How to use Get-MgUser in Microsoft Graph PowerShell

You need to use the Get-MgUser PowerShell cmdlet to get information about all the users in Microsoft Entra ID. The Get-MgUser retrieves data of each user object. In this article, you will learn how to use the Get-MgUser cmdlet in Microsoft Graph PowerShell.

Install Microsoft Graph PowerShell

Before you start, you must Install Microsoft Graph PowerShell module, including the Microsoft Graph Beta module.

Run the below command to install the Microsoft Graph modules.

Install-Module Microsoft.Graph -Force
Install-Module Microsoft.Graph.Beta -AllowClobber -Force

Important: Always install the Microsoft Graph PowerShell and Microsoft Graph Beta PowerShell modules. That’s because some cmdlets are not yet available in the final version, and they will not work. Update both modules to the latest version before you run a cmdlet or script to prevent errors and incorrect results.

Connect to Microsoft Graph PowerShell

You need to Connect to Microsoft Graph PowerShell with the below scopes.

Connect-MgGraph -Scopes "User.Read.All", "AuditLog.Read.All", "RoleManagement.Read.Directory"

You are set to use the Get-MgUser cmdlet with Microsoft Graph PowerShell in the next steps.

Get list of all Microsoft 365 users

The Get-MgUser cmdlet retrieves all the users in Microsoft Entra ID, which are the licensed and unlicensed user, shared, room, and equipment mailboxes in your organization.

To get a list of all the users in Microsoft Entra ID, you need to use the Get-MgUser PowerShell cmdlet with the -All parameter. Otherwise, you will only get the first 100 users in alphabetic order.

Run the below PowerShell command to retrieve all the users in Microsoft Entra ID.

Get-MgUser -All

The PowerShell output shows a list of all the licensed and unlicensed users in Microsoft Entra ID with their DisplayName, Id, Mail, and UserPrincipalName.

The users that don’t have an output result under the heading Mail are the ones that don’t have a mailbox.

DisplayName     Id                                   Mail                         UserPrincipalName
-----------     --                                   ----                         -----------------
Adam Mackay     0de964ae-f09a-4e65-bc8c-cbeac2745e4c Adam.Mackay@m365info.com     Adam.Mackay@m365info.com
Andrea Baker    7bfec79d-7806-484a-ac83-133cd4cf5af5 Andrea.Baker@m365info.com    Andrea.Baker@m365info.com
Bella Carr      9a88d528-537d-43da-a7d3-40ae600dea16                              Bella.Carr@m365info.com
Benjamin May    2beda4b9-559b-4d39-9415-51ce47f2963f                              Benjamin.May@m365info.com
Bernadette Bond 6ec79c8e-5a84-4992-b2df-4caf3f997a74 Bernadette.Bond@m365info.com Bernadette.Bond@m365info.com
Blake Martin    5f4d37cd-383c-413f-87a2-aab0dc6a531a Blake.Martin@m365info.com    Blake.Martin@m365info.com
Boris Lean      dc72baf0-e44f-48c3-a459-8005a9240f6f                              Boris.Lean@m365info.com
Brandon Grath   9706949a-e756-41c1-a90a-113f4f777e4b                              Brandon.Grath@m365info.com
Brenda Smith    0f38d53f-cbe0-4844-86e9-1032a45ba31b Brenda.Smith@m365info.com    Brenda.Smith@m365info.com

Get list of properties of members

To get a list of all the available properties of a specific object, such as a Microsoft 365 user account you need to add the Get-Member PowerShell cmdlet.

Run the below PowerShell command to get a list of all the properties of the members.

Get-Mguser | Get-Member

Get count of all user account

To get a count of all the users in your organization, you need to add the Measure-Object cmdlet

Get-MgUser -All | Measure-Object | Select-Object -ExpandProperty Count

Get all licensed Microsoft 365 users

You can use the Get-MgUser PowerShell cmdlet to find the licensed users in your organization. We want to show a list of all the user accounts that have been assigned any of the licensing plans in your organization.

To filter the users, you can use the Comparison Operators (eq, ne, le, gt, startsWith, endsWith) and the Logical Operators (and, or).

Get all licensed users with assigned licenses

Use the -Filter parameter to get all the licensed users without guests. Then you will use the ne (not equal to) operator together with -Consistencylevel eventual.

Run the below PowerShell command to view a list of all the licensed users.

Get-MgUser -All -Filter "assignedLicenses/`$count ne 0 and userType eq 'Member'" -ConsistencyLevel eventual -CountVariable licensedUserCount -Select UserPrincipalName, DisplayName, AssignedLicenses | Format-Table -Property UserPrincipalName, DisplayName, AssignedLicenses

The PowerShell result output shows all the licensed users with their assigned licenses.

UserPrincipalName           DisplayName    AssignedLicenses
-----------------           -----------    ----------------
Brenda.Smith@m365info.com   Brenda Smith   {c42b9cae-ea4f-4ab7-9717-81576235ccac}
Ken.Walker@m365info.com     Ken Walker     {c42b9cae-ea4f-4ab7-9717-81576235ccac}
Soren.Vest@m365info.com     Søren Vest     {c42b9cae-ea4f-4ab7-9717-81576235ccac}
Diana.Baker@m365info.com    Diana Baker    {c42b9cae-ea4f-4ab7-9717-81576235ccac}
Stephen.Hunter@m365info.com Stephen Hunter {c42b9cae-ea4f-4ab7-9717-81576235ccac}
Ryan.Walker@m365info.com    Ryan Walker    {c42b9cae-ea4f-4ab7-9717-81576235ccac}
Susan.Brown5@m365info.com   Susan Brown    {c42b9cae-ea4f-4ab7-9717-81576235ccac}

Get all licensed users excluding guests

Get all the licensed users without displaying the assigned licenses. The PowerShell output will show the DisplayName, Id, Mail, and UserPrincipalName.

Run the below PowerShell command to get a list of all licensed users.

Get-MgUser -All -Filter "assignedLicenses/`$count ne 0 and userType eq 'Member'" -ConsistencyLevel eventual -CountVariable licensedUserCount

Get all licensed users including guests

Get all the licensed users and guests without displaying the assigned licenses. The PowerShell output will show the DisplayName, Id, Mail, and UserPrincipalName.

Run the below PowerShell command to get a list of all licensed users, including guests.

Get-MgUser -All -Filter 'assignedLicenses/$count ne 0' -ConsistencyLevel eventual -CountVariable licensedUserCount

Get all unlicensed Microsoft 365 users

You can use the Get-MgUser PowerShell cmdlet to find only the unlicensed users in your organization. We want to show a list of all the user accounts that have not been assigned any licensing plans in your organization.

Get all unlicensed users excluding guests

Use the -Filter parameter to get all the unlicensed users without guests. You must also use the eq (equal to) comparison operator with the -ConsistencyLevel eventual.

Run the below PowerShell command to view a list of all the unlicensed users.

Get-MgUser -All -Filter "assignedLicenses/`$count eq 0 and userType eq 'Member'" -ConsistencyLevel eventual -CountVariable unlicensedUserCount

The PowerShell output result shows the unlicensed users in your organization.

DisplayName          Id                                   Mail                 UserPrincipalName
-----------          --                                   ----                 -----------------
Christian Morgan 05be018c-cb06-480e-a530-1d7ffef00451                          Christian.Morgan@m365info.com
Tim Lewis        0615caeb-b1b2-483f-8c8a-c5384168c7bd                          Tim.Lewis@m365info.com
Michael Smith    0680abc1-001f-4007-9a17-57e5cff2a303                          Michael.Smith@m365info.com
Keith Rutherford 07c4f0b5-7c2b-409b-8d09-eb66954c2f83                          Keith.Rutherford@m365info.com
Emma Cornish     07d51ef8-4663-4f5a-bd2f-a84784984a15                          Emma.Cornish@m365info.com
Adam Mackay      0de964ae-f09a-4e65-bc8c-cbeac2745e4c Adam.Mackay@m365info.com Adam.Mackay@m365info.com
Catch All        182292ee-eaec-438b-bf14-f25dec9cf1cd Catch.All@m365info.com   Catch.All@m365info.com

Get all unlicensed users including guests

Run the below PowerShell command to get all the unlicensed users, including guests.

Get-MgUser -All -Filter 'assignedLicenses/$count eq 0' -ConsistencyLevel eventual -CountVariable unlicensedUserCount

Get disabled user accounts

When a user is blocked from signing in to Microsoft 365 services, it’s a disabled user account. We want to get a list of these (blocked) disabled user accounts. Learn more about how to Block Microsoft 365 user sign-in.

There are two ways to get disabled user accounts.

Option 1

We want to use -Filter with the eq (equal to) operator.

Get-MgUser -All -Filter "accountEnabled eq false"

Option 2

We want to use -Filter with the ne (not equal to) operator. Therefore you must add the -CountVariable CountVar with -Consistencylevel eventual.

Get-MgUser -All -Filter "accountEnabled ne true" -CountVariable CountVar -ConsistencyLevel eventual

Get enabled user accounts

When a user account can sign in to Microsoft 365 services, it’s an enabled user account. We want to get a list of these (unblocked) enabled user accounts. Learn more about how to Unblock Microsoft 365 user sign-in.

There are two ways to get enabled user accounts.

Option 1

Use the -Filter parameter with the eq (equal to) operator to get active user accounts.

Get-MgUser -All -Filter "accountEnabled eq true"

Option 2

We want to use the -Filter parameter with the ne (not equal to) operator. Therefore you must add the -CountVariable CountVar with -Consistencylevel eventual.

Run the below PowerShell command to get active user accounts.

Get-MgUser -All -Filter "accountEnabled ne false" -CountVariable CountVar -ConsistencyLevel eventual

Get all users sign-in activity date and time

There is also the Get-MgBetaUser PowerShell cmdlet, which you need to use the get the correct results.

Note: Microsoft adds new properties to the Beta cmdlet before they eventually get added to the Get-MgUser cmdlet.

To get the active and inactive users, we need to look at the last time the users signed in. The last sign-in activity will tell you when the user is active.

Run the below PowerShell command to get the sign-in activity of a single user.

Get-MgBetaUser -Filter "UserPrincipalName eq 'Amanda.Hansen@m365info.com'" -Property SignInActivity | Select-Object -ExpandProperty SignInActivity | fl

The PowerShell output result shows the user last signed in successfully on the 26th of February 2024.

LastNonInteractiveSignInDateTime  : 26/02/2024 17.58.31
LastNonInteractiveSignInRequestId : 9ce398f0-741d-4a97-ab90-ce204fa29a00
LastSignInDateTime                : 20/02/2024 09.46.43
LastSignInRequestId               : 0ccb2b7e-ceac-4d45-9552-9ba4d4580d01
LastSuccessfulSignInDateTime      : 26/02/2024 17.58.31
LastSuccessfulSignInRequestId     : 9ce398f0-741d-4a97-ab90-ce204fa29a00
AdditionalProperties              : {}

To get the sign-in activity of all the users, you can see which users are active and inactive.

Run the below PowerShell command to get all users last sign-in activity to an Out-GridView.

Get-MgBetaUser -All -Property Id, UserPrincipalName, DisplayName, SignInActivity | Select-Object Id, UserPrincipalName, DisplayName, @{Name = 'LastSuccessfulSignInDateTime'; Expression = { $_.SignInActivity.LastSuccessfulSignInDateTime } } | Out-GridView -Title "Last successful sign-in date"

The Out-GridView appears, where you can search and filter the properties. To get more detailed information, you can Export Microsoft 365 users last sign-in date and time.

Get MgUser Last successful sign-in date in Out-GridView Microsoft Graph PowerShell

Get user role

We will use the Get-MgDirectoryRole cmdlet to retrieve the properties of a directory role object. You can get a list of the Microsoft 365 user accounts that have the Global Administrator role.

Run the below PowerShell script to get the user role.

$roles = Get-MgDirectoryRole

$output = foreach ($role in $roles) {
    $roleId = $role.Id
    $userList = Get-MgDirectoryRoleMember -DirectoryRoleId $roleId
    $users = foreach ($user in $userList) {
        $userDetails = Get-MgUser -UserId $user.id
        [PSCustomObject]@{
            Role     = $role.DisplayName
            UPN      = $userDetails.UserPrincipalName
            UserName = $userDetails.DisplayName
            Mail     = $userDetails.Mail
        }
    }
    $users
}
$output

The PowerShell output shows the different users with their roles.

Role                   UPN                  UserName
----                   ---                  --------      
Exchange Administrator admin@m365info.com   M365info Admin
Exchange Administrator msadmin@m365info.com M365info Admin
Global Administrator   admin@m365info.com   M365info Admin
Global Administrator   msadmin@m365info.com M365info Admin

Get all users CreatedDateTime

Use the Get-MgBetaUser PowerShell cmdlet to check the CreatedDateTime of all the users.

Get-MgBetaUser -All | Select-Object DisplayName, UserPrincipalName, CreatedDateTime

The PowerShell results show a list of all the users with their created date time.

DisplayName   UserPrincipalName          CreatedDateTime
-----------   -----------------          ---------------
Amanda Hansen Amanda.Hansen@m365info.com 06/03/2023 11.06.56
Andrea Baker  Andrea.Baker@m365info.com  02/10/2023 09.17.04
Anna Bell     Anna.Bell@m365info.com     06/11/2023 21.55.22
Austin Mathis Austin.Mathis@m365info.com 02/10/2023 09.17.10
Bella Carr    Bella.Carr@m365info.com    02/10/2023 09.17.06
Brenda Smith  Brenda.Smith@m365info.com  06/11/2023 21.59.33
George Wilson George.Wilson@m365info.com 28/09/2023 20.01.47

Get single user CreatedDateTime

Check the created date time for a single user with the below PowerShell command.

Get-MgBetaUser -UserId "Amanda.Hansen@m365info.com" | Select-Object DisplayName, UserPrincipalName, CreatedDateTime

The PowerShell output shows the user (Amanda Hansen) created date and time.

DisplayName   UserPrincipalName          CreatedDateTime
-----------   -----------------          ---------------
Amanda Hansen Amanda.Hansen@m365info.com 06/03/2023 11.06.56

Get users that Start with a phone number

To get all the users that have a mobile phone number that starts with +44, we will use the -like operator.

Run the below PowerShell command.

Get-MgUser -All | Where-Object {$_.MobilePhone -like "+44*"} | Select-Object UserPrincipalName, DisplayName, MobilePhone

The PowerShell output result shows all the users that have a mobile phone number that starts with +44.

UserPrincipalName          DisplayName   MobilePhone
-----------------          -----------   -----------
Amanda.Hansen@m365info.com Amanda Hansen +44 20 1285 6677

To get all the users with business phones that start with +44, run the below PowerShell command.

Get-MgUser -All | Where-Object {$_.BusinessPhones -like "+44*"} | Select-Object UserPrincipalName, DisplayName, BusinessPhones

The PowerShell output shows all the users that have a business phone number that starts with +44.

UserPrincipalName          DisplayName   BusinessPhones
-----------------          -----------   --------------
Adam.Mackay@m365info.com   Adam Mackay   {+44 20 8885 6677}
Amanda.Hansen@m365info.com Amanda Hansen {+44 20 1285 6673}

Get users that End with specific email address

To retrieve users that end with a specific email address, we will add the endsWith operator.

Run the below PowerShell example to filter all the users that end with a specific email address (m365info.com).

Get-MgUser -All -Filter "endsWith(mail,'m365info.com')" -Sort "displayName" -ConsistencyLevel eventual -CountVariable CountVar

The PowerShell output will retrieve a list of users with that specific email address (m365info.com).

DisplayName     Id                                   Mail                              UserPrincipalName
-----------     --                                   ----                              -----------------
Amanda Hansen   41377e9c-dc47-46c0-b4a5-1d5bbdcb5cc5 Amanda.Hansen@m365info.com        Amanda.Hansen@m365info.com
Andrea Baker    7bfec79d-7806-484a-ac83-133cd4cf5af5 Andrea.Baker@m365info.com         Andrea.Baker@m365info.com
Anna Bell       82cd0d62-e974-4892-aca6-e0387abc62be Anna.Bell@m365info.com            Anna.Bell@m365info.com
Bernadette Bond 6ec79c8e-5a84-4992-b2df-4caf3f997a74 Bernadette.Bond@m365info.com      Bernadette.Bond@m365info.com
Blake Martin    5f4d37cd-383c-413f-87a2-aab0dc6a531a Blake.Martin@m365info.com         Blake.Martin@m365info.com
Brenda Smith    0f38d53f-cbe0-4844-86e9-1032a45ba31b Brenda.Smith@m365info.com         Brenda.Smith@m365info.com

Get users that Start with specific email address

To retrieve users that start with a specific mail address, we will add the startsWith operator.

Run the below PowerShell example to filter all the users that start with an email address that starts with the letters (an).

Get-MgUser -All -Filter "startsWith(mail,'an')" -Sort "displayName" -ConsistencyLevel eventual -CountVariable CountVar

The PowerShell output will retrieve a list of users with an email address that starts with an.

DisplayName  Id                                   Mail                      UserPrincipalName
-----------  --                                   ----                      -----------------
Andrea Baker 7bfec79d-7806-484a-ac83-133cd4cf5af5 Andrea.Baker@m365info.com Andrea.Baker@m365info.com
Anna Bell    82cd0d62-e974-4892-aca6-e0387abc62be Anna.Bell@m365info.com    Anna.Bell@m365info.com
Anne Butler  5cae3874-442b-459c-8f33-3aee5b879275 Anne.Butler@m365info.com  Anne.Butler@m365info.com

Get users by their Usage Location

To filter all the users by usage location, you need to use a valid country code. It will not work if you type the entire country name.

In our example, we want to get the users with their usage location in the Netherlands, so we need to use NL in PowerShell.

Get-MgUser -All -Filter "UsageLocation eq 'NL'"

The output shows a list of all the users that have usage location in the Netherlands.

DisplayName    Id                                   Mail                              UserPrincipalName
-----------    --                                   ----                              -----------------
RoomTest8      274d72d7-cc30-4a64-bc33-c99ff96c3abf RoomTest8@m365info.com            RoomTest8@m365info.com
Info Box       479a0514-b10f-491a-ab2a-ec92c9673a35 InfoBox@m365info.com              InfoBox@m365info.com
Projector 21   6f4d2832-2753-4433-aba9-11dd73c14e39 Projector21@m365info.com          Projector21@m365info.com
Julia Wood     1a1fd41c-ca5f-4432-8313-7a662576856b                                   Julia.Wood@m365info.com
Stephen Hunter c32b2b27-d809-439a-a3e3-eb7a749eeb72 Stephen.Hunter@m365info.com       Stephen.Hunter@m365info.com
Amanda Morgan  f8261d51-3df9-4f21-a6b1-533412669c11 Amanda.Morgan@m365info.com        Amanda.Morgan@m365info.com
Kevin Howard   20a534e1-0b53-42f0-b119-ad87e29e39da                                   Kevin.Howard@m365info.com
Lauren Russell 188f1cf6-ed47-4255-a776-d55a1fb40187                                   Lauren.Russell@m365info.com

To get a list of the Microsoft 365 user accounts that have no usage location, we will need to use the $null value.

Run the below PowerShell command to find users without usage location value.

Get-MgUser -All | Where-Object { $_.UsageLocation -eq $null } | Select-Object UserPrincipalName, UsageLocation

Get users from specific Country

Get all the users from a specific country with the -Filter parameter.

Run the below PowerShell command to get all the users from the USA.

Get-MgUser -All -Filter "Country eq 'USA'"

The PowerShell output shows a list of users from the USA.

DisplayName   Id                                   Mail                       UserPrincipalName
-----------   --                                   ----                       -----------------
Amanda Morgan f8261d51-3df9-4f21-a6b1-533412669c11 Amanda.Morgan@m365info.com Amanda.Morgan@m365info.com   
Anna Bell     82cd0d62-e974-4892-aca6-e0387abc62be Anna.Bell@m365info.com     Anna.Bell@m365info.com       
Brenda Smith  0f38d53f-cbe0-4844-86e9-1032a45ba31b Brenda.Smith@m365info.com  Brenda.Smith@m365info.com

To retrieve all the users without any country, we will need to use Where with the $null value.

Run the below PowerShell command to filter all the users without any country.

Get-MgUser -All | Where-Object { $_.Country -eq $null } | Select-Object UserPrincipalName, Country

Get users from specific State

To filter the users by a specific state, we need to use the eq comparison operator.

Run the below PowerShell command to get all users from a specific state (New York).

Get-MgUser -All -Filter "State eq 'New York'"

The PowerShell output shows a list of users from the same state (New York).

DisplayName   Id                                   Mail                       UserPrincipalName
-----------   --                                   ----                       -----------------
Amanda Hansen 41377e9c-dc47-46c0-b4a5-1d5bbdcb5cc5 Amanda.Hansen@m365info.com Amanda.Hansen@m365info.com   
Adam Mackay   0de964ae-f09a-4e65-bc8c-cbeac2745e4c Adam.Mackay@m365info.com   Adam.Mackay@m365info.com

To retrieve all the users without any state, we will need to use Where with the $null value.

Run the below PowerShell command to filter all the users without a state.

Get-MgUser -All | Where-Object { $_.Country -eq $null } | Select-Object UserPrincipalName, State

Get users from specific City

To filter the users by a specific city, we need to use the eq comparison operator.

Run the below PowerShell command to get all users from a specific city (New York).

Get-MgUser -All -Filter "City eq 'New York'"

The PowerShell output shows a list of users from the same city (New York).

DisplayName   Id                                   Mail                       UserPrincipalName
-----------   --                                   ----                       -----------------
Amanda Hansen 41377e9c-dc47-46c0-b4a5-1d5bbdcb5cc5 Amanda.Hansen@m365info.com Amanda.Hansen@m365info.com

To retrieve all the users without any city, we will need to use Where with the $null value.

Run the below PowerShell command to filter all the users without a city.

Get-MgUser -All | Where-Object { $_.City -eq $null } | Select-Object UserPrincipalName, City

Get users from a specific Department

Retrieve all the users from a specific department in your organization.

In our example, we want to get all the users from the Marketing department.

Get-MgUser -All -Filter "Department eq 'Marketing'"

The PowerShell output shows the users DisplayName, Id, Mail, and UserPrincipalName from the Marketing department.

DisplayName   Id                                   Mail                       UserPrincipalName
-----------   --                                   ----                       -----------------
Amanda Hansen 41377e9c-dc47-46c0-b4a5-1d5bbdcb5cc5 Amanda.Hansen@m365info.com Amanda.Hansen@m365info.com
Anne Butler   5cae3874-442b-459c-8f33-3aee5b879275 Anne.Butler@m365info.com   Anne.Butler@m365info.com
Brian Mill    411a8f10-0dfa-4034-a1e3-a8b6e4cad2f6 Brian.Mill@m365info.com    Brian.Mill@m365info.com

Get users by Job Title

Get all the users with a specific job title in your organization.

In our example, we want to retrieve all the managers from different departments.

Get-MgUser -All -Filter "JobTitle eq 'Manager'"

The PowerShell output shows all the users that have a job title as Manager.

DisplayName   Id                                   Mail                       UserPrincipalName
-----------   --                                   ----                       -----------------
Søren Vest    1e367b85-f0c0-4c9c-a16a-22d132f1d8e6 Soren.Vest@m365info.com    Soren.Vest@m365info.com
Amanda Morgan f8261d51-3df9-4f21-a6b1-533412669c11 Amanda.Morgan@m365info.com Amanda.Morgan@m365info.com
Andrea Baker  7bfec79d-7806-484a-ac83-133cd4cf5af5 Andrea.Baker@m365info.com  Andrea.Baker@m365info.com
Adam Mackay   0de964ae-f09a-4e65-bc8c-cbeac2745e4c Adam.Mackay@m365info.com   Adam.Mackay@m365info.com
Brian Mill    411a8f10-0dfa-4034-a1e3-a8b6e4cad2f6 Brian.Mill@m365info.com    Brian.Mill@m365info.com
Brenda Smith  0f38d53f-cbe0-4844-86e9-1032a45ba31b Brenda.Smith@m365info.com  Brenda.Smith@m365info.com

Get users last password change date time

You can check when all Microsoft 365 users in your organization changed their password the last time.

Run the below PowerShell command to get all the users’ last password change date time.

Get-MgUser -All -Property DisplayName, LastPasswordChangeDateTime | Select-Object DisplayName, LastPasswordChangeDateTime

The PowerShell result shows a list of users with their last password change date time.

DisplayName      LastPasswordChangeDateTime
-----------      --------------------------
Amanda Hansen    26/10/2023 09.07.23
Anna Bell        21/11/2023 14.29.15
Ben Andrews      15/02/2024 10.21.17
Brenda Smith     21/02/2024 09.34.57
Carl Hawk        06/11/2023 21.59.04
Chris Lucas      26/10/2023 09.04.25
Christian Morgan 22/01/2024 09.21.38
Francis Kent     06/11/2023 22.01.09
Harry Longmuir   15/02/2024 10.21.17
Ken Walker       28/11/2023 08.40.57
Ken Walker       13/12/2023 10.02.15
Mark             03/11/2023 12.03.22
Thomas Lee       12/02/2024 10.52.20

You can also get all the Microsoft 365 users who changed their password last month. You need to add the -ge equality comparison operator and specify the date.

Run the below PowerShell commands to get the user’s last month’s password change.

Get-MgUser -All -Property DisplayName, LastPasswordChangeDateTime |
Where-Object { $_.LastPasswordChangeDateTime -ge (Get-Date).AddMonths(-1) } |
Select-Object DisplayName, LastPasswordChangeDateTime

The PowerShell output shows a list of the users who changed their password within the last month.

DisplayName    LastPasswordChangeDateTime
-----------    --------------------------
Ben Andrews    15/02/2024 10.21.17
Brenda Smith   21/02/2024 09.34.57
Harry Longmuir 15/02/2024 10.21.17
Thomas Lee     12/02/2024 10.52.20

If you want to get detailed password information for all Microsoft 365 users, you need to Export Microsoft 365 users password report.

Get users passwords never expire

You can check which users have set password never expires, because Microsoft recommends it for all the users. Manage Microsoft 365 users password to set the password to never expire for the entire organization.

Run the below PowerShell commands to see which users have set (true) or not set (false) their password never expires.

Get-MgUser -All -Property UserPrincipalName, PasswordPolicies | Select-Object UserprincipalName, @{
    Name       = "PasswordNeverExpires";
    Expression = { $_.PasswordPolicies -contains "DisablePasswordExpiration" }
}

It shows a list of all the Microsoft 365 user accounts, including guests.

UserPrincipalName             PasswordNeverExpires
-----------------             --------------------
Amanda.Hansen@m365info.com    False
Andrea.Baker@m365info.com     True
Anna.Bell@m365info.com        False
Ben.Andrews@m365info.com      False
Brenda.Smith@m365info.com     False
Chris.Green@m365info.com      True
George.Wilson@m365info.com    True
Ken.Walker@m365info.com       True
RoomMailboxTest@m365info.com  False
RoomTest8@m365info.com        True
Sam.Walsh@m365info.com        True
Sean.Wallace@m365info.com     False
Susan.Brown@m365info.com      True
Thomas.Lee@m365info.com       True

Get On-Premises Active Directory synchronized users

We want to display a list of all the Microsoft 365 user accounts:

  • The non-synchronized users are all the users in the cloud
  • The synchronized users are all on-premises users but synced into the cloud with the Microsoft Entra Connect tool

To get a list of all the cloud users, run the below PowerShell command.

Get-MgUser -All -Filter "OnPremisesSyncEnabled ne true" -ConsistencyLevel eventual -CountVariable CountVar

To get a list of Microsoft 365 accounts that are synchronized from the On-Premises Active Directory, including their OnPremisesImmutableId, run the below PowerShell command 

Get-MgUser -All -Filter "OnPremisesSyncEnabled eq true" -Property OnPremisesImmutableId, DisplayName, Id, Mail, UserPrincipalName, OnPremisesLastSyncDateTime | Select-Object DisplayName, Id, Mail, UserPrincipalName, OnPremisesImmutableId, OnPremisesLastSyncDateTime | Out-GridView

That’s it!

Read more: How to change Microsoft 365 users default MFA method »

Conclusion

You learned how to use the Get-MgUser cmdlet in Microsoft Graph PowerShell. To find specific Microsoft 365 user properties, you must use the correct commands to filter your results.

Did you enjoy this article? You may also like Export Azure AD users with Microsoft Graph PowerShell. Don’t forget to follow us and share this article.

o365info Team

o365info Team

This article was written by our team of experienced IT architects, consultants, and engineers.

X Twitter

What Others Are Reading

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *