Get-AzADUser missing properties

[seanmcne]

Description of the new feature

I'm attempting to get our team to use azure cloud shell and when attempting to query userinformation we've found get-azaduser to be a fairly worthless command as it doesn't appear to return any information about the user (like department, usage location, office info, or basically any properties on the user).

Hopefully I'm just missing something super obvious, but how are admins supposed to use these new modules if they don't return valuable information or the ability to manage users or is this just completely out of scope for cloudshell?

Thanks!

[karok2m]

I want to add that it should return most (if not all) properties returned by Get-AzureADUser.

[cobdev]

Are there any updates on this feature request? Currently, we can only pull "DisplayName" and "ObjectId" for a user with this cmdlet. Right now this makes it not very useful other than confirming that a particular user's account exists.

[schittli]

Are there any updates on this feature request?

Microsoft has not even considered it worth planning: Assignees: No one assigned

It's a shame that M$ propose to use the AZ Modul

… and it's still missing and ignoring the most basic features for many months.

[Rodric75]

Any chance you can do more magic and add LastPasswordChangeTimestamp, PasswordNeverExpires as well? AFAIK the only user that gives those fields at this time is MSOLService.

[cobdev]

Requesting that this be re-opened?

There continues to be a lack of properties returned when comparing "Get-AzureADUser" vs. "Get-AzADUser":

[mpriem]

+1

And I would like to add that this is quite necessary as importing the AzureAD module in Azure Functions (PS) is not working properly, so one has to jump to quite some hoops to get additional information on the users when using Function apps with PowerShell.

[stevem995]

Agreed, this should be reopened and looked at.

[0xUnicorn]

Agreed, I've spent almost 5 hours today to find out how I would get some specific info using the AZ Module, just to find this issue and discovering it's not available.

I see a future where AZ and ExchangeOnlineManagement-v2 will substitute for all the legacy modules, but still we are far from this scenario.

It all boils down to the issue with all legacy modules not being compatible with Azure Function Apps using PS-Core 7.

[danielniccoli]

Not being able to return all properties on an AAD user renders this cmdlet mostly useless. 😞

[johandanforth]

Seriousely, this is still an issue as far as I can see today. I wasted 2 hours going down this rabbit hole, because the info on this page recommends using az module: https://docs.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-powershell

[moriahmorgan]

Weighing in on this. We provision all of our users O365 licenses via PowerShell, and may change license status based on user type.

Currently, we're using MSOnline Module, but I'm not going to change to AzureAD PowerShell if Az is the future. Before I change, I need immutable ID and all assigned licenses.

Add to the fact that MS has made modern Auth with MSOnline a pain in the neck, and I'm not going to rewrite all my scripts for something that's going to get replaced by Az.

[ehmiiz]

When using this cmdlet for larger stuff (15,000+ users in the same variable), azure automation sandbox caps out on memory (400 Mb). My ps7 host process is using 3gb ram when storing the users in a variable, since I'm unable to filter out unwanted props.

Would be awesome with a -filter / -properties param

[danielniccoli]

Can this please be reopened as the command clearly still lacks of the proposed properties.

[gh-anton]

So Microsoft is going to retire the Azure AD-module next year and expects us to use this module instead?

https://techcommunity.microsoft.com/t5/office-365/microsoft-lays-out-future-for-azure-ad-powershell-module/m-p/2411780

As for now this module isn't even close in terms of features compared to the current AzureAD-module in the aspects of user management. Just tried to update the CompanyName attribute of a user, guess what? Thats not possible, a LOT is missing. This case definitely needs to be re-open.

@seanmcne I know it was I while since you posted this issue, anyway, you can find location, company name etc. under the AdditionalProperties attribute.

ex: (Get-AzADUser -SearchString <Name/UPN>).additionalProperties

[jmlatov]

and what is the correct syntax to modify, add or update a value of one of the "addiionalProperties"? I can get them, but I don't know how can I update it.

[gh-anton]

@jmlatov Well, thats what i'm complaining about. Still not possible with this module... It would probably be possible to update these attributes via Graph API. However, really shouldn't be down to us to write our own modules to preform these simple tasks.

[chadcarlton]

I believe this issue is still present, and NOT fixed by the attached PR.

[gh-anton]

I believe this issue is still present, and NOT fixed by the attached PR.

It seems that Microsoft Graph-based module is the way to go from now on. A bit confusing with at least four different modules to manage Azure AD-users. Take a look at this one: https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.users/get-mguser?view=graph-powershell-beta

PS Get-MgUser -UserId "username@domain.topdomain" | Get-Member | Select-Object Name | Sort-Object Name

Name

AboutMe AccountEnabled Activities Add AdditionalProperties AgeGroup AgreementAcceptances Analytics AppConsentRequestsForApproval AppRoleAssignments Approvals AssignedLicenses AssignedPlans Authentication Birthday BusinessPhones Calendar CalendarGroups Calendars CalendarView Chats City Clear CompanyName ConsentProvidedForMinor ContactFolders Contacts ContainsKey CopyFrom Country CreatedDateTime CreatedObjects CreationType CustomSecurityAttributes DeletedDateTime Department DeviceEnrollmentConfigurations DeviceEnrollmentLimit DeviceKeys DeviceManagementTroubleshootingEvents Devices DirectReports DisplayName Drive Drives EmployeeHireDate EmployeeId EmployeeOrgData EmployeeType Equals Events Extensions ExternalUserState ExternalUserStateChangeDateTime FaxNumber FollowedSites GetHashCode GetType GivenName HireDate Id Identities ImAddresses InferenceClassification InfoCatalogs InformationProtection Insights Interests IsResourceAccount Item JobTitle JoinedGroups JoinedTeams LastPasswordChangeDateTime LegalAgeGroupClassification LicenseAssignmentStates LicenseDetails Mail MailboxSettings MailFolders MailNickname ManagedAppRegistrations ManagedDevices Manager MemberOf Messages MobileAppIntentAndStates MobileAppTroubleshootingEvents MobilePhone MySite Notifications Oauth2PermissionGrants OfficeLocation Onenote OnlineMeetings OnPremisesDistinguishedName OnPremisesDomainName OnPremisesExtensionAttributes OnPremisesImmutableId OnPremisesLastSyncDateTime OnPremisesProvisioningErrors OnPremisesSamAccountName OnPremisesSecurityIdentifier OnPremisesSyncEnabled OnPremisesUserPrincipalName OtherMails Outlook OwnedDevices OwnedObjects PasswordPolicies PasswordProfile PastProjects PendingAccessReviewInstances People Photo Photos Planner PostalCode PreferredDataLocation PreferredLanguage PreferredName Presence Profile ProvisionedPlans ProxyAddresses RefreshTokensValidFromDateTime RegisteredDevices Remove Responsibilities Schools ScopedRoleMemberOf Settings ShowInAddressList SignInActivity SignInSessionsValidFromDateTime Skills State StreetAddress Surname Tasks Teamwork Todo ToJson ToJsonString ToString TransitiveMemberOf TransitiveReports TryGetValue UsageLocation UsageRights UserPrincipalName UserType Validate WindowsInformationProtectionDeviceRegistrations

[jackchenwork]

@gh-anton MSGraph works better than AZ. I was trying to find some Azure Device information, only to find out get-AzADDevice doesn't even exist ( can't understand why the PM think get-AzureADDevice is necessary, but get-AzADDevice is not)?

for Get-MgUser , one thing I found is many properties will just return empty if not added in -property attribute.

"(get-MgUser -userid userid ).ProxyAddresses" return empty.

"(get-MgUser -userid userid -Property ProxyAddresses).ProxyAddresses" return correct value.

[seanmcne]

I believe this issue is still present, and NOT fixed by the attached PR.

@VeryEarly - After reviewing all the comments it appears the PR does not address the missing properties and scenarios. Is there a measure of feature parity that is shared somewhere? Also, are the gaps with this specific action being addressed to achieve parity? It seems like most people commenting in this issue (and I can assume many who find this issue and decide not to comment) are looking for feature parity or at least guidance for how to accomplish key tasks with the updated modules. Thx!

[hwwilliams]

I found this issue today after trying to get the OnPremisesSamAccountName and SecurityIdentifier properties.

I noticed that Get-AzAdGroupMember returns all properties with correct values, this command outputs IMicrosoftGraphDirectoryObject according to documentation. I did not want to use this command for my purposes because it would mean anytime I want properties on just one user I have to get a whole group's worth of information which could be thousands of users.

While Get-AzAdUser returns properties with null values, this command outputs IMicrosoftGraphUser according to documentation.

As @jackchenwork explained above, the Get-MgUser command does return the correct values but you must specify the property in the command which is tedious and shouldn't be necessary.

All of these commands should return the same output with correctly populated values, the fact that these are all so inconsistent and have been this way for almost 4 years after the original Azure modules were depreciated is pathetic.