View Microsoft 365 user accounts with PowerShell

This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.

You can use the Microsoft 365 admin center to view the accounts for your Microsoft 365 tenant. PowerShell for Microsoft 365 enables this but also provides additional functionality.

View user accounts using Microsoft Graph PowerShell

Note

The Azure Active Directory (AzureAD) PowerShell module is being deprecated and replaced by the Microsoft Graph PowerShell SDK. You can use the Microsoft Graph PowerShell SDK to access all Microsoft Graph APIs. For more information, see Get started with the Microsoft Graph PowerShell SDK.

Also see Install the Microsoft Graph PowerShell SDK and Upgrade from Azure AD PowerShell to Microsoft Graph PowerShell for information on how to install and upgrade to Microsoft Graph PowerShell, respectively.

  1. First, install the required software to use Microsoft Graph PowerShell. See Connect to Microsoft 365 with Microsoft Graph PowerShell for more information.

  2. Then run the following cmdlet to connect to your organization with the required permission scope, which in this case is User.ReadBasic.All:

# Connect to Microsoft Graph
Connect-Graph -Scopes User.ReadBasic.All

View all accounts

To display the full list of user accounts with user ID and user principal name, run this command:

Get-MgUser -All | Select DisplayName,Id,UserPrincipalName

You should get information similar to this:

DisplayName               Id                                   UserPrincipalName
-----------               --                                   -----------------
Conf Room Adams           6e206948-b2b6-406c-a728-80bbe78e4003 [email protected]
Adele Vance               916a6a08-b9d0-44b6-870f-562d8358a314 [email protected]
MOD Administrator         5710f237-df3f-4bcd-b875-82deb02f98aa [email protected]
Alex Wilber               8aa561dc-441d-4d74-aeb3-e2be41c116c8 [email protected]
Allan Deyoung             6b629e5e-3cf4-42d0-8007-3a93f0253382 [email protected]
Automate Bot              3a70feb4-9407-47b5-9b61-7526ac0e98d8 [email protected]      
Conf Room Baker           d8cf3fef-1d03-4b9c-9be0-fed44fb87596 [email protected]
Bianca Pisani             7fe8c2d1-eb8e-4032-96ba-26242ff0acd9 [email protected]        

View a specific account

To display a specific user account, run the following command. Fill in the sign-in account name of the user account, which is also known as the user principal name (UPN). Remove the "<" and ">" characters.

Get-MgUser -UserId '<user principal name>'

Here's an example:

Get-MgUser -UserId '[email protected]'

View additional property values for a specific account

By default, the Get-MgUser cmdlet only displays the DisplayName, Id, Mail, and UserPrincipalName properties of accounts.

To be more selective about the properties to display, use the Select cmdlet in combination with the Get-MgUser cmdlet. To combine the two cmdlets, use the "pipe" character ("|"), which tells PowerShell to take the results of one command and send it to the next command. Here's an example command that displays the DisplayName, Department, and UsageLocation for every user account:

Get-MgUser -All | Select DisplayName,Department,UsageLocation

This command instructs PowerShell to:

  1. Get all the information on the user accounts (Get-MgUser) and send it to the next command (|).

  2. Display only the user account name, department, and usage location (Select DisplayName, Department, UsageLocation).

To see all the properties for a specific user account, use the Select cmdlet and the wildcard character (*). Here's an example:

Get-MgUser -UserID '[email protected]' | Select *

As another example, run the following command to check the enabled status of a specific user account:

Get-MgUser -UserID '<sign-in name of the user account>' | Select DisplayName,UserPrincipalName,AccountEnabled

View account synchronization status

User accounts have two sources:

  • Windows Server Active Directory (AD), which are accounts that sync from on-premises AD to the cloud.

  • Microsoft Entra accounts, which are created directly in the cloud.

You can use the following command to find accounts that are synchronizing from on-premise AD. It instructs PowerShell to get all users who have the attribute OnPremisesSyncEnabled set to True.

Get-MgUser -All -Filter 'OnPremisesSyncEnabled eq true'

You can use the following command to find cloud-only accounts. It instructs PowerShell to get all users who have the attribute OnPremisesSyncEnabled set to False or not set (Null). An account that was never synced from on-premises AD has OnPremisesSyncEnabled set to Null. An account that was synced initially from on-premises AD but is no longer being synced has OnPremisesSyncEnabled set to False.

Get-MgUser -All | Where OnPremisesSyncEnabled -ne true
OnPremisesSyncEnabled```

### View accounts based on a common property

To be more selective about the list of accounts to display, you can use the **Where** cmdlet in combination with the **Get-MgUser** cmdlet. To combine the two cmdlets, use the "pipe" character ("|"), which tells PowerShell to take the results of one command and send it to the next command. Here is an example command that displays only those user accounts that have an unspecified usage location:
  
```powershell
Get-MgUser | Where UsageLocation -eq $Null

This command instructs PowerShell to:

  1. Get all the information on the user accounts (Get-MgUser) and send it to the next command (|).

  2. Find all the user accounts that have an unspecified usage location (Where UsageLocation -eq $Null). The command instructs PowerShell to only find the set of accounts for which the UsageLocation user account property (UsageLocation) is not specified (-eq $Null).

The UsageLocation property is only one of many properties associated with a user account. To display all the properties for a specific user account, use the Select cmdlet and the wildcard character (*). Here's an example:

Get-MgUser -UserID [email protected] | Select *

For example, City is the name of a user account property. You can use the following command to list all accounts of users who live in London:

Get-MgUser | Where City -eq "London"

Tip

The syntax for the Where cmdlet in these examples is Where [user account property name] [comparison operator] [value] value.> [comparison operator] is -eq for equals, -ne for not equals, -lt for less than, -gt for greater than, and others. [value] is typically a string (a sequence of letters, numbers, and other characters), a numerical value, or $Null for unspecified. For more information, see Where.

See also

Manage Microsoft 365 user accounts, licenses, and groups with PowerShell

Manage Microsoft 365 with PowerShell

Get started with PowerShell for Microsoft 365