• Home
  • About
  • Blog
  • Books
  • Training
  • Subscribe
  • Advertise
  • Contact
    • Email
    • Facebook
    • Twitter
    • RSS

Practical 365

  • Office 365
  • Exchange 2019
  • Exchange 2016
  • Exchange 2013
  • Hybrid
  • Certificates
  • PowerShell
  • Migration
You are here: Home / Identity / PowerShell: Listing Azure AD/Office 365 User Accounts with Directory Sync Status

PowerShell: Listing Azure AD/Office 365 User Accounts with Directory Sync Status

November 3, 2017 by Paul Cunningham Leave a Comment

Share102
Share114
Tweet
+1
Shares 216

User accounts for Office 365 are stored in Azure Active Directory. The accounts will either be cloud identities, or synced identities. Cloud identities are accounts that exist only in Office 365/Azure AD, whereas synced identities are those that exist in an on-premises Active Directory and are being synchronized to Azure AD using a directory sync tool such as Azure AD Connect.

If you want to retrieve a list of synced and non-synced identities you can do so using the AzureAD PowerShell module. After connecting to Azure AD, use the Get-AzureADUser cmdlet to retrieve a list of users. You can group the users by the DirSyncEnabled property to get a count of synced and non-synced accounts.

1
2
3
4
5
6
7
8
PS C:\>Connect-AzureAD
 
PS C:\> Get-AzureADUser | Group-Object -Property:DirSyncEnabled
 
Count Name                      Group
----- ----                      -----
   98 True                      {class User {...
    2                           {class User {...

The first time I saw this I expected to see values of True and False, but instead it seems we get values of True and null. So, to retrieve a list of synced users, the command would be as follows:

1
PS C:\> Get-AzureADUser | Where {$_.DirSyncEnabled -eq $true}

Here's an example where I've retrieved the DirSyncEnabled and LastDirSyncTime properties as well.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
PS C:\> Get-AzureADUser | Where {$_.DirSyncEnabled -eq $true} | Select -Property DisplayName,UserPrincipalName
,DirSyncEnabled,LastDirSyncTime | ft -auto
 
DisplayName    UserPrincipalName                    DirSyncEnabled LastDirSyncTime
-----------    -----------------                    -------------- ---------------
Aaron Gardiner aaron.gardiner@exchangeserverpro.net           True 10/19/2017 1:56:03 PM
Adam Wally     adam.wally@exchangeserverpro.net               True 10/19/2017 1:56:03 PM
Aisha Bhari    Aisha.Bhari@exchangeserverpro.net              True 10/19/2017 1:50:52 PM
Alan Reid      Alan.Reid@exchangeserverpro.net                True 10/19/2017 1:56:03 PM
Alannah Shaw   Alannah.Shaw@exchangeserverpro.net             True 10/19/2017 1:56:03 PM
Aldith Walker  Aldith.Walker@exchangeserverpro.net            True 10/19/2017 1:52:08 PM
Alex Heyne     Alex.Heyne@exchangeserverpro.net               True 10/19/2017 1:56:03 PM
Alice Mullins  Alice.Mullins@exchangeserverpro.net            True 10/19/2017 1:53:24 PM
Alison Pugh    Alison.Pugh@exchangeserverpro.net              True 10/19/2017 1:47:08 PM
Almaz Duggan   Almaz.Duggan@exchangeserverpro.net             True 10/19/2017 1:56:02 PM
.....

To retrieve a list of non-synced, or cloud-only identities, the command would be as follows:

1
2
3
4
5
6
PS C:\> Get-AzureADUser | Where {$_.DirSyncEnabled -eq $null}
 
ObjectId                      DisplayName                   UserPrincipalName             UserType
--------                      -----------                   -----------------             --------
8db8b044-b825-4456-b6f7-39... Paul Cunningham               admin@exchangeserverpro.on...
00a77560-657b-44c3-9f38-08... Cloudy Room                   CloudyRoom@exchangeserverp... Member

Paul Cunningham

Paul is a Microsoft MVP for Office Servers and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul is a co-author of Office 365 for IT Pros and several other books, and is also a Pluralsight author.

Share102
Share114
Tweet
+1
Shares 216

Identity Azure Active Directory, Azure AD, PowerShell, User Accounts

Leave a Reply Cancel reply

Recent Articles

  • You Can Stop Deploying Exchange Server 2013 Now
  • Automating New User Account On-boarding Using SharePoint Online, Flow, and PowerApps
  • March 2018 Updates Released for Exchange Server
  • Securing Administrator Access with Privileged Identity Management for Azure Active Directory
  • The Junkings will Continue Until Morale Improves
Practical 365

Popular Articles

Microsoft Recommending Non-Expiring Passwords to Office 365 CustomersMicrosoft Recommending Non-Expiring Passwords to Office 365 Customers
PowerShell Scripts for Office 365PowerShell Scripts for Office 365
MeetEasier Helps Your Users Find Available Meeting RoomsMeetEasier Helps Your Users Find Available Meeting Rooms
PowerShell: Listing Azure AD/Office 365 User Accounts with Directory Sync StatusPowerShell: Listing Azure AD/Office 365 User Accounts with Directory Sync Status
First Steps: Configuring Exchange Online ProtectionFirst Steps: Configuring Exchange Online Protection

eBooks and Training

  • Office 365 for IT Pros
  • Exchange Server Troubleshooting Companion
  • Migrating to Exchange Server 2016
  • Exchange 2016 Exam 70-345
  • Managing Exchange Mailboxes and Distribution Groups in PowerShell
  • Exchange 2013 Boot Camp
  • Exchange 2010 Boot Camp

Recommended Resources

  • Office 365 Books
  • Exchange Server Books
  • Exchange PowerShell Scripts
  • Exchange Analyzer
  • Exchange 2010 to 2013 Migration
  • Exchange 2003 to 2010 Migration
  • Exchange 2007 to 2010 Migration
  • Digicert SSL Certificates

About This Site

Practical 365 is a leading site for Office 365 and Exchange Server news, tips and tutorials, run by Paul Cunningham, Microsoft MVP, author, speaker, and consultant. Read more...

To stay up to date:
  • Subscribe to the email newsletter
  • Follow @Practical365 on Twitter
  • Like us on Facebook
  • Write for Us

Copyright © 2018 LockLAN Systems Pty Ltd · Disclosure · Privacy Policy · Advertise
PO BOX 7002, Hemmant, Queensland 4174 · ABN: 25 121 101 255

We are an Authorized DigiCert™ SSL Partner.