This guide demonstrates how to use the Get-MgUser cmdlet in Microsoft Graph PowerShell to retrieve user details. Learn how to filter users by properties such as account status, department, or license type, with practical examples for effective user management.
The Get-MgUser cmdlet is a powerful tool for retrieving user information from Microsoft 365 using Microsoft Graph PowerShell. In this article, we will explore the various functionalities and usage examples of this cmdlet, including how to filter, expand properties, and select specific user attributes. We'll also cover best practices and possible errors you might encounter.
The basic syntax of the Get-MgUser cmdlet is as follows:
Get-MgUser [-UserId <String>] [-Filter <String>] [-Property <String[]>] [-ExpandProperty <String[]>] [-ConsistencyLevel <String>] [-CountVariable <String>] [-All] [<CommonParameters>]
To retrieve all users in your organization, use:
Get-MgUser -All
This command fetches all user details in the organization.
You can retrieve a user by their UserPrincipalName
Get-MgUser -UserId "samadmin@7xh7fj.onmicrosoft.com"
This command fetches the details for the user with the specified UserPrincipalName.
You can also retrieve a user by their unique ID:
Get-MgUser -UserId "1b3ed1a5-438e-4ce9-9f63-f880991afd3a"
This command fetches the details for the user with the specified unique ID.
This command queries for -AccountEnabled property of a single user and lists out whether user account is enabled (active) or not.
Get-MgUser -UserId "samadmin@7xh7fj.onmicrosoft.com" -Property Id, DisplayName, UserPrincipalName, AccountEnabled | Select Id, UserPrincipalName, AccountEnabled
This command queries for -AccountEnabled property of all tenant users and lists whether the accounts are enabled (active) or not.
Get-MgUser -All -Property Id, DisplayName, UserPrincipalName, AccountEnabled | Select-Object Id, DisplayName, UserPrincipalName, AccountEnabled
To filter and retrieve only licensed users, use:
Get-MgUser -All -Filter "assignedLicenses/$count ne 0 and userType eq 'Member'" -ConsistencyLevel eventual -CountVariable Records
This command filters users to include only those who have licenses assigned and are of type 'Member'. The -ConsistencyLevel eventual
parameter ensures eventual consistency, and the -CountVariable
parameter stores the count of retrieved records in the Records variable.
To filter and retrieve unlicensed users, use:
Get-MgUser -All -Filter "assignedLicenses/$count eq 0 and userType eq 'Member'" -ConsistencyLevel eventual -CountVariable Records
Similar to the previous command, this one filters for users who do not have licenses assigned.
To retrieve the sign-in activity of a specific user, use:
Get-MgUser -UserId (Get-MgUser -UserId "samadmin@7xh7fj.onmicrosoft.com").Id -Property SignInActivity | Select-Object -ExpandProperty SignInActivity | fl
This command first retrieves the user's ID, then fetches the sign-in activity property, and formats the output for detailed display.
To retrieve the sign-in activity of all tenant users, use:
Get-MgUser -All -Property SignInActivity | Select-Object -ExpandProperty SignInActivity | fl
This command first retrieves all the users, then fetches their sign-in activity property, and formats the output for detailed display.
To retrieve only members without guest accounts, use:
Get-MgUser -All -Filter "UserType eq 'Member'" -ConsistencyLevel eventual
This command filters users to include only those of type 'Member'.
To retrieve only guest users, use:
Get-MgUser -All -Filter "UserType eq 'Guest'" -ConsistencyLevel eventual
This command filters users to include only those of type 'Guest'.
To retrieve additional properties, such as the manager's email for a specific user, use:
$user = Get-MgUser -UserId "jackie@7xh7fj.onmicrosoft.com" -ExpandProperty Manager
$user.Manager.AdditionalProperties.mail
This command first retrieves the user and expands the Manager property. The manager's email is then accessed from the AdditionalProperties.
In the Microsoft 365 admin center, you should do the following to access users.
-Filter
parameter to narrow down your search criteria, improving performance and reducing the amount of data retrieved.-Property
parameter to retrieve only the necessary properties. This reduces the amount of data returned and makes the output easier to work with.-All
parameter to ensure all results are returned. Consider using -ConsistencyLevel eventual
for operations requiring consistency across large data sets.Error: User not found.
Solution: Verify the UserId and ensure it exists in your directory.
Error: Invalid filter syntax.
Solution: Ensure your filter strings are properly formatted and adhere to OData query standards.
Error: Insufficient permissions.
Solution: Ensure your account has the necessary permissions to perform the requested operations.
1. What is Get-MgUser used for?
Get-MgUser is a Microsoft Graph PowerShell cmdlet used to retrieve information about users in a Microsoft 365 tenant. It supports filtering and selecting specific user properties for analysis.
2. How can I retrieve all users in my tenant?
Use the following command to retrieve all users:
Get-MgUser -All
3. How can I filter users by department?
You can use the -Filter parameter to filter users by their department. Example:
Get-MgUser -Filter "department eq 'Sales'" -All
4. How can I export user details to a CSV file?
Use the following script to export user details such as display name and email address:
$Users = Get-MgUser -All
$Users | Select-Object DisplayName, UserPrincipalName, Department | Export-Csv -Path "C:\Path\To\Users.csv" -NoTypeInformation
5. What permissions are required to use Get-MgUser?
You need the User.Read.All or User.ReadWrite.All permission in Microsoft Graph PowerShell. Ensure appropriate permissions are granted before running the cmdlet.
6. get-mguser filter?
You should pass in the filter creteria within quotes as string as shown below
get-mguser -filter "jobtitle eq 'technical writer'" -All
7. get-mguser expandproperty?
You should pass in the property you want to expand to -ExpandProperty as shown below
$user = Get-MgUser -UserId "jackie@7xh7fj.onmicrosoft.com" -ExpandProperty Manager
$user.Manager.AdditionalProperties
User manager details can be accessed from 'AdditionalProperties' object.
8. get-mguser userprincipalname?
UserPrincipalName parameter is not available. You can pass UserPrincipalName to -UserId instead as shown below
get-mguser -userid "samadmin@7xh7fj.onmicrosoft.com"
9. get-mguser not recognized?
This means you have not installed graph powershell module by running: Install-Module Microsoft.MGGraph -Scope CurrentUser
The Get-MgUser cmdlet is a robust tool for retrieving user information in Microsoft 365 environments. By understanding its parameters and leveraging them effectively, you can perform precise queries and retrieve comprehensive user data. Use the examples provided to start integrating this cmdlet into your PowerShell scripts today!
For more detailed information, you can refer to the official Get-MgUser Microsoft Graph PowerShell documentation.
© m365corner.com. All Rights Reserved. Design by HTML Codex