For businesses that have migrated to Microsoft 365, managing Azure Active Directory is an essential task for administrators. Using cmdlets like Get-AzADUser, we can export Azure AD users, filter them, and handle user properties. This post explores the Get-AzADUser cmdlet in detail and how you can use it for Azure user management.
Table of Contents
Why Manage Azure Users with PowerShell?
Managing users in Azure Active Directory is a common task that can become complex as your organization grows. Here’s why using PowerShell, especially the Get-AzADUser cmdlet, makes sense:
- Automation: With PowerShell, you can automate repetitive tasks like creating, updating, or deleting users, freeing up valuable time.
- Filtering and Querying: Utilizing the filter query parameter enables administrators to retrieve specific users or groups. Whether you need to find users in the “marketing” department or those with a certain manager, it’s a breeze with the Get-AzADUser command.
- Export Capabilities: Need to generate a report or share user data? You can export Azure AD users to a CSV file or other formats for easy sharing and analysis.
- Integration with Other Tools: PowerShell seamlessly integrates with other Microsoft tools and services, making it a robust solution for managing users and other Azure resources.
- Security and Compliance: Using PowerShell allows for secure scripting and can be aligned with your organization’s compliance requirements.
- Cost-Effective: PowerShell is a free tool; many scripts and community support are readily available online.
- Cross-Platform Availability: With PowerShell Core, you can manage Azure AD users from different operating systems, making it a versatile tool for diverse environments.
PowerShell vs PowerShell Core
The PowerShell scripting framework has been an extremely popular tool among administrators. It provides a very popular and easy to learn verb-noun language that provides quick time to value. The traditional PowerShell release is known as Windows PowerShell.
However, PowerShell Core is the newest release of PowerShell. It extends PowerShell capabilities and allows it to run on multiple operating systems beyond Windows. Now, you can run PowerShell on Linux and macOS in addition to Windows.
- Windows PowerShell: Known by many as “Windows PowerShell,” this version is developed using the .NET Framework and is restricted to running on Windows OS exclusively.
- PowerShell Core: This version is built upon .NET Core at its foundation. The usage of .NET Core ensures that PowerShell Core can function on a wide range of operating systems, such as macOS and Linux, not just Windows.
Cmdlets between the two are generally quite similar. However, you have to make sure if you are using PowerShell vs PowerShell core, you understand any different syntax between the modules installed in each. PowerShell Core is often preferred for Azure management due to its cross-platform nature.
How to Install Get-AzADUser
Before using the Get-AzADUser cmdlet, you must install the parent module, which is the Az PowerShell module. Note the following steps to install the Az module.
1. Check for PowerShell Version: The Az module requires PowerShell 5.1 or higher on Windows or PowerShell Core 6. x and later on macOS and Linux. Check your version of PowerShell with the following command:
$PSVersionTable.PSVersion
2. Install the Az Module: Use the following command to install the parent Az module. Make sure you’re running PowerShell as an administrator:
Install-Module -Name Az -AllowClobber -Scope CurrentUser
- The -AllowClobber parameter is optional and overrides functions with the same name as a cmdlet in the module.
- The -Scope CurrentUser installs the module only for the current user. You can use -Scope AllUsers to install for all users on the machine.
3. Import the Az Module: Once installed, you can import the module with:
Import-Module Az
4. Verify Installation: You can ensure that the module is installed correctly by running:
Get-Module -ListAvailable -Name Az.Resources
Use Get-AzADUser: Now that the module is installed, you can start using the Get-AzADUser cmdlet as needed.
Updating the Az Module
Optional – Update the Az Module: If you already have the Az module installed but want to update it to the latest version, you can use:
Update-Module -Name Az
Connecting to your Azure environment
Before using the Get-AzADUser command, we need to connect to our Azure environment. To do that, we use a command also found in the Az Module:
Connect-AzAccount
Once you issue the command, a web page will open asking for your Microsoft credentials, including any MFA authentication you have enabled.
After authenticating, you will be returned to the PowerShell prompt where you should see that you are connected to your Azure environment.
Get-AzADUser Command
Let’s consider a few aspects of the Get-AzADUser command.
Get-AzADUser Versus Get-AzureADUser cmdlet
Both Get-AzADUser and Get-AzureADUser provide access to Azure AD users, but with some differences in parameters and usage. As the question shows research effort is needed to distinguish the differences between the two.
To see details between the two for the answer – copy link references from Microsoft below:
Listing and Retrieving Users: An Insight
The Get-AzADUser command offers different ways to list or retrieve a single user or multiple users, get user accounts, default properties, manager properties, etc. Below are a few quick examples.
- List Users: Get-AzADUser -First 10
- Get User by Display Name: Get-AzADUser -DisplayName $name
- Export Users to CSV file: Get-AzADUser | Export-Csv ‘path/to/file.csv’
By issuing the command below, you can view a comprehensive help file for all the parameters with Get-AzADUser.
Get-Help Get-AzADUser
Deep Dive into Parameters: User Properties and More
-Filter and Filter Query
The -Filter parameter enables you to create complex filter queries like “department eq ‘marketing'”. You can also use filter startswith displayname to match specific display names.
-Default Properties
Default properties like mail, display name, and manager property are retrieved without any additional parameters. You can also append other fields with the -AppendSelected switch.
-Export Azure AD Users
With PowerShell, you can use Get-AzADUser to export Azure AD users to a CSV file for further analysis.
Examples and Usage
Example 1: Filter by Department Name
Get-AzADUser -Filter "department eq 'marketing'"
Example 2: Export Users to CSV
Get-AzADUser | Export-Csv 'path/to/users.csv'
Example 3: Retrieve Current User
Get-AzADUser -SignedIn
The Get-AzADUser in Azure Active Directory: Not the Answer to Everything
While Get-AzADUser and Get-AzureADUser are powerful, they’re not the answer to every question tagged with user management. Other cmdlets like Get-MgUser and commands within the Az module are also essential.
Wrapping up
PowerShell is a great way to manage and work with Azure Active Directory and Microsoft 365 environments. It provides a streamlined and more efficient workflow compared to carrying out management activities using the console only.
As we have seen, you can retrieve Azure AD user objects with the Get-AzADUser cmdlet. You can use it for simple listing, complex filtering, user exports, and connection to other related cmdlets like the Get-AzureADUser filter parameter. This cmdlet and others can be combined in more complex scripts to carry out the full range of user management.