Microsoft Entra ID

Listing Azure AD/Office 365 User Accounts with Directory Synchronization Status

Spiss Tek
Last update :

User accounts for Office 365 are stored in Azure Active Directory. These accounts can be either cloud identities or synced identities. Cloud identities are accounts that exist only in Office 365 or Azure AD. Synced identities are accounts that are originally created in an on-premises Active Directory and are then synchronized to Azure AD using a tool like Azure AD Connect.

If you want to get a list of synced and non-synced accounts, you can use the AzureAD PowerShell module. First, connect to Azure AD. Then, use the `Get-AzureADUser` command to retrieve the list of users. To see which users are synced and which are not, you can group them by the `DirSyncEnabled` property. This will give you a count of both synced and non-synced accounts.

To get a list of synced users, you can use the following command:

Connect-AzureAD

Get-AzureADUser | Where {$_.DirSyncEnabled -eq $true}

Now, here's an example where I’ve also retrieved the DirSyncEnabled and LastDirSyncTime properties.

Get-AzureADUser | Where {$_.DirSyncEnabled -eq $true} | Select -Property DisplayName,UserPrincipalName,DirSyncEnabled,LastDirSyncTime | ft -auto

To get a list of identities that are only in the cloud and not synced, use the following command:
Get-AzureADUser | Where {$_.DirSyncEnabled -eq $null}

Equivalent Command in Microsoft Graph PowerShell

If you're using the newer Microsoft.Graph module, you would retrieve similar information with the following command:
Get-MgUser | Where-Object {$_.OnPremisesSyncEnabled -eq $true} | Select-Object DisplayName,UserPrincipalName,OnPremisesSyncEnabled,OnPremisesLastSyncDateTime | Format-Table -AutoSize

Explanation of the Command:
  • Get-AzureADUser (or Get-MgUser): Retrieves users from Azure AD.
  • Where {$_.DirSyncEnabled -eq $true}: Filters for users with DirSync (or OnPremisesSyncEnabled in Graph).
  • Select -Property: Specifies which properties to display.
  • Format-Table -AutoSize (ft -auto): Formats the output in a table that adjusts column sizes automatically.

Conclusion:

In this article, we explored how to retrieve a list of Azure AD/Office 365 user accounts along with their directory synchronization status. We delved into the steps required to access this information, ensuring you can effectively monitor synchronization.

Did you enjoy this article? You might also like "How to Get a List of  Disabled Users in Active Directory" Don’t forget to follow us and share this article!
Edit This Article
Tags

You may like these posts

Comments