If you would like to read the other parts in this article series please go to:
- Deep Dive Into Office 365 PowerShell Cmdlets (Part 1)
- Deep Dive Into Office 365 PowerShell Cmdlets (Part 2)
- Deep Dive Into Office 365 PowerShell Cmdlets (Part 3)
- Deep Dive Into Office 365 PowerShell Cmdlets (Part 5)
- Deep Dive Into Office 365 PowerShell Cmdlets (Part 6)
Introduction
Before you can run any Office 365 PowerShell cmdlets, you will be required to connect to an Office 365 subscription. As stated in the Part II of this article series, you can use Connect-MsolService PowerShell cmdlet. Once you have connected to an Office 365 Subscription, you can use Office 365 PowerShell cmdlets to perform common tasks. In part 3, we explained some useful Get-MsolUser PowerShell commands to get information about Office 365 users.
Get-MsolUser Cmdlet and Properties
Get-MsolUser cmdlet supports a number of user properties. Apart from using “IsLicensed” property, the other properties that I use in my daily operational tasks are explained in the table below. The below table does not list all the properties supported by the Get-MsolUser cmdlet, but the common user properties that you might find useful.
| Property | When to use Property |
| AlternateEmailAddresses | Displays the alternate email address assigned to an Office 365 user. |
| Department | As the property name suggests. |
| DisplayName | Display Name of the user. This property is required when creating a new user in Office 365. |
| IsLicensed | Returns TRUE if user is licensed for any Office 365 Plans and FALSE if not licensed. |
| LastDirSyncTime | If you have users synced from On-premises Active Directory, use this property to get the last date and time of the synchronization. In other words, use this property if you are using “Synchronized Identity” deployment approach and you want to know the last synchronization status of a user. |
| LastPasswordChangeTimestamp | Use this property to get date and time of the last password changed for Office 365 users. |
| LicenseReconciliationNeeded | Whether or not the user currently has a mailbox without an Office 365 license. I will explain more about this property in next part of this article series. |
| Licenses | This is a multi-valued property. It contains the Office 365 licenses assigned to the user. I will explain more about Licenses property later in this article series. |
| LiveId | This is the user’s unique ID to log on to Office 365. |
| MobilePhone | As the name suggests. |
| OverallProvisioningStatus | Whether or not the user has been provisioned for Office 365 services. |
| PasswordNeverExpires | Use this property to see if the user is forced to change password every 90 days |
| StrongPasswordRequired | Returns True or False. True indicates that the user is required to set the strong password when they change their password next time. |
| UsageLocation | This is a two letter Country code and must be set in order to assign Office 365 Licenses. So it is fairly simple to understand that an Office 365 user must be assigned with a UsageLocation before the user can use the Office 365 services. |
| UserPrincipalName | As the name suggests. |
| WhenCreated | The creation date of the user. |
Table 1
Tip:
You can use above properties with Get-MsolUser cmdlet and export the output in a CSV file by adding “Export-CSV <CSV file name> -NoTypeInformation”. However, it is important to note that when exporting the output to a CSV file, Get-MsolUser cmdlet exports all properties of a user unless you specify the property names in the command. For example, running below command against an Office 365 Tenant will export values of all properties:
- Get-MsolUser –All | Export-CSV C:\Temp\Office365Users.CSV -NoTypeInformation
You might not want to see values of all properties of Office 365 users. To make sure only required properties are exported as part of the command, always use “Select-Object” cmdlet with the Get-MsolUser cmdlet as shown in the command below:
- Get-MsolUser <Parameters> | Select-Object <Property name separated by a comma> | Export-CSV <CSV file name> -NoTypeInformation
For example, if you need to get values for DisplayName, City, UserPrincipalName, IsLicensed, SignInName properties, you will use below PowerShell command:
- Get-MsolUser –ALL | Select-Object DisplayName, City, UserPrincipalName, IsLicensed, SignInName | Export-CSV C:\Temp\Office365Users.CSV -NoTypeInformation
Get-MsolUser cmdlet Parameters
Get-MsolUser cmdlet supports various parameters that you can use to get a specific type of information for Office 365 users. For example, by using “–EnabledFilter” parameter you can return users that are enabled or disabled. Similarly, you can use “-HasErrorsOnly” parameter to return users that have validation errors. I have compiled a list of Get-MsolUser parameters with examples in the table below:
|
Parameter |
When to use |
Example |
|
-EnabledFilter |
Use –EnabledFilter parameter to get a list of users that are enabled or disabled. You can use EnabledOnly or DisabledOnly values with –EnabledFilter parameter.
|
Get-MsolUser –All –EnabledFilter DisabledOnly Get-MsolUser –All –EnabledFilter EnabledOnly |
|
-DomainName |
Use –DomainName parameter to get results for a specific Office 365 domain. |
Get-MsolUser –All –DomainName <DomainName> |
|
-ReturnDeletedUsers
|
Use –ReturnDeletedUsers parameter to get a list of users that were deleted from Office 365, but are still present in the Ofice 365 Recycle bin. |
Get-MsolUser –ReturnDeletedUsers |
|
-SearchString |
Use –SearchString parameter to search users across Office 365 Tenant. |
Get-MsolUser –All –SearchString Dean Above command returns only users with an email address or display name staring with the “Dean” string. |
|
-Synchronized |
Use –Synchronized parameter if you need to return a list of users that are synchronized from On-Premises Active Directory. |
Get-MsolUser –All –Synchronized |
|
-UnlicensedUsersOnly |
Use –UnlicensedUsersOnly if you wish to see a list of users that are associated with an Office 365 license. |
Get-MsolUser –All –UnlicensedUsersOnly |
|
-MaxResults OR -All |
By default Get-MsolUser returns 500 results in a command. Use –All parameter to return all results. You can use either –MaxResults or –All parameter. |
Get-MsolUser –All –UnlicensedUsersOnly Get-MsolUser –MaxResults 2000 –UnlicensedUsersOnly |
Table 2
You might have noticed the use of “-All” parameter with Get-MsolUser cmdlet in above examples. By default, Get-MsolUser returns a maximum of 500 results in a command. If you wish to perform a Get-MsolUser operation against all Office 365 users in an Office 365 Tenant, you must use “-All” parameter. Although you can specify “-MaxResults” parameter, but I don’t see any use of –MaxResults parameter if you need to perform Get-MsolUser operations against all Office 365 users.
Summary
In this part, we explained user properties and various parameters supported by the Get-MsolUser cmdlet. You can use properties explained above to return property value for a single or all Office 365 users.
In the next part, we will explain common Get-MsolUser commands and how to use Get-MsolUser cmdlet with other cmdlets such as Get-MsolUserRole cmdlet.
If you would like to read the other parts in this article series please go to:
