User accounts for Office 365 are stored in Azure Active Directory. The accounts will either be cloud identities, or synced identities. Cloud identities are accounts that exist only in Office 365/Azure AD, whereas synced identities are those that exist in an on-premises Active Directory and are being synchronized to Azure AD using a directory sync tool such as Azure AD Connect.
If you want to retrieve a list of synced and non-synced identities you can do so using the AzureAD PowerShell module. After connecting to Azure AD, use the Get-AzureADUser cmdlet to retrieve a list of users. You can group the users by the DirSyncEnabled property to get a count of synced and non-synced accounts.
PS C:\>Connect-AzureAD
PS C:\> Get-AzureADUser | Group-Object -Property:DirSyncEnabled
Count Name Group
----- ---- -----
98 True {class User {...
2 {class User {...
The first time I saw this I expected to see values of True and False, but instead it seems we get values of True and null. So, to retrieve a list of synced users, the command would be as follows:
PS C:\> Get-AzureADUser | Where {$_.DirSyncEnabled -eq $true}
Here’s an example where I’ve retrieved the DirSyncEnabled and LastDirSyncTime properties as well.
PS C:\> Get-AzureADUser | Where {$_.DirSyncEnabled -eq $true} | Select -Property DisplayName,UserPrincipalName
,DirSyncEnabled,LastDirSyncTime | ft -auto
DisplayName UserPrincipalName DirSyncEnabled LastDirSyncTime
----------- ----------------- -------------- ---------------
Aaron Gardiner aaron.gardiner@exchangeserverpro.net True 10/19/2017 1:56:03 PM
Adam Wally adam.wally@exchangeserverpro.net True 10/19/2017 1:56:03 PM
Aisha Bhari Aisha.Bhari@exchangeserverpro.net True 10/19/2017 1:50:52 PM
Alan Reid Alan.Reid@exchangeserverpro.net True 10/19/2017 1:56:03 PM
Alannah Shaw Alannah.Shaw@exchangeserverpro.net True 10/19/2017 1:56:03 PM
Aldith Walker Aldith.Walker@exchangeserverpro.net True 10/19/2017 1:52:08 PM
Alex Heyne Alex.Heyne@exchangeserverpro.net True 10/19/2017 1:56:03 PM
Alice Mullins Alice.Mullins@exchangeserverpro.net True 10/19/2017 1:53:24 PM
Alison Pugh Alison.Pugh@exchangeserverpro.net True 10/19/2017 1:47:08 PM
Almaz Duggan Almaz.Duggan@exchangeserverpro.net True 10/19/2017 1:56:02 PM
.....
To retrieve a list of non-synced, or cloud-only identities, the command would be as follows:
PS C:\> Get-AzureADUser | Where {$_.DirSyncEnabled -eq $null}
ObjectId DisplayName UserPrincipalName UserType
-------- ----------- ----------------- --------
8db8b044-b825-4456-b6f7-39... Paul Cunningham admin@exchangeserverpro.on...
00a77560-657b-44c3-9f38-08... Cloudy Room CloudyRoom@exchangeserverp... Member
Comments for this blog post are now closed; please contact team@practical365.com for any additional questions and comments, thank you.
Hello,
can you please help me to get list of all synced OU in AAdconnect, how to list them using powershell command or any other way?
Isn’t this restricting the number of results to 100 by default??
yup would need “get-azureaduser -all $true” to get everyone
what would the correct syntax for that look like ??
(I keep getting error)