples of the way that we use PowerShell, for creating a “Filtered search” in an Office 365 based environment.

Use PowerShell for view Office 365 and Exchange Online objects | Article Table of content

The examples that will be covered in the current article, relate to “Filtered search queries” that we need to perform for getting information about “specific Office 365 users” that have a specific property or a specific date \ time value.

I use the term – “Office 365 based environment” for, relating to the Office 365 parts, which store and manage Office 365 users account.

In Office 365 based environment, the Active Directory that stores the Office 365 users, groups and so on is the Azure Active Directory.

The main “PowerShell object” that we refer to in the Azure Active Directory is the “user object,” and the PowerShell cmdlets that we use for getting information and manage Office 365 users is
Get-MsolUser

The “main tool” that we use for the task of – performing “filtered search query,” is the PowerShell cmdlets (statement) named – Where-Object.

Note – if you need more information on the way that we use the – Where-Object. PowerShell command, read the first article in the current article series.
Note – In the current article series, we use the shorter form – Where (instead of Where-Object). Another option that we can use for defining the “Where statement” is by using the question mark characters, ‘?‘ instead of ‘Where‘ or ‘Where-Object‘.

Brief introduction to the PowerShell command Get-MsolUser

View all Office 365 user accounts versus a default limited number

In Office 365 based environment (Azure Active Directory) the main PowerShell command that we use for getting information about Office 365 users is Get-MsolUser

When we use the Get-MsolUser command without any additional parameters, the Get-MsolUser command will display up to the default value of 500 results.

In case that your office 365 tenant include a larger number of users, and you want that the PowerShell command is Get-MsolUser will “fetch” information about all the existing Office 365 users, we need to add the PowerShell parameter: “All

For example:

Display a list of all the Office 365 users | un limited.

How to know which filter parameter I can use when I address Office 365 user object?

In the following article, we review different examples in which we create a Filtered search, looking for a specific property of Office 365 user account.

In case that we want to get a list of all the available properties of a specific PowerShell object such as “Office 365 user account,” we can
use the PowerShell cmdlets – Get-Member

For example, to get a list of the properties (members) of the PowerShell command –
Get-MSolUser that we can “query”, we can use the PowerShell command Get-Member.

An example of the PowerShell syntax that we use is:

PowerShell console output example

Office 365 users and license information

In this section, we review how to perform “Filtered search” by using the PowerShell statement “Where,” looking for information about the license status of Office 365 users.

Display Office 365 users who have a license

PowerShell command syntax

PowerShell console output example

Display Office 365 users who don’t have license

You can use one of the following PowerShell command options:

PowerShell command syntax

or
PowerShell command syntax

PowerShell console output example

Display Office 365 users who define as a user with License Reconciliation Needed

The term “License Reconciliation,” is a term that is not so clear.
A brief explanation – the term “License Reconciliation” is related to a scenario in which an Office 365 users, have an Exchange Online mailbox but the Office 365 user account doesn’t have a valid Office 365 licenses.

This type of scenario can be realized in an environment such as Exchange Hybrid when Exchange on-Premises mailboxes are migrated to the “cloud” (Exchange Online).

When we migrate Exchange on-Premises mailbox, the required Office 365 license is not assigned automatically.

The Office 365 user could access his “Exchange Online mailbox,” although he doesn’t have an Office 365 license, for a grace period of 30 days.

In this scenario, the Office 365 license status defended as “License Reconciliation.”

In other words, we need to assign on Office 365 license to each Office 365 user whom his license status configured as “License Reconciliation.”

Display Office 365 users who define as a user with License Reconciliation Needed

The PowerShell command that we use for getting information about such users is:

PowerShell command syntax

PowerShell console output example

Office 365 users | Disabled and enabled user account + Blocked user accounts

Display Office 365 users which considered as – Enabled users

But default, Office 365 user accounts is enabled.
In case that we want to display a list of enabling Office 365 users, we can use a predefined filter named – “EnabledOnly

PowerShell command syntax

PowerShell console output example

Display Office 365 users which considered as – Disabled users

The option of blocking Office 365 user via the Office 365 admin center web interface described as “Sign-in blocked.”

When using PowerShell for displaying a list of “blocked users,” the parameter that we use named – “DisabledOnly.”

PowerShell command syntax

Another variation of the PowerShell command that display blocked Office 365 users is:

PowerShell command syntax

PowerShell console output example

Display all Office 365 users with a specific role

In case that you want to get a list of the Office 365 user account which have the Global Administrator role, you can use the following PowerShell command:

PowerShell console output example

Office 365 users who were created at a specific time

Office 365 (Azure Active Directory) doesn’t provide information about the specific time in which the Office 365 login to the Office 365 portal.

The only “date \time information” that we can “fetch” about Office 365 users, is the information about the time which the Office 365 user account was created.

In the following section, I would like to demonstrate various types of “date\ time” PowerShell queries, that we can use for “fetching” information about Office 365 users that
WasCreated in a specific time or in a specific time range.

Before we start with the information about the specific PowerShell command syntax, let’s spend a few moments on the concept of – using PowerShell for a query “event” that occurs in a specific time range.

Using PowerShell for filter ?Time orientated events

To create the PowerShell “time-based query,” we will need to define the following parameters:

1. The object
The specific object that we ask to obtain information about him. The object can be “User account,” “Exchange mailbox” and so on.

2. The specific property of the object
For example, in Office 365 environment, we can ask to get information about a specific time, in which the Office 365 user account was created.

In Office 365 the property that we “address” is – WhenCreated

3. The Time unit
PowerShell offers us a variety of “Time units” that we can use such as – Millisecond, Second, Minutes, Hour, Day, year and so on.

4. PowerShell operator
This is the specific PowerShell operator whom we use.

There are many types of PowerShell operators such as -lt(Less than), -le (Less than or equal to),
-gt (Greater than), -ge (Greater than or equal to), -eq (Equal to), -ne (Not equal to).

In our examples, I will demonstrate a different type of scenario using the following PowerShell operators:

  • ge (Greater than or equal to).
  • le (Less than or equal to).

PowerShell query - Looking for information about an event which occur is a specific Point in time -01

Using the PowerShell operator with “Time ranges”

In our example, I will demonstrate various scenarios, using the following two PowerShell operators:

1. ge (Greater than or equal to).

Using the “ge” operator will help us to get information about an “event” that “happened” from a specific point in time and onwards.

2. le (Less than or equal to).

Using the “le” operator will help us to get information about an “event” that happened before a specific point in time.

PowerShell query - Looking for information about an event which occur is a specific Point in time -02

To be able to embody this concept, let’s use the following example:

The “starting point” is the PowerShell command – Get-Date, that “fetch” the current date (day, month, year and so on).

In our specific example, we want to define a “time range” of two months before the current date.

To define this time range, we use the following PowerShell command:

(Get-Date).AddMonths(-2)

We take the current date, and subtract from the current date “2 months.”

In our example, the “current time” is month 8 (August), and the day is “15.”

The result from the PowerShell command – (Get-Date).AddMonths(-2), will realize as a time range, which spans on the following mounts – mount 6 and mount 7 until the current month (mount 8).

If we want to be more accurate, the command will define a time range, which begins on 06/01 and
end on 08/15.

How to define a Time slider -01

1. Using the ge (Greater than or equal to) operator + time range.

When we use the PowerShell ““ge” operator, with the combination of the command –
(Get-Date).AddMonths(-2), we ask from PowerShell, to show us information about an event, that happened in the following time range: 06/01 until 08/15.

The “time range points” defined in the following way:

The “starting point” of the Time range is calculated by taking the current date and subtract two months from the current date.
In our example, the starting point is the first day of the month “6.”

The “End” of the time range is the “current date.”
In our example, the current date is day 15 of the month “8.”

Note – the value of the “current date” is just an arbitrary value that we use for the demonstration.

How to define a Time slider - Using the GE PowerShell operator -02

2. Using the le (Less than or equal to) operator + time range.

When we use the PowerShell “le” operator, with the combination of the command –
(Get-Date).AddMonths(-2), we ask from PowerShell, to show us information about an “event,” that happened before the following time range: 06/01.

How to define a Time slider - Using the LE PowerShell operator -03

In the following example, we would like to get information about Office 365 user accounts, that were created in a specific time range.

  1. The PowerShell “object” is a “user account.”
    (Represented by the PowerShell cmdlets – Get-MsolUser).
  2. The specific user account property which we “query” is – “WhenCreated.”
  3. The “time unit” that we use is – “Months.”

To be able to get a list of Office 365 user accounts that answer our specific query, we use the PowerShell cmdlets (statement) named – “Where,” for defining the condition, and filter the required information.

Looking for information about ?Office 365 user account that was created in a specific point of time -01

Scenario 1 – Information about Office 365 user accounts, that were created in the last two months.

In this scenario, we ask to get information about Office 365 users accounts, that were created in the last two months.
To define the “time range” that starts two months ago, and last until the current date, we use the PowerShell operator ge (Greater than or equal to).

Scenario 1 - Show me all the Office 365 user accounts that was created in the last two months -02

Scenario 2 – Information about Office 365 user accounts, that were created Before last two months.

In this scenario, we ask to get information about Office 365 users accounts, that were created before the last two months.
To define the “time range” that starts two months ago, from the current date, and last “forever,” we use the PowerShell operator – le (Less than or equal to).

Scenario 2 - Show me all the Office 365 user accounts, that was created Before last two months -03

Additional reading

In case that you want to read more information about the subject of “date” and PowerShell, you can use the following articles:

Filter information about – “user account object” based on a specific time range

In the following section, I provide various examples, of PowerShell command syntax, that will help us to filter information about – “user account object” based on a specific time range.

  • In the first part, we will look for information about Office 365 user accounts, that were created from a given date in the past to the present date.
  • In the second part, we will look for information about Office 365 user accounts, that were created before a specific Date range.

Display a list of Office 365 user + information about creation time | Sort the information by creation date

PowerShell command syntax

PowerShell console output example

Scenario 1#2 – Getting information about Office 365 user accounts, that were created in the last X time range.

In our example, we need to “fetch” information about Office 365 user accounts that were created “lately.”

The term “lately,” can be translated to – Minutes, Hours, Weeks, Mounts or years.

The PowerShell “condition” that we define, based on the PowerShell operator -ge (Greater than or equal to).

Display Office 365 user accounts, that were created after a specific date.

In the following example, we want to get information about Office 365 user accounts, that were created on the date – 11/10/2016 or, after this date.

PowerShell command syntax

PowerShell console output example

Display a list of Office 365 user accounts, that were created in the last X minutes.

In the following example, we want to get information about Office 365 user accounts, that were created in the last 160 minutes.

To define a range measured in minutes, we use the PowerShell parameter – Addminutes.

PowerShell command syntax

PowerShell console output example

Display a list of Office 365 user accounts, that were created in the last X Hours.

In the following example, we want to get information about Office 365 user accounts, that were created in the last 40 hours.

To define a range measured in hours, we use the PowerShell parameter – AddHours.

PowerShell command syntax

PowerShell console output example

Display a list of Office 365 user accounts, that were created in the last X days.

In the following example, we want to get information about Office 365 user accounts, that were created in the last 40 days.

To define a range measured in days, we use the PowerShell parameter – Adddays.

PowerShell command syntax

PowerShell console output example

Display a list of Office 365 user accounts, that was created in the last X Months.

In the following example, we want to get information about Office 365 user accounts, that were created in the last 2 mounts.

To define a range measured in months, we use the PowerShell parameter – AddMonths.

PowerShell command syntax

Display a list of Office 365 user accounts, that were created in a specific month

In the following example, we want to get information about Office 365 user accounts, that were created in a specific month. The mount that we use is – mount August (8).

PowerShell command syntax

PowerShell console output example

Display a list of Office 365 user accounts, that were created in the last X years.

In the following example, we want to get information about Office 365 user accounts, that were created in the last 2 years.

To define a range measured in years, we use the PowerShell parameter – AddYears.

PowerShell command syntax

PowerShell console output example

Display a list of Office 365 user accounts, that were created in a specific year.

In the following example, we want to get information about Office 365 user accounts, that were created during the year 2016.

PowerShell command syntax

PowerShell console output example

Scenario 2#2 – Getting information about Office 365 user accounts, that were created before a specific time range.

In the current scenario, we need to get information about Office 365 user accounts, that were created Before a specific time range (versus the former scenario in which we look for the user accounts, that was created over the specified time range).

The time ranges that we define is – two months from the current date.
The information that we want to get is – information about Office 365 user accounts, that were created before this time range.

For example, in case that the current date is 12/15/2016, the results will be – all the Office 365 user accounts that were created before the date – 10/01/2016.

To be able to fulfil this requirement, we use the PowerShell operator – le (Less than or equal to).

Display a list of Office 365 user accounts, that was created before X Days ago.

In the following example, we want to get information about Office 365 user accounts, that was where created prior to the time range of “40 days” or more.

PowerShell command syntax

PowerShell console output example

Display a list of Office 365 user accounts, that were created before X Months ago.

In the following example, we want to get information about Office 365 user accounts, that were created prior to the time range of “2 months” or more.

PowerShell command syntax

PowerShell console output example

Display Office 365 users who there UPN name includes specific domain name.

The mission – display a list of Office 365 user accounts that their UPN (user principal name) suffix includes specific domain name.

In the following example, we look for Office 365 users who there UPN name suffix includes specific domain name – o365info.com

Display Office 365 users who there UPN name includes specific domain name.

PowerShell command syntax

PowerShell console output example

Display Soft Deleted Office 365 users

In the Azure Active Directory environment, when we deleted Office 365 user account, the user account is not permanently deleted, but instead, “sent” to the Azure Active Directory recycle bin.

The deleted object we kept in the Azure Active Directory for a period of 30 days.

In this scenario, we ask to filter the search results, by specifying that we want to get information only about Office 365 accounts that were deleted.

The technical term for describing a deleted user account is – Soft Deleted.

Display all the Soft Deleted Office 365 users

PowerShell command syntax

PowerShell console output example

Display Office 365 users with a specific usage location value

Display all the Office 365 users who don’t have Usage Location.

PowerShell command syntax

PowerShell console output example

Display all the Office 365 users who have Usage Location Specific Usage location.

In the following example, we wish to get a list of Office 365 users that their usage location is – GB (Grate Britten).

PowerShell command syntax

PowerShell console output example

Note – If you need information about the available “Country Codes,” read the following article-
Country CodesNote – you can read more information about the Usage Location property in the following articles:

Display Office 365 users with a specific password setting

In this section, we review how to perform a PowerShell query that looks for a specific “status” of Office 365 user password.

Display all the Office 365 users, which their password is set to never expire.

PowerShell command syntax

PowerShell console output example

Display Office 365 users, which their password is set to expire.

PowerShell command syntax

span class=”powershelltxt”>PowerShell console output example

Display Office 365 users, which their password was changed in the last X Months.

In the former section, we review various options that we can use for – performing a filtered search, looking for information about the “creation time” of specific Office 365 user accounts.

The same PowerShell syntax, can be used for getting information about the “last time” that Office 365 changes his password.

The Office 365 user property that we query is – lastpasswordchangetimestamp

The filtered search that we create can “ask” two main questions:

Question 1 – information about Office 365 users who “change” their password in the last X days, week, etc.

The purpose of this “question” is, to get information about Office 365 users, which “perform” password changes in a specific time range.

The PowerShell operator whom we use for getting information about this type of “question”
is – ge (Greater than or equal to).

Question 2 – information about Office 365 users who didn’t “change” their password in the last X days, week, etc.

The purpose of this “question” is, to get information about Office 365 users, which their password is going to expire soon, etc.

The PowerShell operator whom we use for getting information about this type of “question”
is – le (Less than or equal to).

Example 1 – look for Office 365 users whom their password was updated in the last 2 mounts.

PowerShell command syntax

PowerShell console output example

Example 2 – look for Office 365 users, that their password was not updated in the last 2 mounts.

PowerShell command syntax

PowerShell console output example

Display Office 365 users with specific “user details”

In this section, I would like to review a scenario in which we want to perform a PowerShell query, looking for Office 365 user accounts that have a specific “user detail” such as – Department, City, Country and so on.

1#2 – Using the Get-MsolUser “filter” option.

The PowerShell command – Get-MsolUser includes “built-in filters,” that we can “add”
to the Get-MsolUser command.

In the following screenshot, we can see an example of the “built-in filters” that can
be “added” to the Get-MsolUser command.

Get-msoluser predefined filter for Office 365 user properties

The “built-in filters” that we can use with a combination Get-MsolUser command are:

  • -Country
  • -State
  • -City
  • -Department
  • -Title

The disadvantage of using the “built-in filters” is, that there is a limited amount of such filters, and in case that we want to query about another or additional Office 365 user account property, we cannot rely on these built-in filters.”

Attached some examples of the PowerShell syntax that we need to use, in case that we want to use the built-in filters” with a combination Get-MsolUser command.

Display list of Office 365 users whom their Country is equal to X.

In the following example, we wish to get a list of Office 365 users which their Country = USA.
PowerShell command syntax

PowerShell console output example

Display Office 365 users whom their State is equal to X.

In the following example, we wish to get a list of Office 365 users which their State = Arizona.

PowerShell command syntax

PowerShell console output example

Display Office 365 users whom their City is equal to X.

In the following example, we wish to get a list of Office 365 users which their City = New York.

PowerShell command syntax

PowerShell console output example

Display list of Office 365 users whom their Department is equal to X.

In the following example, we wish to get a list of Office 365 users which their Department= Marketing.

PowerShell command syntax

PowerShell console output example

Display Office 365 users whom their Title is equal to X.

In the following example, we wish to get a list of Office 365 users which their Title = VIP.

PowerShell command syntax

PowerShell console output example

2#2 – Using the PowerShell Where statement to filter search result

In the following section, I would like to review the “other option” that we can use, in case that we need to create a filtered search that “filter” Office 365 user accounts, with a specific “user detail.”

The search filter is implemented by using the PowerShell “Where” statement, that we already use in former sections in the current article.

The advantaged of the PowerShell “where” statement is, that we can use this option for creating a filter search that realities to “additional user account details,” that are not included when using the built-in filters” with a combination Get-MsolUser command.

Display list of Office 365 users whom their Country is equal to X.

In the following example, we wish to get a list of Office 365 users which their Country = USA.
PowerShell command syntax

PowerShell console output example

Display Office 365 users whom their State is equal to X.

In the following example, we wish to get a list of Office 365 users which their State = Arizona.

PowerShell command syntax

PowerShell console output example

Display Office 365 users whom their City is equal to X.

In the following example, we wish to get a list of Office 365 users which their City = New York.

PowerShell command syntax

PowerShell console output example

Display list of Office 365 users whom their Department is equal to X.

In the following example, we wish to get a list of Office 365 users which their Department= Marketing.

PowerShell command syntax

PowerShell console output example

Display Office 365 users whom their Title is equal to X.

In the following example, we wish to get a list of Office 365 users which their strong>Title = VIP.

PowerShell command syntax

PowerShell console output example

In the following section, I would like to review additional examples, in which we use the PowerShell “Where” statement for performing a query about Office 365 user account details.

Display Office 365 users whom their office phone number starts with X prefix.

In the following example, we wish to get a list of Office 365 users, which their office phone number starts with the following prefix +1

In this scenario, we use the PowerShell operator “like” because, we don’t look for a “perfect match.”

Instead, we want to get information about all the Office 365 users, that their office phone number starts with specific characters” that we look for (+1 in our scenario), but we don’t know what is the “reset” of the office phone number.
To define the search filter, we use the following syntax – “+1*”

PowerShell command syntax

PowerShell console output example

Display Office 365 user swhom their Department is equal to X + their office phone number start with X prefix.

In this example, we create a PowerShell query that “combine” two different characters.

Display a list of Office 365 users, which their Department = Marketing + that their office phone number starts with the following prefix +1.

PowerShell command syntax

PowerShell console output example

Office 365 user groups

Display a list of all Office 365 user groups

PowerShell command syntax

PowerShell console output example

Office 365 users with errors

The term “error,” can be used for describing many different types of “user error” in the Office 365 environment.

For example:

  • Provisioning error that is caused because of some failure to synchronize the Office 365 user details (information from the Azure Active Directory) to the Exchange Online infrastructure.
  • Office 365 license error.
  • Restore Office 365 user account failure.

Display list of Office 365 user accounts with errors

In case that we want to get a list of “Office 365 user account with error” we can use a “built-in” filter named HasErrorsOnly that can be used with the PowerShell cmdlets – Get-MsolUser

PowerShell command syntax

Display list of Office 365 user accounts with errors + details about the specific error

Additional types of PowerShell commands that we can use for getting a list of “Office 365 user account with error” + details about the specific error is:

Getting a list of Office 365 with validation error

An additional type of “Office 365 user account errors” in an Office 365 environment described as ValidationStatus errors.

To get information about Office 365 with such errors, we can use a PowerShell query, that looks for Office 365 which their ValidationStatus value is equal to the error.

Note – You can read more information about Office 365 user validation error in the following article – You see validation errors for users in the Office 365 portal or in the Azure Active Directory Module for Windows PowerShell

Office 365 user and Directory synchronization environment

In this section, we review how to use PowerShell command that will perform a filtered search for getting various types of information about Office 365 users who considered as “synchronized users.”

The term – “synchronized users,” is relevant to a scenario in which the organization uses Azure AD Connect for synchronizing On-Premise Active Directory user to the “cloud” (Azure Active Directory).

Office 365 Directory can include a “mixture” of “native Office 365 users account” + “synchronized user account”

Display list of Office 365 user accounts that consider as – Non-synchronized users.

In the following example, we wish to get a list of Office 365 user accounts that are not synchronized users (in cloud).

PowerShell command syntax

PowerShell console output example

Display list of Office 365 user accounts that consider as – synchronized users.

In the following example, we wish to get a list of Office 365 user accounts that are synchronized users (synchronized with Active Directory).

PowerShell command syntax

PowerShell console output example

Information about the synchronization time of “synchronized users”

In the current section, I would like to briefly review an example of PowerShell query, which we can use to find information about a “synchronization process” that was implemented in a specific time range.

Display a list of Office 365 synchronized users, which was synchronized in the last X hours.

PowerShell command syntax

PowerShell console output example

Display a list of Office 365 synchronized users, which was not synchronized in the last X hours.

PowerShell command syntax

PowerShell console output example

Directory synchronization and errors

In Directory synchronization environment, there is a reasonable chance that because of invalid user configuration setting, a Directory synchronization error will be created.

Display a list of Office 365 user accounts with Directory synchronization errors

Using the following PowerShell command, we can ask to get a list of Office 365 synchronized user accounts, which have “error” that is related to the Directory synchronization process.

PowerShell command syntax

Tip

Additional PowerShell command that we can use for “fetching” errors that relate to Directory synchronization environment is:

The next article in the current article series

Use PowerShell for view Exchange Online objects | Part 3#3

Use PowerShell for view Exchange Online and Office 365 objects | Article series index

Now it’s Your Turn!
It is important for us to know your opinion on this article

Print Friendly

Related Post

Please rate this

Eyal Doron on EmailEyal Doron on FacebookEyal Doron on GoogleEyal Doron on LinkedinEyal Doron on PinterestEyal Doron on RssEyal Doron on TwitterEyal Doron on WordpressEyal Doron on Youtube
Eyal Doron
Share your knowledge.
It’s a way to achieve immortality.
Dalai Lama

Leave a Reply

Your email address will not be published. Required fields are marked *