Viewing Microsoft 365 User Account Details Using Get-MsolUser

In this article, we’ll show you how to get various information about Microsoft 365 (ex Office 365) user accounts using the Get-MsolUser PowerShell cmdlet. The Get-MsolUser cmdlet allows you to view the properties of one or several Microsoft 365 accounts. This is an analog of the Get-ADUser cmdlet for on-premises Active Directory, which is used to get AD user attribute values. The Get-MsolUser cmdlet is part of the Azure AD PowerShell module (MSOnline). It allows you to connect to your Microsoft 365 tenant. Thus, to use this cmdlet you must first download and install this module. You can download and install the MSOnline manually (exe/msi installer), or install it online from the PowerShell Gallery. To do this, just run the command in the PoSh console:

Find-Module -Name MSOnline | Install-Module -Force

get-msoluser all properties

To check if the MSOnline module is installed and display its version, run the command:

Get-Module msonline

get-msoluser

If you want to update the version of a module, run:

Update-Module –Name msonline

To connect to a Microsoft 365 subscription, save your credentials to a variable:

$MSOCred = Get-Credential

In the window that appears, enter the account’s credentials with the permissions to connect to your Microsoft 365 tenant.

get-msoluser all attributes

Now connect to your subscription with saved credentials:

Connect-MsolService -Credential $MSOCred

Hint. Confirm sign in with your device if Multi-Factor Authentication (MFA) is enabled for your Azure account.

After connecting, run the command:

Get-MsolUser

Tip. If the MSOnline module is not installed on the computer, an error will appear when running the Get-MsolUser cmdlet:

Get-MsolUser : The term ‘Get-MsolUser’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

+ FullyQualifiedErrorId : CommandNotFoundException

This command will return a list of all Microsoft 365 users. By default, the cmdlet returns only three Azure user attributes:

  • UserPrincipalName;
  • DisplayName;
  • isLicensed.

get-msoluser show all properties

To display information about a specific user, you can specify its UserPrincipalName. You can display all user attributes:

Get-MsolUser -UserPrincipalName "youraccount@o365.onmicrosoft.com”| Select-Object *|Format-List

get msoluser all attributes

The user account contains some attributes that determine their properties, parameters, and personal info (phone number, department, company, etc.). You can query Azure for specific attribute values:

Get-MsolUser -UserPrincipalName “youraccount@o365.onmicrosoft.com” | Select-Object UserPrincipalName, DisplayName, Department, UsageLocation

Hint. Unfortunately, the Get-MsolUser cmdlet doesn’t allow you to display the synchronized custom attribute (extension attribute) value. In order to get the extension property value, use the Get-AzureADUserExtension cmdlet:

(Get-AzureADUserExtension -ObjectId youraccount@o365.onmicrosoft.com).extension_{AppClientId}_vehRegCode

You can use the standard Where-Object cmdlet to search (filter) for users with specific values in Azure AD attributes. For example, the following command will list all users whose City attribute is set to Paris:

Get-MsolUser | Where-Object {$_.City -eq "Paris"}

You can export this list to a CSV file (convenient for opening in Excel):

Get-MsolUser | Select-Object UserPrincipalName, DisplayName, PhoneNumber, Department, UsageLocation| Export-CSV c:\ps\o365userlist.csv –NoTypeInformation

Below are some useful queries for getting data about Microsoft 365 users with the help of the Get-MsolUser cmdlet.

You can display all users of a specific department:

Get-msoluser | Where {$_.Department -eq “Sales Dept”}

Let’s display the list of users and licenses assigned to them:

Get-MsolUser | Where-Object {$_.isLicensed -like "True"} | FT DisplayName, licenses, islicensed

List of assigned license options:

(Get-MsolUser –UserPrincipalName youraccount@o365.onmicrosoft.com ).Licenses[0].ServiceStatus

get-msoluser properties

List of users without a license:

Get-MsolUser –UnlicensedUsersOnly

List of deleted accounts (useful if you accidentally deleted an Office 365 account, when you urgently need to restore it):

Get-MsolUser -ReturnDeletedUsers | FL UserPrincipalName,ObjectID

List the time of the last password change for Office 365 users:

Get-MsolUser -All | select DisplayName, LastPasswordChangeTimeStamp

List the active (enabled) accounts:

Get-MsolUser -EnabledFilter EnabledOnly -ALL

List the disabled accounts:

Get-MsolUser -EnabledFilter DisabledOnly –ALL

If you don’t know the exact UPN of a user or their ObjectID, you can find users using the –SearchString parameter. When you use this parameter, the Get-MsolUser cmdlet searches for matches in the Display Name and Email address attributes. For example, the following command will list all enabled users with Gupta surname:

Get-MsolUser -EnabledFilter EnabledOnly -ALL -SearchString "Gupta"

get-msoluser company name

To list Azure tenant users that have not been synced from on-premises Active Directory Domain Services (cloud users) via Azure Active Directory Sync (Azure AD Connect):

Get-MsolUser -All -Synchronized:$false

powershell get-msoluser all attributes

With a PowerShell script, you can check if the user is cloud-native or synced from on-prem AD:

$upn = “youraccount@o365.onmicrosoft.com”

if( [bool](Get-MsolUser -Synchronized).UserPrincipalName -contains $upn)

{

Write-Host -foregroundcolor Green $upn " is on-prem Synchronized User"

}

else

{

Write-Host -foregroundcolor Red $upn " is NOT Synchronized User (cloud only user)"

}

Display a list of users who haven’t changed their passwords for more than 90 days:

Get-MsolUser | Where-Object { $.LastPasswordChangeTimestamp -lt (Get-Date).AddDays(-90)} | Select-Object DisplayName,UserPrincipalName,LastPasswordChangeTimestamp,Licenses,PasswordNeverExpires | Format-Table

By default, the Get-MsolUser command returns only 500 entries. If you want to increase the number of user accounts available in the command results to 3000, add the -MaxResults 3000 parameter:

Get-MsolUser -EnabledFilter EnabledOnly -MaxResults 3000
I enjoy technology and developing websites. Since 2012 I'm running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.
Latest posts by Cyril Kardashevsky (see all)

One comment

  1. Hi,
    is it possible to somehow display user principal and SKUid/GUID/license like one table?
    I would like to connect user and part number via SKUid/GUID for reporting.
    Regards,
    IM

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.