Azure AD Report

core10120 · 2024-08-13T10:23:05.442Z

Hi Guys

I’ve logged in to Azure AD via PowerShell and need the following report to show a list of all enabled cloud accounts which are from a specific email domain and when their passwords were last changed

Example below for reference of what I mean, but for all email addresses that are on the @Outlook.com Domain

Username Email Password Last Changed
john.doe@outlook.com 29/02/2024 12:00:45

Evan7191 · 2024-08-13T11:00:50.550Z

What have you tried? Do you get any errors?

Also, the Azure AD module for Powershell will be deprecated soon, if it isn’t already. It is replaced with Microsoft Graph. You can use Connect-MgGraph to authenticate and then run Get-MgUser with the -Filter parameter to query users that fit the criteria.

learn.microsoft.com

Get started with the Microsoft Graph PowerShell SDK

Get started with the Microsoft Graph PowerShell SDK by using it perform some basic tasks.

core10120 · 2024-08-13T11:15:53.660Z

Hi There

Many thanks for getting back to me, I’m new to the reporting side of things within Azure so I’ve not tried anything at the moment, I’m just doing some research to see if anyone else online has any information.

Thanks

Cam

Evan7191 · 2024-08-13T11:22:29.079Z

Here is the documentation for Get-MgUser. It includes some examples.

learn.microsoft.com

Get-MgUser (Microsoft.Graph.Users)

Read properties and relationships of the user object.

core10120 · 2024-08-13T12:33:27.142Z

Hi

Thanks for this, out of interest, do you happen to know the script which will allow me to get this information within Azure now as it stands without using Graph?

Thanks

Cam

Evan7191 · 2024-08-13T13:29:23.939Z

This forum is not a script-writing service. I’ve given you the tools to accomplish the task, but I’m not going to write it for you.

The MSOnline and Azure AD modules were retired earlier this year. Graph is the only supported way to get his information with Powershell. I am not helping with unsupported methods.

core10120 · 2024-08-13T13:54:48.426Z

Hi

I appreciate your reply.

Is this the incorrect forum for me to post this in? After all, this is a knowledge base where users can ask for direct assistance; am I missing something? I’ve posted previous topics about PowerShell commands and received feedback from other users, including suggestions and even examples of what to do to help.

Evan7191 · 2024-08-13T15:02:40.906Z

There is a forum for Powershell:
https://community.spiceworks.com/tag/powershell

Before Spiceworks updated the interface, the Powershell forum had a sticky link for how to ask for help, and it specifically declared that the forum is not a script-writing service. I’m not sure where that link is now. Other active contributors on the Powershell forum, such as Neally and Thomas Lee, have reiterated this point repeatedly.

I gave you examples in the documentation that I linked. Did you even look at them? The information that I provided should get you 95% of the way toward a solution, and the remaining 5% requires information that we do not have (e.g., the email domain that you want to query).

core10120 · 2024-08-13T15:12:55.387Z

Hi

I have not had a chance to look at it yet; at the moment, I’m just using it as a way to gather information. Neally has responded to my posts on other topics, but since I don’t use this site frequently, there probably will be things that I miss.

I’ll post in the Powershell section. Thank you for the link.

ode2joy · 2024-08-13T15:15:05.897Z

I updated this post to include the PowerShell tag.

Neally · 2024-08-13T21:53:54.907Z

I think I kinda tried to answer you question in another post.

AD Azure Report Needed General

Hi Guys I’ve logged in to Azure AD via PowerShell and need the following report to show a list of all enabled cloud accounts which are from a specific email domain and when their passwords were last changed Example below for reference of what I mean, but for all email addresses that are on the @Outlook.com Domain Username Email Password Last Changed john.doe@outlook.com 29/02/2024 12:00:45

rosswilkins2 · 2024-08-14T03:34:58.112Z

I’m with Evan, I don’t want to just write a script for you, but happy to steer you in the right direction if I can.

I think you’re going to want to use the Get-AzureADUser cmdlet, but you might need to connect to MSOL if their primary SMTP differs from the SAMAccountName.
e.g. if Bob Loblaw logs on as Bob.Loblaw@contosointernal.com but his primary email address is Bob.Loblaw@contoso.com depends on your environment and so I won’t get into that.

Learning how to use cmdlets can be daunting at first, but Powershell will teach you how to use it if you can remember how to ask. Two most useful cmdlets in my opinion are Get-Help and Get-Member.
Examples:

Get-Help Get-AzureADUser

This will display help for the Get-AzureADUser cmdlet.
I often skip to the examples when i need a quick reminder, as below.

Get-Help Get-AzureADUser -examples

Now if you’re at a point where you’re wondering to use a cmdlet beyond the examples, that’s when Get-Member really helps. You can just run any cmdlet and pipe it through, as below:

Get-AzureADUser | Get-Member

This will return a list of properties and their aliases which you will want to use to build your report (also methods and other info that are not relevant to your task).

I’d encourage you to experiment and see what you can figure out. Get-Thing cmdlets are generally safe to mess around with as they won’t cause any changes.

Protip: Once you have the data you’re after showing up in powershell you can pipe it to a gridveiw window which helps with checking large data sets outside of the CLI and you can very easily copy/paste into excel. Example:

Get-Date | Out-Gridview

I hope this helps. Show us what you’re working on and we’ll help if we’re able.

core10120 · 2024-08-19T13:20:15.679Z

Hi,

I do appreciate the advice. Please know that this is in no way intended as a slight to you guys, as you have been very helpful in guiding me in the right direction. It’s obvious that I posted this in the incorrect forum, as Evan7191 pointed out, but I never asked for someone to write the precise syntax so I could complete this task. I did mention in earlier posts that examples were provided, but at the end of the day, we’re all techies, so no matter how big or small the problem someone has, even if it’s unsupported, it still drills down to the fact that assistance is needed. Basically, we should just try to support one another wherever we can.

Thanks

Cam

Evan7191 · 2024-08-19T13:47:13.965Z

Blockquote
It’s obvious that I posted this in the incorrect forum, as Evan7191 pointed out

This is not what I said and not what I meant. I don’t really care which forum you post in. My point was that I told you the commands to use and linked to the official documentation that provides examples for how to use the commands. You didn’t look at them and instead asked me for a script that would do what you want. I responded that this site is not a script-writing service. Some people may take the time to write a script for you, but that doesn’t mean you should expect that someone will write the script for you.

Blockquote
at the end of the day, we’re all techies, so no matter how big or small the problem someone has, even if it’s unsupported, it still drills down to the fact that assistance is needed

I tried to assist, and so did others. I gave you the information for the supported solution.
As a hypothetical scenario, let’s say you ask for help on spiceworks, and another person responds with an unsupported solution. If you implement the unsupported solution, and something goes wrong, who is liable? I have my opinion regarding that answer, but other people may have differing opinions. In the interest of safety and security of everyone involved, I do not recommend unsupported solutions. That is to protect you as much as me.

Suzanne-Spiceworks · 2024-08-26T14:32:54.020Z