When a Microsoft 365 user account is compromised, you must immediately block the user from…
Export Azure AD users with Microsoft Graph PowerShell
The old Azure AD module will soon be deprecated, so you need to use the MS Graph PowerShell module to get the user information. With the Get-MgUser cmdlet, you can get and export all Azure AD user details. In this article, you will learn how to export Azure AD users with Microsoft Graph PowerShell.
Table of contents
- Get-AzureADUser and Get-MSolUser deprecated
- Manage Azure AD users with Microsoft Graph PowerShell
- Connect to Microsoft Graph PowerShell
- Get single Azure AD user
- Get Azure AD users
- Get all Azure AD users information
- Get-MgUser top 500 Azure AD users
- Filter users by usage location
- Get-MgUser licensed users
- Get-MgUser by country
- Get-MgUser created last 14 days
- Get-MgUser created last year
- Get-MgUser specific department
- Get-MgUser using -Search
- Get-MgUser with -Search and -Filter parameters
- Bulk export Azure AD users to CSV
- Conclusion
Get-AzureADUser and Get-MSolUser deprecated
Microsoft announced the Azure AD, Azure AD Preview, and MS Online PowerShell modules will be deprecated on March 30, 2024. You need to replace the Get-AzureADUser and Get-MsolUser cmdlets with the Get-MgUser Microsoft Graph PowerShell cmdlet. To get Azure AD user details, we will use the Microsoft Graph PowerShell cmdlets.
Manage Azure AD users with Microsoft Graph PowerShell
We created specific articles to manage Azure AD users with Microsoft Graph PowerShell:
- Export Azure AD users with Microsoft Graph PowerShell (this article)
- Remove Azure AD user with Microsoft Graph PowerShell
- Restore Azure AD user with Microsoft Graph PowerShell
- Update Azure AD user with Microsoft Graph PowerShell
Connect to Microsoft Graph PowerShell
Before you start, you must install the Microsoft Graph PowerShell module, including the Microsoft Graph Beta module.
Run the below command to install the Microsoft Graph module.
Install-Module Microsoft.Graph -Force
Install-Module Microsoft.Graph.Beta -AllowClobber -ForceYou also need to connect to MS Graph with the below scopes.
Connect-MgGraph -Scopes "User.Read.All", "User.ReadWrite.All", "Directory.AccessAsUser.All", "Directory.ReadWrite.All"- Sign in with your admin credentials
- Enable consent on behalf of your organization
- Click Accept
Now you are set to use the Get-MgUser cmdlet with Microsoft Graph PowerShell.
Get single Azure AD user
To get information about a single user, we need to use the -UserId parameter. We will show you how to get basic information about a single user account and how to add parameters to get detailed information.
Note: When you use the -UserId parameter to get information about a single Azure AD user, you can type the ID number or the UserPrincipalName (UPN).
Get-MgUser single user information
In our example, we want information about the Azure AD user Amanda.Hansen@m365info.com.
Type the UserPrincipalName
Run the below PowerShell command example.
Get-MgUser -UserId "Amanda.Hansen@m365info.com"The PowerShell output results show the User Id, Mail, and UPN.
DisplayName Id Mail UserPrincipalName
----------- -- ---- -----------------
Amanda Hansen 41377e9c-dc47-46c0-b4a5-1d5bbdcb5cc5 Amanda.Hansen@m365info.com Amanda.Hansen@m365info.comType the ID number
You can also find information about a single Azure AD user using the ID number instead of the UPN.
Run the below PowerShell command example.
Get-MgUser -UserId "41377e9c-dc47-46c0-b4a5-1d5bbdcb5cc5"The PowerShell output shows the same results.
DisplayName Id Mail UserPrincipalName
----------- -- ---- -----------------
Amanda Hansen 41377e9c-dc47-46c0-b4a5-1d5bbdcb5cc5 Amanda.Hansen@m365info.com Amanda.Hansen@m365info.comGet-MgUser single user account details
To see more information about a specific Azure AD user, you can add the details.
Note: You can use the Get-MgBetaUser cmdlet to select the values without the -Property parameter, which is shown in the next step.
In our example, we want to see the information details of a single user, Amanda Hansen.
Get-MgBetaUser -UserId "Amanda.Hansen@m365info.com" | select DisplayName, BusinessPhones, JobTitle, DepartmentThe PowerShell output results.
DisplayName BusinessPhones JobTitle Department
----------- -------------- -------- ----------
Amanda Hansen {} Manager SalesGet properties for single Azure AD user
You can also get other information about a single Azure AD user, like the usage location. To get such information, you can also use the -Property parameter. We will show you how to use the -Property parameter in different options.
Get single property for an Azure AD user account
In our example, we want to know the usage location of a specific user account, Amanda Hansen.
Run the below PowerShell command.
Get-MgUser -UserId "Amanda.Hansen@m365info.com" -Property UsageLocation | select UsageLocationThe PowerShell output result shows the UsageLocation.
UsageLocation
-------------
GB Get multiple properties for an Azure AD user account
If you would like to see more properties of a single account, you need to specify them after the -Property parameter, and you should also type it after select.
Run the below PowerShell command.
Get-MgUser -UserId "Amanda.Hansen@m365info.com" -Property UsageLocation, Country | select UsageLocation, CountryThe PowerShell output shows the UsageLocation and Country.
UsageLocation Country
------------- -------
GB UK Get list of properties for a user account
To see the entire list of properties for a single user, you can specify which property you want to see in the output. Type all the properties you want to get after the -Property parameter.
Run the below PowerShell command example.
Get-MgUser -UserId "Amanda.Hansen@m365info.com" -Property AccountEnabled, EmployeeId, Postalcode, UsageLocation | flYou will get the below PowerShell output example.
AboutMe :
AccountEnabled : True
Activities :
AgeGroup :
AgreementAcceptances :
AppRoleAssignments :
AssignedLicenses :
AssignedPlans :
Authentication : Microsoft.Graph.PowerShell.Models.MicrosoftGraphAuthentication
AuthorizationInfo : Microsoft.Graph.PowerShell.Models.MicrosoftGraphAuthorizationInfo
Birthday :
BusinessPhones :
Calendar : Microsoft.Graph.PowerShell.Models.MicrosoftGraphCalendar
CalendarGroups :
CalendarView :
Calendars :
Chats :
City : London
CompanyName :
ConsentProvidedForMinor :
ContactFolders :
Contacts :
Country :
CreatedDateTime :
CreatedObjects :
CreationType :
DeletedDateTime :
Department :
DeviceEnrollmentLimit :
DeviceManagementTroubleshootingEvents :
DirectReports :
DisplayName :
Drive : Microsoft.Graph.PowerShell.Models.MicrosoftGraphDrive
Drives :
EmployeeExperience : Microsoft.Graph.PowerShell.Models.MicrosoftGraphEmployeeExperienceUser
EmployeeHireDate :
EmployeeId : 123
EmployeeLeaveDateTime :
EmployeeOrgData : Microsoft.Graph.PowerShell.Models.MicrosoftGraphEmployeeOrgData
EmployeeType :
Events :
Extensions :
ExternalUserState :
ExternalUserStateChangeDateTime :
FaxNumber :
FollowedSites :
GivenName :
HireDate :
Id :
Identities :
ImAddresses :
InferenceClassification : Microsoft.Graph.PowerShell.Models.MicrosoftGraphInferenceClassification
Insights : Microsoft.Graph.PowerShell.Models.MicrosoftGraphOfficeGraphInsights
Interests :
IsResourceAccount :
JobTitle :
JoinedTeams :
LastPasswordChangeDateTime :
LegalAgeGroupClassification :
LicenseAssignmentStates :
LicenseDetails :
Mail :
MailFolders :
MailNickname :
MailboxSettings : Microsoft.Graph.PowerShell.Models.MicrosoftGraphMailboxSettings
ManagedAppRegistrations :
ManagedDevices :
Manager : Microsoft.Graph.PowerShell.Models.MicrosoftGraphDirectoryObject
MemberOf :
Messages :
MobilePhone :
MySite :
Oauth2PermissionGrants :
OfficeLocation :
OnPremisesDistinguishedName :
OnPremisesDomainName :
OnPremisesExtensionAttributes : Microsoft.Graph.PowerShell.Models.MicrosoftGraphOnPremisesExtensionAttributes
OnPremisesImmutableId :
OnPremisesLastSyncDateTime :
OnPremisesProvisioningErrors :
OnPremisesSamAccountName :
OnPremisesSecurityIdentifier :
OnPremisesSyncEnabled :
OnPremisesUserPrincipalName :
Onenote : Microsoft.Graph.PowerShell.Models.MicrosoftGraphOnenote
OnlineMeetings :
OtherMails :
Outlook : Microsoft.Graph.PowerShell.Models.MicrosoftGraphOutlookUser
OwnedDevices :
OwnedObjects :
PasswordPolicies :
PasswordProfile : Microsoft.Graph.PowerShell.Models.MicrosoftGraphPasswordProfile
PastProjects :
People :
Photo : Microsoft.Graph.PowerShell.Models.MicrosoftGraphProfilePhoto
Photos :
Planner : Microsoft.Graph.PowerShell.Models.MicrosoftGraphPlannerUser
PostalCode :
PreferredDataLocation :
PreferredLanguage :
PreferredName :
Presence : Microsoft.Graph.PowerShell.Models.MicrosoftGraphPresence
Print : Microsoft.Graph.PowerShell.Models.MicrosoftGraphUserPrint
ProvisionedPlans :
ProxyAddresses :
RegisteredDevices :
Responsibilities :
Schools :
ScopedRoleMemberOf :
SecurityIdentifier :
Settings : Microsoft.Graph.PowerShell.Models.MicrosoftGraphUserSettings
ShowInAddressList :
SignInActivity : Microsoft.Graph.PowerShell.Models.MicrosoftGraphSignInActivity
SignInSessionsValidFromDateTime :
Skills :
State :
StreetAddress :
Surname :
Teamwork : Microsoft.Graph.PowerShell.Models.MicrosoftGraphUserTeamwork
Todo : Microsoft.Graph.PowerShell.Models.MicrosoftGraphTodo
TransitiveMemberOf :
UsageLocation : GB
UserPrincipalName :
UserType :
AdditionalProperties : {[@odata.context, https://graph.microsoft.com/v1.0/$metadata#users(usageLocation,employeeId,city)/$entity]}Get Azure AD users
To get information about the Azure AD user account, we need to use the Get-MgUser cmdlet. We will show you how to get all Microsoft 365 accounts and how to filter and search these user accounts.
Get all Azure AD users information
By default, only the first 100 results show, so we will use the -All parameter to get all the Azure AD users.
We will show you how to view all the Azure AD users in your organization.
Run the below PowerShell command.
Get-MgUser -AllThe PowerShell output results show a list of all your Azure AD users. It shows the DisplayName, Id, Mail, and UserPrincipalName.
DisplayName Id Mail UserPrincipalName
----------- -- ---- -----------------
Amanda Hansen 41377e9c-dc47-46c0-b4a5-1d5bbdcb5cc5 Amanda.Hansen@m365info.com Amanda.Hansen@m365info.com
Brenda Smith d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Brenda.Smith@m365info.com Brenda.Smith@m365info.com
Chris Lucas fa956d8c-87df-4cd4-ac2a-ac1f3d7cac8b Chris.Lucas@m365info.com Chris.Lucas@m365info.com
David Kent eec2668a-0773-4947-93ba-2223f6acfe55 David.Kent@m365info.com David.Kent@m365info.com
Diana Baker b602b148-2fcf-435a-9d34-ce72c3a8c748 Diana.Baker@m365info.com Diana.Baker@m365info.com
George Wilson d89be5ce-6495-4009-b61b-81126c239c34 George.Wilson@m365info.com George.Wilson@m365info.com
Info Box 479a0514-b10f-491a-ab2a-ec92c9673a35 InfoBox@m365info.com InfoBox@m365info.com
Jill Bates a9532b30-4edb-4b66-a3b0-6ac972a6065b Jill.Bates@m365info.com Jill.Bates@m365info.com
René Gibs 85df102b-1330-4359-8e6b-240677b26454 Rene.Gibs@m365info.com Rene.Gibs@m365info.com
RoomTest8 274d72d7-cc30-4a64-bc33-c99ff96c3abf RoomTest8@m365info.com RoomTest8@m365info.com
Søren Vest 1e367b85-f0c0-4c9c-a16a-22d132f1d8e6 Soren.Vest@m365info.com Soren.Vest@m365info.com Get-MgUser top 500 Azure AD users
By default, the first 100 results are shown using the Get-MgUser cmdlet without the -All parameter.
To get the first 500 users in your company, you can also use the -Top parameter. The maximum number you can use is 999.
In our example, we will get the first 500 Azure AD users in our organization.
Run the below PowerShell command example.
Get-MgUser -Top 500Filter users by usage location
You can find multiple users based on their usage location. This can be useful when your organization has users with different usage locations. To get the users that only have a specific usage location, you need to use the -Filter parameter.
In our example, we want to get all the user accounts with the usage location in Great Britain. To get users with the usage location in Great Britain, you must use the abbreviation GB in PowerShell.
Run the below PowerShell command example.
Get-MgUser -Filter "UsageLocation eq 'GB'" -AllThe PowerShell output shows users with Great Britain as their usage location.
DisplayName Id Mail UserPrincipalName
----------- -- ---- -----------------
Brenda Smith d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Brenda.Smith@m365info.com Brenda.Smith@m365info.comGet-MgUser licensed users
An excellent method to filter out only licensed users is with the below PowerShell command.
Get-MgUser -Filter "assignedLicenses/`$count ne 0 and userType eq 'Member'" -ConsistencyLevel eventual -CountVariable Records -AllGet-MgUser by country
To find all the Microsoft 365 users with the location set in the United Kingdom, you need to use the abbreviation UK.
Run the below PowerShell command example to get all Azure users that live in the United Kingdom. To get the users with the United Kingdom as their country, you must use the abbreviation UK in MS Graph PowerShell.
Get-MgUser -Filter "Country eq 'UK'" -AllThe PowerShell output lists all the Azure AD users with the UK as a country.
DisplayName Id Mail UserPrincipalName
----------- -- ---- -----------------
Brenda Smith d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Brenda.Smith@m365info.com Brenda.Smith@m365info.com
Amanda Hansen 41377e9c-dc47-46c0-b4a5-1d5bbdcb5cc5 Amanda.Hansen@m365info.com Amanda.Hansen@m365info.comGet-MgUser created last 14 days
You can get all the Azure AD users that you created in the last 14 days using the -Filter parameter.
Run the below PowerShell command example.
Get-MgUser -Filter "CreatedDateTime ge $((Get-Date).AddDays(-14).ToString("s"))Z" -AllThe PowerShell output lists all the Azure AD users created in the last 2 weeks.
DisplayName Id Mail UserPrincipalName
----------- -- ---- -----------------
Søren Vest 1e367b85-f0c0-4c9c-a16a-22d132f1d8e6 Soren.Vest@m365info.com Soren.Vest@m365info.comGet-MgUser created last year
You can get all the Azure AD users you created last year using the -Filter parameter.
Run the below PowerShell command example.
Get-MgUser -Filter "CreatedDateTime ge $((Get-Date).AddYears(-1).ToString("s"))Z" -AllThe PowerShell output shows a list of all the Azure AD users created in the last year.
Get-MgUser specific department
You can get the Azure AD user accounts that work at a specific department in your organization.
Get-MgUser from a specific department
In our example, we will filter all the users that work in the Sales department.
Run the below PowerShell command example.
Get-MgUser -Filter "Department eq 'Sales'" -AllThe PowerShell output displays a list of all the users working in the department Sales.
DisplayName Id Mail UserPrincipalName
----------- -- ---- -----------------
Amanda Hansen 41377e9c-dc47-46c0-b4a5-1d5bbdcb5cc5 Amanda.Hansen@m365info.com Amanda.Hansen@m365info.com
Brenda Smith d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Brenda.Smith@m365info.com Brenda.Smith@m365info.com
Chris Lucas fa956d8c-87df-4cd4-ac2a-ac1f3d7cac8b Chris.Lucas@m365info.com Chris.Lucas@m365info.com
David Kent eec2668a-0773-4947-93ba-2223f6acfe55 David.Kent@m365info.com David.Kent@m365info.com
Diana Baker b602b148-2fcf-435a-9d34-ce72c3a8c748 Diana.Baker@m365info.com Diana.Baker@m365info.com
George Wilson d89be5ce-6495-4009-b61b-81126c239c34 George.Wilson@m365info.com George.Wilson@m365info.comGet-MgUser from a specific department and job title
You can narrow the users that work in the Sales department by specifically looking for managers.
In our example, we will get the Sales department users with the job title Manager.
Run the below PowerShell example.
Get-MgUser -Filter "Department eq 'Sales' and Jobtitle eq 'Manager'" -AllThe PowerShell output displays a list of all the managers in the Sales department.
DisplayName Id Mail UserPrincipalName
----------- -- ---- -----------------
Amanda Hansen 41377e9c-dc47-46c0-b4a5-1d5bbdcb5cc5 Amanda.Hansen@m365info.com Amanda.Hansen@m365info.comIt shows that Amanda Hansen is the only manager in the Sales department.
Get-MgUser using -Search
You can use the -Search parameter to find and view users. The -Search parameter only works through MS Graph with a special request header, -ConsistencyLevel: eventual.
In our example, we want to search all the users with the letter “ba” in their Display Name.
Get-MgUser -Search "DisplayName:ba" -ConsistencyLevel: eventual -AllSee the PowerShell output result shown below.
DisplayName Id Mail UserPrincipalName
----------- -- ---- -----------------
Jill Bates a9532b30-4edb-4b66-a3b0-6ac972a6065b Jill.Bates@m365info.com Jill.Bates@m365info.com
Diana Baker b602b148-2fcf-435a-9d34-ce72c3a8c748 Diana.Baker@m365info.com Diana.Baker@m365info.comYou will see all the Azure AD users with the letters “ba” in their display name.
Get-MgUser with -Search and -Filter parameters
You can also use both the -Search and -Filter parameters when getting information about specific Azure AD users.
We want to get all the Azure AD users and filter only the enabled user accounts. Then, we want to search for the user account with the letters “pro” in their display name.
Run the below PowerShell command example.
Get-MgUser -Filter 'AccountEnabled eq true' -Search 'DisplayName:pro' -ConsistencyLevel eventual -AllSee the PowerShell output result shown below.
DisplayName Id Mail UserPrincipalName
----------- -- ---- -----------------
Projector 8 3c06bdad-3224-4b93-ac4e-fb7dcd23e0ce Projector8@m365info.com Projector8@m365info.com
Projector 21 6f4d2832-2753-4433-aba9-11dd73c14e39 Projector21@m365info.com Projector21@m365info.comBulk export Azure AD users to CSV
We will bulk export all Azure AD users to a CSV file and grid view. Therefore, you must create a temp folder and save it in your (C:) drive.
We will show you two scripts that will bulk export Azure AD users with Microsoft Graph PowerShell:
- Detailed information
- Basic information
Export all Azure AD users information
You can bulk export a list of Azure AD users with detailed information to a CSV file. The script will export the Azure AD users list to a grid view and CSV file.
Run the below PowerShell script.
# Connect to Microsoft Graph API
Connect-MgGraph -Scopes "User.Read.All"
# Define CSV file export location variable
$Csvfile = "C:\temp\AllAzureADUsers.csv"
# Retrieve users using the Microsoft Graph API with property
$propertyParams = @{
All = $true
ExpandProperty = 'manager'
}
$users = Get-MgBetaUser @propertyParams
$totalUsers = $users.Count
# Initialize progress counter
$progress = 0
# Create an array to store user objects
$userObjects = @()
# Collect and loop through all users
foreach ($index in 0..($totalUsers - 1)) {
$user = $users[$index]
# Update progress counter
$progress++
# Calculate percentage complete
$percentComplete = ($progress / $totalUsers) * 100
# Define progress bar parameters
$progressParams = @{
Activity = "Processing Users"
Status = "User $($index + 1) of $totalUsers - $($user.userPrincipalName) - $($percentComplete -as [int])% Complete"
PercentComplete = $percentComplete
}
# Display progress bar
Write-Progress @progressParams
# Get manager information
$managerDN = $user.Manager.AdditionalProperties.displayName
$managerUPN = $user.Manager.AdditionalProperties.userPrincipalName
# Create an object to store user properties
$userObject = [PSCustomObject]@{
"ID" = $user.id
"First name" = $user.givenName
"Last name" = $user.surname
"Display name" = $user.displayName
"User principal name" = $user.userPrincipalName
"Email address" = $user.mail
"Job title" = $user.jobTitle
"Manager display name" = $managerDN
"Manager user principal name" = $managerUPN
"Department" = $user.department
"Company" = $user.companyName
"Office" = $user.officeLocation
"Employee ID" = $user.employeeID
"Mobile" = $user.mobilePhone
"Phone" = $user.businessPhones -join ','
"Street" = $user.streetAddress
"City" = $user.city
"Postal code" = $user.postalCode
"State" = $user.state
"Country" = $user.country
"User type" = $user.userType
"On-Premises sync" = if ($user.onPremisesSyncEnabled) { "enabled" } else { "disabled" }
"Account status" = if ($user.accountEnabled) { "enabled" } else { "disabled" }
"Account Created on" = $user.createdDateTime
"Licensed" = if ($user.assignedLicenses.Count -gt 0) { "Yes" } else { "No" }
}
# Add the user object to the array
$userObjects += $userObject
}
# Export users to CSV
$userObjects | Sort-Object "Display name" | Export-Csv -Path $Csvfile -NoTypeInformation -Encoding UTF8
# Display data in Out-GridView
$userObjects | Out-GridView
# Show export location
Write-Host "CSV file exported to: $Csvfile" -ForegroundColor GreenFind the CSV file in the C:\temp folder. Open the CSV file with an application like Microsoft Excel to see the results. It shows a detailed list of all the Azure AD users in your organization.
Export all Azure AD users basic information
You can export a list of all the Azure AD users to a CSV file. The script will export the Azure AD users list to a grid view and CSV file.
Run the below PowerShell script.
# Connect to Microsoft Graph API
Connect-MgGraph -Scopes "User.Read.All"
# Define CSV file export location variable
$Csvfile = "C:\temp\AllAzureADUsers.csv"
# Retrieve users using the Microsoft Graph API with property
$propertyParams = @{
All = $true
}
$users = Get-MgBetaUser @propertyParams
$totalUsers = $users.Count
# Initialize progress counter
$progress = 0
# Create an array to store user objects
$userObjects = @()
# Collect and loop through all users
foreach ($index in 0..($totalUsers - 1)) {
$user = $users[$index]
# Update progress counter
$progress++
# Calculate percentage complete
$percentComplete = ($progress / $totalUsers) * 100
# Define progress bar parameters
$progressParams = @{
Activity = "Processing Users"
Status = "User $($index + 1) of $totalUsers - $($user.userPrincipalName) - $($percentComplete -as [int])% Complete"
PercentComplete = $percentComplete
}
# Display progress bar
Write-Progress @progressParams
# Create an object to store user properties
$userObject = [PSCustomObject]@{
"Display name" = $user.displayName
"ID" = $user.id
"First name" = $user.givenName
"Last name" = $user.surname
"User principal name" = $user.userPrincipalName
"Email address" = $user.mail
}
# Add the user object to the array
$userObjects += $userObject
}
# Export users to CSV
$userObjects | Sort-Object "Display name" | Export-Csv -Path $Csvfile -NoTypeInformation -Encoding UTF8
# Display data in Out-GridView
$userObjects | Out-GridView
# Show export location
Write-Host "CSV file exported to: $Csvfile" -ForegroundColor GreenYou will find the CSV file in the C:\temp folder. Open the CSV file with an application like Microsoft Excel to see the results. It shows basic information about all the Azure AD users in your organization.
You successfully managed to get Azure AD users with the Get-MgUser cmdlet.
Read more: Export Azure AD group members to CSV with PowerShell »
Conclusion
You learned how to export Azure AD users with Microsoft Graph PowerShell. It’s always good to get a list of all the Azure AD users with their details. Remember to use the Get-MgUser cmdlet including the -Filter and -Search parameters to find specific Azure AD users.
Did you enjoy this article? You may also like Bulk create Microsoft 365 users with CSV file. Don’t forget to follow us and share this article.
What Others Are Reading
This Post Has 0 Comments