Deep Dive Into Office 365 PowerShell Cmdlets (Part 4)

If you would like to read the other parts in this article series please go to:


Before you can run any Office 365 PowerShell cmdlets, you will be required to connect to an Office 365 subscription. As stated in the Part II of this article series, you can use Connect-MsolService PowerShell cmdlet. Once you have connected to an Office 365 Subscription, you can use Office 365 PowerShell cmdlets to perform common tasks. In part 3, we explained some useful Get-MsolUser PowerShell commands to get information about Office 365 users.

Get-MsolUser Cmdlet and Properties

Get-MsolUser cmdlet supports a number of user properties. Apart from using “IsLicensed” property, the other properties that I use in my daily operational tasks are explained in the table below. The below table does not list all the properties supported by the Get-MsolUser cmdlet, but the common user properties that you might find useful.

Property When to use Property
AlternateEmailAddresses Displays the alternate email address assigned to an Office 365 user.
Department As the property name suggests.
DisplayName Display Name of the user. This property is required when creating a new user in Office 365.
IsLicensed Returns TRUE if user is licensed for any Office 365 Plans and FALSE if not licensed.
LastDirSyncTime If you have users synced from On-premises Active Directory, use this property to get the last date and time of the synchronization. In other words, use this property if you are using “Synchronized Identity” deployment approach and you want to know the last synchronization status of a user.
LastPasswordChangeTimestamp Use this property to get date and time of the last password changed for Office 365 users.
LicenseReconciliationNeeded Whether or not the user currently has a mailbox without an Office 365 license. I will explain more about this property in next part of this article series.
Licenses This is a multi-valued property. It contains the Office 365 licenses assigned to the user. I will explain more about Licenses property later in this article series.
LiveId This is the user’s unique ID to log on to Office 365.
MobilePhone As the name suggests.
OverallProvisioningStatus Whether or not the user has been provisioned for Office 365 services.
PasswordNeverExpires Use this property to see if the user is forced to change password every 90 days
StrongPasswordRequired Returns True or False. True indicates that the user is required to set the strong password when they change their password next time.
UsageLocation This is a two letter Country code and must be set in order to assign Office 365 Licenses. So it is fairly simple to understand that an Office 365 user must be assigned with a UsageLocation before the user can use the Office 365 services.
UserPrincipalName As the name suggests.
WhenCreated The creation date of the user.

Table 1

You can use above properties with Get-MsolUser cmdlet and export the output in a CSV file by adding “Export-CSV <CSV file name> -NoTypeInformation”. However, it is important to note that when exporting the output to a CSV file, Get-MsolUser cmdlet exports all properties of a user unless you specify the property names in the command. For example, running below command against an Office 365 Tenant will export values of all properties:

  • Get-MsolUser –All | Export-CSV C:\Temp\Office365Users.CSV -NoTypeInformation

You might not want to see values of all properties of Office 365 users. To make sure only required properties are exported as part of the command, always use “Select-Object” cmdlet with the Get-MsolUser cmdlet as shown in the command below:

  • Get-MsolUser <Parameters> | Select-Object <Property name separated by a comma> | Export-CSV <CSV file name> -NoTypeInformation

For example, if you need to get values for DisplayName, City, UserPrincipalName, IsLicensed, SignInName properties, you will use below PowerShell command:

  • Get-MsolUser –ALL | Select-Object DisplayName, City, UserPrincipalName, IsLicensed, SignInName | Export-CSV C:\Temp\Office365Users.CSV -NoTypeInformation

Get-MsolUser cmdlet Parameters

Get-MsolUser cmdlet supports various parameters that you can use to get a specific type of information for Office 365 users. For example, by using “–EnabledFilter” parameter you can return users that are enabled or disabled. Similarly, you can use “-HasErrorsOnly” parameter to return users that have validation errors. I have compiled a list of Get-MsolUser parameters with examples in the table below:


When to use



Use –EnabledFilter parameter to get a list of users that are enabled or disabled. You can use EnabledOnly or DisabledOnly values with –EnabledFilter parameter.

Get-MsolUser –All –EnabledFilter DisabledOnly

Get-MsolUser –All –EnabledFilter EnabledOnly


Use –DomainName parameter to get results for a specific Office 365 domain.

Get-MsolUser –All –DomainName <DomainName>


Use –ReturnDeletedUsers parameter to get a list of users that were deleted from Office 365, but are still present in the Ofice 365 Recycle bin.

Get-MsolUser –ReturnDeletedUsers


Use –SearchString parameter to search users across Office 365 Tenant.

Get-MsolUser –All –SearchString Dean

Above command returns only users with an email address or display name staring with the “Dean” string.


Use –Synchronized parameter if you need to return a list of users that are synchronized from On-Premises Active Directory.

Get-MsolUser –All –Synchronized


Use –UnlicensedUsersOnly if you wish to see a list of users that are associated with an Office 365 license.

Get-MsolUser –All –UnlicensedUsersOnly

-MaxResults OR -All

By default Get-MsolUser returns 500 results in a command. Use –All parameter to return all results. You can use either –MaxResults or –All parameter.

Get-MsolUser –All –UnlicensedUsersOnly

Get-MsolUser –MaxResults 2000 –UnlicensedUsersOnly

Table 2

You might have noticed the use of “-All” parameter with Get-MsolUser cmdlet in above examples. By default, Get-MsolUser returns a maximum of 500 results in a command. If you wish to perform a Get-MsolUser operation against all Office 365 users in an Office 365 Tenant, you must use “-All” parameter. Although you can specify “-MaxResults” parameter, but I don’t see any use of –MaxResults parameter if you need to perform Get-MsolUser operations against all Office 365 users.


In this part, we explained user properties and various parameters supported by the Get-MsolUser cmdlet. You can use properties explained above to return property value for a single or all Office 365 users.

In the next part, we will explain common Get-MsolUser commands and how to use Get-MsolUser cmdlet with other cmdlets such as Get-MsolUserRole cmdlet.

If you would like to read the other parts in this article series please go to:

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top