Using Get-MgUser in Graph PowerShell

Get-MgUser is a cmdlet from the Microsoft Graph PowerShell SDK. It's used to retrieve information about users in Microsoft 365. This can include details like the user's profile, account settings, roles, and more.


Basic Syntax

Here's a basic overview of the syntax for Get-MgUser:

  • Get-MgUser [-UserId <String>] [-ConsistencyLevel <String>] [-Count <Boolean>] [-Expand <String>] [-Filter <String>] [-OrderBy <String>] [-Search <String>] [-Select <String[]>] [-Skip <Int32>] [-Top <Int32>] [<CommonParameters>]


Key Parameters

  • UserId: Specifies the ID or userPrincipalName (UPN) of a specific user to retrieve. If omitted, it retrieves all users.
  • Filter: This OData filter is used to specify which users to return based on specific criteria.
  • Select: Used to specify which properties of the user you want to retrieve. This helps in reducing the amount of data returned
  • Top: Specifies the maximum number of records to return.
  • Expand: Expands related entities (like manager or direct reports) to be included in the response.

Prerequisites

  • Install Microsoft Graph PowerShell SDK: Install-Module Microsoft.Graph -Scopes CurrentUser is the command.
  • Connect with Graph PowerShell with User.Read.All permission using the command: Connect-MgGraph -Scopes 'User.Read.All'

Get All Users

By default the Get-MgUser cmdlet retrieves all the users in the Microsoft 365 tenant.



Get Single User

To get specific info about a single user, pass in the UserPrincipalName or the UserId to the -UserId parameter.



Using -Filter With Get-MgUser

-Filter can be used with Get-MgUser cmdlet to filter the results being fetched. For example, you can filter the results and get only the users of the Sales department.



Limit Results of Get-MgUser

You can manage large sets of data by limiting the number of results with the help of -Top parameter.



Accessing Additional User Properties With Expand

Sometimes, some properties that are not part of the standard set may be needed. In such cases, you might need to use the -Expand parameter to include related entities that isn't part of the default user object, such as manager details or extension attributes. Here's an example script which fetches the user's manager details which isn't part of the default user object response.

Note: You just need to replace the user id with the user id of your Microsoft 365 user to make the script work. If the user has a manager assigned, then the script outputs the manager's details; if not 'no manager assigned' message gets displayed.

You can download the script here: graph-powershell-script-for-getting-user-manager-details.ps1



Get-MgUser vs Get-MgUser -All

Get-MgUser -All command retrieves all users from the Microsoft 365 directory, regardless of how many users there are. It automatically handles the pagination of API responses to ensure all user accounts are fetched. This is particularly useful in large organizations with more users than the default page size, ensuring you do not have to manually paginate through results.


Differences Between Get-MgUser and Get-MgUser -All

Pagination

  • Get-MgUser: Returns only the first batch of users (the number in a batch can depend on the Microsoft Graph API's default or specified by the -Top parameter).
  • Get-MgUser -All: Continuously queries the Microsoft Graph API until all user accounts have been retrieved, effectively bypassing the pagination mechanism.

Performance:

  • Get-MgUser: Generally faster if you only need a subset of users or just the first page of users, as it returns fewer objects.
  • Get-MgUser -All: Can be slower, especially in large environments, because it retrieves every user account, which involves multiple API calls if the total number of users exceeds the page size.

Use Cases

  • Get-MgUser: Ideal when you need specific users or a manageable subset of users, such as fetching the first 100 users or users filtered by certain criteria.
  • Get-MgUser -All: Best used when you need to perform actions on or analyze all users in your organization, ensuring no one is left out due to pagination.

Combining Get-MgUser With Get-MgUserLicenseDetail

You can also combine Get-MgUser with Get-MgUserLicenseDetail cmdlet to get the license details of a specific user.

  • First, the User Id should be fetched using Get-MgUser
  • The fetched User Id should be passed to Get-MgUserLicenseDetail cmdlet to get the user's license info.


Best Practices While Using Logical Operators

Here are some best practices to keep in mind to make the most of Get-MgUser cmdlet:

  • Limit Data Retrieval: Only request the properties you need. Using the -Select parameter can significantly reduce the amount of data transferred, speeding up queries and reducing load on network resources.

  • Use Filtering to Reduce Overhead: Utilize the -Filter parameter to narrow down the results from the server side, rather than retrieving all records and filtering them client-side. This reduces the computational load and network bandwidth usage.
  • Handle Pagination Carefully: When not using -All, be aware of pagination. Use the -Top parameter to control the number of items per page and manage data retrieval in chunks to avoid overwhelming your local system with too much data at once.
  • Use -All Wisely: The -All parameter is useful for fetching complete datasets, but it can lead to performance issues with very large sets of data. Consider the necessity of this operation and perhaps schedule such operations during off-peak hours.
  • Expand Related Entities Only When Necessary: Expanding related entities (like manager or direct reports) is powerful but adds additional overhead. Use the -Expand parameter only when you need detailed information from related records.

Related Articles:

Connect to Microsoft 365 Using PowerShell
How to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Using Powershell Graph Filter Query
Using Where-Object In Graph PowerShell
Using Expand Property In Graph PowerShell
Using Select Object In Graph PowerShell
Using -Contains Operator In Graph PowerShell
Add User to Multiple Microsoft 365 Groups Using Graph PowerShell
Get Microsoft 365 User Location Using Graph PowerShell
Import Microsoft 365 Groups from CSV File Using Graph PowerShell
Microsoft 365 Group User Import Using Graph PowerShell

© m365corner.com. All Rights Reserved. Design by HTML Codex