MSGraph – Users/Groups

Table of Contents

Count all users

Get-MgUser -All | Measure-Object | Select-Object -ExpandProperty Count

User account status

Get-MgUser -UserId "xxx" -Property Id, DisplayName, UserPrincipalName, AccountEnabled | Select-Object Id, DisplayName, UserPrincipalName, AccountEnabled

Get-MgUser -All -Filter "accountEnabled eq true" -Property Id, DisplayName, UserPrincipalName, AccountEnabled | Select-Object Id, DisplayName, UserPrincipalName, AccountEnabled

Cloud users including guests

Get-MgUser -All -Filter "OnPremisesSyncEnabled ne true" -ConsistencyLevel eventual -CountVariable CountVar

Cloud users excluding guests

Get-MgUser -All -Filter "OnPremisesSyncEnabled ne true and UserType eq 'Member'" -ConsistencyLevel eventual -CountVariable CountVar

Licensed users

Get-MgUser -All -Filter "assignedLicenses/`$count ne 0 and userType eq 'Member'" -ConsistencyLevel eventual -CountVariable Records

On-premises synced users

Get-MgUser -All -Filter "OnPremisesSyncEnabled eq true" | Sort-Object DisplayName

Manager

Get-MgUser -All -ExpandProperty Manager | Select-Object @{Name = 'Manager'; Expression = { $_.Manager.AdditionalProperties.mail } }

Sign-in activity

Get-MgUser -All -Property SignInActivity | Select-Object -ExpandProperty SignInActivity

Date d’arrivée

(Get-MgUser -all -Filter "CreatedDateTime ge $([datetime]::UtcNow.AddMonths(-1).ToString("s"))Z and OnPremisesSyncEnabled eq true" | select Id, UserPrincipalName, CreatedDateTime).count

Company name

Get-MgUser -All -Property DisplayName, UserPrincipalName, CompanyName | Select-Object DisplayName, UserPrincipalName, CompanyName

ExtensionAttribute

(Get-MgUser -All -Property DisplayName,OnPremisesExtensionAttributes,mail,physicalDeliveryOfficeName | Where-Object {($_.OnPremisesExtensionAttributes.ExtensionAttribute1 -eq "XXXAzureSync") -and ($_.OnPremisesExtensionAttributes.ExtensionAttribute2 -eq "MSOfficeProPlus") -and ($_.physicalDeliveryOfficeName -notlike "66*")}).count

Suppression d’une licence sur un group Azure

La première étape consiste à se connecter en MS Graph API, voir cet article :

Ensuite, nous devons récupérer 2 attributs :
– Group ID (objectID)
– License ID (skuID)

Le groupID est récupérable via Get-MsolGroup en filtrant sur ObjectID. Vous pouvez lister tous les groupes via ces commandes

$apiUrl = 'https://graph.microsoft.com/v1.0/Groups/'
$Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $($token)"} -Uri $apiUrl -Method Get
$Groups = ($Data | select-object Value).Value | Select-Object id,displayName
 
# Show the groups
$Groups

Ensuite, nous devons récupérer l’ID de licence identifié via skuID

$apiUrl = 'https://graph.microsoft.com/v1.0/Groups/<GUID>?$select=assignedLicenses'
$Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $($token)"} -Uri $apiUrl -Method Get
$GroupData = $Data | select-object -ExpandProperty assignedLicenses
 
$GroupData | fl

Le retour de cette commande sera sous le format suivant :

Ensuite, nous allons utiliser ces informations pour retirer la licence du groupe.
Modifier les valeurs de $LicenseToRemove et $groupID afin que cela corresponde à ce que vous souhaitez updater.

$LicenceToRemove    = "c42b9cae-ea4f-4ab7-9717-81576235ccac"
$groupID            = "GROUP OBJECT ID"
 
$apiUrl             = "https://graph.microsoft.com/v1.0/Groups/$groupID/assignLicense"
 
##
 
# REMOVE License Body for RestAPI
$body = @{
    addLicenses = @()
    removeLicenses= @($LicenceToRemove)
}
 
# Convert it to JSON
$jsonBody = $body | ConvertTo-Json
 
$removeLicense = Invoke-RestMethod -Method Post -Headers @{
    Authorization = "Bearer $($token)"
    'Content-Type'  = "application/json"
} -Body $jsonBody -Uri $apiUrl
 
###
 
$removeLicense