Getting users information with PowerShell
The simplest way to get user information from Office 365 is to get all users with the Get-MsolUser command, like this:
Get-MsolUser -All
This will bring back a collection of every user in your tenant, which may take a while if you have a lot of users. Here's an example of the output:
UserPrincipalName DisplayName
----------------- -----------
thomas.carpe_liquid-hg.com#EXT#@liquidhgdev.onmicrosoft.com Thomas Carpe
incrediblemeh_gmail.com#EXT#@liquidhgdev.onmicrosoft.com Eric Carpe (MS Account)
eric.carpe@lab.liquid-hg.com Eric Carpe
beowulf@lab.liquid-hg.com @AppPool Beowulf
alara.rogers@lab.liquid-hg.com Alara Rogers
bender@liquidhgdev.onmicrosoft.com Bender B. Rodriguez
tcarpe_colossusconsulting.com#EXT#@liquidhgdev.onmicrosoft.com Thomas Carpe (MS Account)
prof.fry@liquidhgdev.onmicrosoft.com Professor Fry
phillip.fry@liquidhgdev.onmicrosoft.com Phillip J. Fry
thomas.carpe@lab.liquid-hg.com Thomas Carpe
adsync.user@liquidhgdev.onmicrosoft.com @Role Azure AD Sync
leela@liquidhgdev.onmicrosoft.com Turanga Leela
Sync_CAVECORE_6a0b46f7d409@liquidhgdev.onmicrosoft.com On-Premises Directory Synchronization Service A...
This is a pretty good example of a typical Office 365 tenant that's been in use for a while. Because this is a development site, it has some real users (Thomas, Alara, and Eric), some test accounts (the cast of Futurama), some guest accounts (Microsoft accounts used by customers, staff, or contractors with names redacted for privacy), and some service accounts used by systems like AD Connect or servers that send email notifications using Office 365. You can see clearly, even from the UPN of each user, that guest accounts look very different.
Suppose we wanted to see all the properties about a specific user? A slight variation of the same command, plus a list formatter, will do the trick:
PS C:\WINDOWS\system32> Get-MsolUser -UserPrincipalName thomas.carpe@lab.liquid-hg.com | fl
ExtensionData : System.Runtime.Serialization.ExtensionDataObject
AlternateEmailAddresses : {}
AlternateMobilePhones : {}
AlternativeSecurityIds : {}
BlockCredential : False
City : Baltimore
CloudExchangeRecipientDisplayType :
Country : United States
Department : Product Development
DirSyncProvisioningErrors : {}
DisplayName : Thomas Carpe
Errors :
Fax :
FirstName : Thomas
ImmutableId : l4CFJxGVhUSHxyFL3OhOmg==
IndirectLicenseErrors : {}
IsBlackberryUser : False
IsLicensed : False
LastDirSyncTime : 9/29/2016 12:19:43 AM
LastName : Carpe
LastPasswordChangeTimestamp : 9/12/2016 6:18:09 PM
LicenseReconciliationNeeded : False
Licenses : {}
LiveId : 100300009A2ABB77
MSExchRecipientTypeDetails :
MobilePhone :
ObjectId : 7df78b6a-1626-4c49-b99e-380c1b2bf272
Office :
OverallProvisioningStatus : None
PasswordNeverExpires : True
PasswordResetNotRequiredDuringActivate : True
PhoneNumber : 410-633-5959
PortalSettings :
PostalCode : 21211
PreferredDataLocation :
PreferredLanguage :
ProxyAddresses : {SMTP:thomas.carpe@liquidmercurysolutions.com}
ReleaseTrack :
ServiceInformation : {}
SignInName : thomas.carpe@lab.liquid-hg.com
SoftDeletionTimestamp :
State : MD
StreetAddress :
StrongAuthenticationMethods : {}
StrongAuthenticationPhoneAppDetails : {}
StrongAuthenticationProofupTime :
StrongAuthenticationRequirements : {}
StrongAuthenticationUserDetails :
StrongPasswordRequired : True
StsRefreshTokensValidFrom : 9/12/2016 6:18:09 PM
Title : Muppet Master of Mayhem
UsageLocation :
UserLandingPageIdentifierForO365Shell :
UserPrincipalName : thomas.carpe@lab.liquid-hg.com
UserThemeIdentifierForO365Shell :
UserType : Member
ValidationStatus : Healthy
WhenCreated : 8/22/2016 9:53:58 PM
So, from this information, we can see many things about this user, including when they last synced and that their job includes managing a great deal of felt.
Let's say you want to dump user information to a file? You can do this like so:
Get-MsolUser -All | Export-Csv -Path C:\TEMP\Office365Users.csv
There are a lot of interesting things that can't be displayed readily using Get-MsolUser command, such as what Office 365 plans the user is entitled to, or to what groups they've been assigned. If you want that kind of extended information, you'll need different commands to get it. Those will be covered in detail later on.
There's still more power in Get-MsolUsers command, though.
Want to see who's in the user recycle bin? That's easy enough:
PS C:\WINDOWS\system32> Get-MsolUser -ReturnDeletedUsers
UserPrincipalName DisplayName isLicensed
----------------- ----------- ----------
bela.lugosi@liquidhgdev.onmicrosoft.com Bela Lugosi True
Here we see the king of the vampires, resting quietly in his tomb. We'll hear more about this Nosferatu later when we talk about deleting and resurrecting users from the recycle bin. (See what we did there?)
There are lots of useful parameters for Get-MsolUser command, including EnabledFilter, LicenseReconciliationNeededOnly, and UnlicensedUsersOnly, just to name a few. For everything else, you can pipe the output to Select-Object and create your own criteria to filter the results based on whatever custom query you desire.
Once you have a set of objects returned by Get-MsolUser, you can use the UPN or object ID to pass those to commands such as Set-MsolUser, Delete-MsolUser, and more. Give it a try; we think you'll see that it's fairly straightforward and easy to get the hang of.