M365Corner
M365 PowerShell

Using Where-Object In Graph PowerShell

The Where-Object cmdlet in PowerShell is used for filtering data based on certain conditions. When you are working with Microsoft Graph PowerShell, you can use Where-Object to filter objects returned from Graph API queries based on their properties. This is particularly useful for narrowing down results to match specific criteria, especially when dealing with large sets of data from Microsoft Graph.


Basic Syntax

Here’s the basic syntax:  Get-Command | Where-Object {$_.CommandType -eq 'Cmdlet'}
Get-Command retrieves all commands, and Where-Object filters these commands to include only those whose CommandType property is 'Cmdlet'.


Find Users by Domain

Suppose you want to find all users in your organization whose email addresses are in a specific domain (e.g., "7xh7fj.onmicrosoft.com"). You can use the Get-MgUser cmdlet to fetch the users and then filter these using Where-Object as follows:  Get-MgUser -All | Where-Object ($_.Mail -like "@7xh7fj.onmicrosoft.com"

PowerShell script filtering users by email domain with Where-Object

This command fetches all users (-All to ensure it fetches more than the default page size limit) and filters them to include only those whose Mail property ends with "@7xh7fj.onmicrosoft.com".


Find Users by Job Title

If you want to retrieve users who have a specific job title, such as "Software Developer", you can do the following: Get-MgUser -Filter "jobTitle eq 'Software Developer'"

Note: When possible, it's more efficient to use the -Filter parameter that some Microsoft Graph PowerShell cmdlets support, as it processes the filter on the server side rather than retrieving all objects and filtering them client-side with Where-Object.



Find Active Microsoft Teams

To find active Microsoft Teams in your tenant, execute the following command: Get-MgGroup -All | Where-Object {$_.GroupTypes -contains "Unified" -and $_.MailEnabled-eq $true}

PowerShell script identifying active Microsoft Teams with Where-Object

This example fetches all groups and filters to find only those that are Unified Groups (which include Teams) and are mail-enabled.



Find Users by License

You should run the following command:  Get-MgUser -All -Select "DisplayName, AssignedLicenses" | Where-Object {$_.AssignedLicenses.SkuId -contains "c42b9cae-ea4f-4ab7-9717-81576235ccac"}. In this, replace "c42b9cae-ea4f-4ab7-9717-81576235ccac" with the actual SKU ID of the license you're looking for. This command fetches all users and filters them to find only those with an assigned license that matches the specified SKU ID.

PowerShell command filtering users by assigned license SKU ID

Note: Run Get-MgSubscribedSku -All to get all the license IDs available within your tenant.



Identify Inactive Users

Finding inactive users is a common administrative task, typically focused on users who haven't logged in for a certain period, such as the past 90 days. Here’s how you might approach this using Microsoft Graph PowerShell:

$thresholdDate = (Get-Date).AddDays(-90) Get-MgUser -All | Where-Object {-not $_.SignInActivity.LastSignInDateTime -or $_.SignInActivity.LastSignInDateTime -lt $thresholdDate} PowerShell script identifying inactive users based on last sign-in date

This script first calculates a date that is 90 days before the current date. It then retrieves all users and filters out those whose last sign-in date is either not set (-not $_.SignInActivity.LastSignInDateTime) or older than 90 days ($_.SignInActivity.LastSignInDateTime -lt $thresholdDate). This helps in identifying users who are potentially inactive.


Tips for Using Where-Object with Microsoft Graph PowerShell

  • Efficiency: Always use filtering parameters provided by cmdlets like -Filter when available, as it reduces the data transmitted over the network.
  • Syntax: Remember that the script block for Where-Object uses $_ to reference each object in the pipeline.
  • Properties: Ensure you know the properties of the objects you are dealing with. You might need to explore these using commands like Get-MgUser | Get-Member to understand what you can filter on.
  • When dealing with potentially large datasets, consider processing limits and the efficiency of your queries. Using the -All parameter can be resource-intensive and might slow down your script, especially in large environments. When possible, implement server-side filtering with -Filter.
  • For specific properties like AssignedLicenses or SignInActivity, make sure these properties are available in your specific Microsoft Graph environment, as availability can vary based on API version and your organizational settings.

Frequently Asked Questions (FAQs)

What is the Where-Object cmdlet used for in Graph PowerShell?

The Where-Object cmdlet is used to filter objects based on specified conditions. It helps refine results when working with Microsoft Graph PowerShell by selecting only the items that meet certain criteria.

How is Where-Object different from the -Filter parameter?

The -Filter parameter is processed server-side, making it more efficient as only relevant data is retrieved. Where-Object, on the other hand, filters results after fetching all the data, which can be slower but offers more flexibility.

Can I use multiple conditions with Where-Object?

Yes, you can use multiple conditions by combining them with logical operators like -and or -or.

Get-MgUser | Where-Object { $_.Department -eq "IT" -and $_.JobTitle -eq "Admin" }

Can Where-Object be used with Graph PowerShell’s Get-MgUser cmdlet?

Yes, it can be used to filter users based on attributes like department, job title, or last sign-in activity.

Get-MgUser -All | Where-Object { $_.UserPrincipalName -like "*@yourdomain.com" }

What’s the best practice: Where-Object or -Filter?

If the -Filter parameter is available, use it for better performance, as it reduces the amount of data retrieved. If -Filter isn’t supported or needs more complex logic, then use Where-Object

Using Where-Object effectively with Microsoft Graph can help you manage and automate tasks related to Office 365 and other Microsoft services, making it a powerful tool in your PowerShell scripting arsenal.

Read Microsoft PowerShell Where-Object documentation for more info.


Related Articles:

Connect to Microsoft 365 Using PowerShell
How to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Table of Contents

X

Table of Contents

© m365corner.com. All Rights Reserved. Design by HTML Codex