PowerShell scripts for Microsoft 365 user reports
Azure Active Directory acts as a one-point reference to get information about all the user accounts, mailboxes and other Microsoft 365 objects. The Get-MsolUser PowerShell cmdlet is used to fetch information about an individual user or multiple users selected based on specific criteria passed as the parameters of the cmdlet. Below are some Get-MsoIUser PowerShell script examples.
Finding Enabled users:
Get-MsolUser -EnabledFilter EnabledOnly -MaxResults 2000
This cmdlet helps you get information about the enabled users. The maximum results that can be returned using this cmdlet is 2000. An active user with functional user account in the Active Directory is alone considered as enabled user. Disabled and deleted accounts are not included in this cmdlet.
Fetching a particular user's information (using object ID or User Principal Name):
Get-MsolUser -ObjectId 72cc645-abc7-1323-19ui-246sdnta7qt or
Get-MsolUser -UserPrincipalName harry@zohocorp.com
These PowerShell cmdlets retrieve information about a user with the mentioned Object ID or UPN. However, remembering the complete Object ID, typing and executing this cmdlet can be a real challenge. Even with the Object IDs and the UPN lists in hand, it can be tedious to type down 'n' number of object IDs and UPNs individually.
Though the above examples still seem simple and fine, the real challenge arises when you have to tend to a deeper need like finding out users with E3 license who are locked out and also import this report to CSV format?
Usecase: Identify users with E3 license, who are locked out and export this report in CSV format.
To meet this requirement, if you start scripting in PowerShell, this can be a very complex code. Instead you can simply use M365 Manager Plus, an Microsoft 365 reporting, management, change auditing, delegation and alerting tool, to get the necessary information. Our solution's Azure AD user reports with license filters and use the import CSV option available readily to perform the task given.
Steps:
- Go to the Reports tab on the top pane.
- Navigate to Azure Active Directory > User Reports on the left side.
- Choose the Azure Locked Users report under the Account Status Reports category.
- Enter a suitable Microsoft 365 tenant.
- In the Filter By option, select the number of domains and groups as you desire.
- Click on Generate Now.
- Click on the Add/Remove Columns button on the top-right corner of the report. And add the license details column.
- Now click on the icon,and select License Details > User with all of the selected licenses from the drop-down.
- Select the Microsoft 365 (Plan E3) license. Click on Add.
- Click on Filter to get the list of locked out users with E3 license.
- Click on the Export As option on the top-right corner to export this report as CSV file.
Why M365 Manager Plus?
M365 Manager Plus, the Microsoft 365 reporting, auditing, alerting, monitoring, and management tool, eliminates the need for PowerShell scripting. It offers more than 700 pre-configured reports on Azure Active Directory (Azure AD), Exchange Online, Yammer, Microsoft Teams and other Microsoft 365 services. It provides a comprehensive list of reports on Microsoft 365 users such as the synced user reports, deleted user reports, users with managers, users with or without photos and so on.
Simple steps to access these Azure AD Users report:
- Go to the Reports tab on the top pane.
- Navigate to Azure Active Directory > User Reports on the left side.
- Choose the desired report under the category of reports available.
- Select the Microsoft 365 Tenant from the drop-down.
- Enter the criteria under the Filter By option as you require.
- Click on Generate Now.
The highlights of M365 Manager Plus' reports:
- Advanced filters: Use attribute and condition-based filters to get the data you need without lengthy PowerShell scripts.
- Reports on historical data: PowerShell cmdlets can only help you retrieve data that's atleast seven days old and no older than 180 days. However, M365 Manager Plus reports historical records that's even older than 180 days.
- Customizable dashboard: M365 Manager Plus dashboard is customizable. Add reports in graph format to get a quick peek at the mail traffic summary, top email senders and receivers, client device usage, and more. This dashboard can be embedded in any of your webpages to enable constant monitoring.
- Report scheduler: Reports can be scheduled to be generated at regular intervals to reduce the overhead of generating reports manually.
- Export report: The reports can be exported to PDF, XLSX, HTML, or CSV formats and emailed to the administrator.
- Secure delegation: Securely delegate the task of report generation to technicians and IT staff without giving them full access to the Microsoft 365 Admin Center.
- Virtual tenants: You can also create customized tenants and virtual tenants, and delegate it to the technicians to perform help desk activities.