Deep Dive Into Office 365 PowerShell Cmdlets (Part 4)

by [Published on 16 June 2016 / Last Updated on 16 June 2016]

In the part 4 of this article series, we will continue to explore Get-MsolUser cmdlet.

If you would like to read the other parts in this article series please go to:

Introduction

Before you can run any Office 365 PowerShell cmdlets, you will be required to connect to an Office 365 subscription. As stated in the Part II of this article series, you can use Connect-MsolService PowerShell cmdlet. Once you have connected to an Office 365 Subscription, you can use Office 365 PowerShell cmdlets to perform common tasks. In part 3, we explained some useful Get-MsolUser PowerShell commands to get information about Office 365 users.

Get-MsolUser Cmdlet and Properties

Get-MsolUser cmdlet supports a number of user properties. Apart from using “IsLicensed” property, the other properties that I use in my daily operational tasks are explained in the table below. The below table does not list all the properties supported by the Get-MsolUser cmdlet, but the common user properties that you might find useful.

Property

When to use Property

AlternateEmailAddresses

Displays the alternate email address assigned to an Office 365 user.

Department

As the property name suggests.

DisplayName

Display Name of the user. This property is required when creating a new user in Office 365.

IsLicensed

Returns TRUE if user is licensed for any Office 365 Plans and FALSE if not licensed.

LastDirSyncTime

If you have users synced from On-premises Active Directory, use this property to get the last date and time of the synchronization. In other words, use this property if you are using “Synchronized Identity” deployment approach and you want to know the last synchronization status of a user.

LastPasswordChangeTimestamp

Use this property to get date and time of the last password changed for Office 365 users.

LicenseReconciliationNeeded

Whether or not the user currently has a mailbox without an Office 365 license. I will explain more about this property in next part of this article series.

Licenses

This is a multi-valued property. It contains the Office 365 licenses assigned to the user. I will explain more about Licenses property later in this article series.

LiveId

This is the user’s unique ID to log on to Office 365.

MobilePhone

As the name suggests.

OverallProvisioningStatus

Whether or not the user has been provisioned for Office 365 services.

PasswordNeverExpires

Use this property to see if the user is forced to change password every 90 days

StrongPasswordRequired

Returns True or False. True indicates that the user is required to set the strong password when they change their password next time.

UsageLocation

This is a two letter Country code and must be set in order to assign Office 365 Licenses. So it is fairly simple to understand that an Office 365 user must be assigned with a UsageLocation before the user can use the Office 365 services.

UserPrincipalName

As the name suggests.

WhenCreated

The creation date of the user.

Table 1

Tip:
You can use above properties with Get-MsolUser cmdlet and export the output in a CSV file by adding “Export-CSV <CSV file name> -NoTypeInformation”. However, it is important to note that when exporting the output to a CSV file, Get-MsolUser cmdlet exports all properties of a user unless you specify the property names in the command. For example, running below command against an Office 365 Tenant will export values of all properties:

  • Get-MsolUser –All | Export-CSV C:\Temp\Office365Users.CSV -NoTypeInformation

You might not want to see values of all properties of Office 365 users. To make sure only required properties are exported as part of the command, always use “Select-Object” cmdlet with the Get-MsolUser cmdlet as shown in the command below:

  • Get-MsolUser <Parameters> | Select-Object <Property name separated by a comma> | Export-CSV <CSV file name> -NoTypeInformation

For example, if you need to get values for DisplayName, City, UserPrincipalName, IsLicensed, SignInName properties, you will use below PowerShell command:

  • Get-MsolUser –ALL | Select-Object DisplayName, City, UserPrincipalName, IsLicensed, SignInName | Export-CSV C:\Temp\Office365Users.CSV -NoTypeInformation

Get-MsolUser cmdlet Parameters

Get-MsolUser cmdlet supports various parameters that you can use to get a specific type of information for Office 365 users. For example, by using “–EnabledFilter” parameter you can return users that are enabled or disabled. Similarly, you can use “-HasErrorsOnly” parameter to return users that have validation errors. I have compiled a list of Get-MsolUser parameters with examples in the table below:

Parameter

When to use

Example

-EnabledFilter

Use –EnabledFilter parameter to get a list of users that are enabled or disabled. You can use EnabledOnly or DisabledOnly values with –EnabledFilter parameter.

 

Get-MsolUser –All –EnabledFilter DisabledOnly

Get-MsolUser –All –EnabledFilter EnabledOnly

-DomainName

Use –DomainName parameter to get results for a specific Office 365 domain.

Get-MsolUser –All –DomainName <DomainName>

-ReturnDeletedUsers  

 

Use –ReturnDeletedUsers parameter to get a list of users that were deleted from Office 365, but are still present in the Ofice 365 Recycle bin.

Get-MsolUser –ReturnDeletedUsers

-SearchString

Use –SearchString parameter to search users across Office 365 Tenant.

Get-MsolUser –All –SearchString Dean

Above command returns only users with an email address or display name staring with the “Dean” string.

-Synchronized

Use –Synchronized parameter if you need to return a list of users that are synchronized from On-Premises Active Directory.

Get-MsolUser –All –Synchronized

-UnlicensedUsersOnly

Use –UnlicensedUsersOnly if you wish to see a list of users that are associated with an Office 365 license.

Get-MsolUser –All –UnlicensedUsersOnly

-MaxResults OR -All

By default Get-MsolUser returns 500 results in a command. Use –All parameter to return all results. You can use either –MaxResults or –All parameter.

Get-MsolUser –All –UnlicensedUsersOnly

Get-MsolUser –MaxResults 2000 –UnlicensedUsersOnly

Table 2 

You might have noticed the use of “-All” parameter with Get-MsolUser cmdlet in above examples. By default, Get-MsolUser returns a maximum of 500 results in a command. If you wish to perform a Get-MsolUser operation against all Office 365 users in an Office 365 Tenant, you must use “-All” parameter. Although you can specify “-MaxResults” parameter, but I don’t see any use of –MaxResults parameter if you need to perform Get-MsolUser operations against all Office 365 users.

Summary

In this part, we explained user properties and various parameters supported by the Get-MsolUser cmdlet. You can use properties explained above to return property value for a single or all Office 365 users.

In the next part, we will explain common Get-MsolUser commands and how to use Get-MsolUser cmdlet with other cmdlets such as Get-MsolUserRole cmdlet.

If you would like to read the other parts in this article series please go to:

See Also


The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal Sharma is a MCSEx3, MCITP and was awarded the Microsoft MVP award in Directory Services and Windows Networking. He specializes in Microsoft Azure, Office 365, Directory Services, Failover Clusters, Hyper-V, PowerShell Scripting and System Center products. Nirmal has been involved with Microsoft Technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites and contributing to PowerShell-based Dynamic Packs for www.ITDynamicPacks.Net solutions.