diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaAuditSignInLog.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaAuditSignInLog.md index 74b487d58..173005657 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaAuditSignInLog.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaAuditSignInLog.md @@ -105,6 +105,16 @@ Get-EntraBetaAuditSignInLog -Filter "createdDateTime ge 2024-07-01T00:00:00Z and This example shows how to retrieve sign-in logs between dates. +### Example 5: List failed sign-ins for a user + +```powershell +Connect-Entra -Scopes 'AuditLog.Read.All','Directory.Read.All' +$failedSignIns = Get-EntraBetaAuditSignInLog -Filter "userPrincipalName eq 'SawyerM@contoso.com' and status/errorCode ne 0" +$failedSignIns | Select-Object UserPrincipalName, CreatedDateTime, Status, IpAddress, ClientAppUsed | Format-Table -AutoSize +``` + +This example demonstrates how to retrieve failed sign-ins for a user. + ## Parameters ### -All diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDeletedApplication.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDeletedApplication.md index 526bb9c51..845a5f156 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDeletedApplication.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDeletedApplication.md @@ -135,6 +135,24 @@ TestApp1 aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-ccccccc This cmdlet retrieves deleted applications having specified display name. +### Example 6: Get deleted applications with deletion age in days + +```powershell +Connect-Entra -Scopes 'Application.Read.All' +Get-EntraBetaDeletedApplication | + Select-Object DisplayName, Id, AppId, SignInAudience, PublisherDomain, DeletedDateTime, + @{Name='DeletionAgeInDays'; Expression={(Get-Date) - $_.DeletedDateTime | Select-Object -ExpandProperty Days}} | + Format-Table -AutoSize +``` + +```Output +DisplayName Id AppId SignInAudience PublisherDomain DeletedDateTime DeletionAgeInDays +----------- -- ----- -------------- --------------- --------------- ----------------- +Entra PowerShell App aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc AzureADMyOrg contoso.com 9/18/2024 7:41:44 AM 1 +``` + +This cmdlet retrieves deleted applications with deletion age in days. + ## Parameters ### -All diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaServicePrincipal.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaServicePrincipal.md index 558ad2c2d..9baf1c6c0 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaServicePrincipal.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaServicePrincipal.md @@ -220,6 +220,37 @@ Global secure access app 00001111-aaaa-2222-bbbb-3333cccc4444 33334444-dddd- This example demonstrates how to retrieve all Global secure access apps. +### Example 11: List all applications without user assignment + +```powershell +Connect-Entra -Scopes 'Application.Read.All' +Get-EntraBetaServicePrincipal -All | Where-Object {$_.appRoleAssignmentRequired -ne 'true'} +``` + +```Output +DisplayName Id AppId SignInAudience ServicePrincipalType +----------- -- ----- -------------- -------------------- +App without user assignment 00001111-aaaa-2222-bbbb-3333cccc4444 33334444-dddd-5555-eeee-6666ffff7777 Application +``` + +This example demonstrates how to retrieve all applications without user assignment. + +### Example 12: List all SAML application details + +```powershell +Connect-Entra -Scopes 'Application.Read.All' +$servicePrincipal = Get-EntraServicePrincipal -Filter "PreferredSingleSignOnMode eq 'saml'" +$servicePrincipal | Select-Object Id, DisplayName, AccountEnabled, AppId, PreferredSingleSignOnMode, AppRoleAssignmentRequired, SignInAudience, NotificationEmailAddresses, PreferredTokenSigningKeyEndDateTime, PreferredTokenSigningKeyValid, ReplyUrls,LoginUrl, LogoutUrl | Format-Table -AutoSize +``` + +```Output +Id DisplayName AccountEnabled AppId PreferredSingleSignOnMode AppRoleAssignmentRequired SignInAudience NotificationEmailAddresses +-- ----------- -------------- ----- ------------------------- ------------------------- -------------- -------------- +00001111-aaaa-2222-bbbb-3333cccc4444 SAML App True 33334444-dddd-5555-eeee-6666ffff7777 saml True AzureADMyOrg {admin@Contoso} +``` + +This example demonstrates how to retrieve all SAML application details. + ## Parameters ### -All diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaSubscribedSku.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaSubscribedSku.md index e181b45d0..f4c0b9a6d 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaSubscribedSku.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaSubscribedSku.md @@ -82,7 +82,29 @@ This example demonstrates how to retrieve specified subscribed SKUs to Microsoft - `-ObjectId` parameter specifies the ID of the SKU (Stock Keeping Unit). -### Example 3: Get a list of users, their assigned licenses, and licensing source +### Example 3: Retrieve all users assigned a specific license + +```powershell +Connect-Entra -Scopes 'Organization.Read.All' +$sku = Get-EntraBetaSubscribedSku | Where-Object { $_.SkuPartNumber -eq 'DEVELOPERPACK_E5' } +$skuId = $sku.SkuId +$usersWithDeveloperPackE5 = Get-EntraBetaUser -All | Where-Object { + $_.AssignedLicenses -and ($_.AssignedLicenses.SkuId -contains $skuId) +} +$usersWithDeveloperPackE5 | Select-Object Id, DisplayName, UserPrincipalName, AccountEnabled, UserType | Format-Table -AutoSize +``` + +```Output +Id DisplayName UserPrincipalName AccountEnabled UserType +-- ----------- ----------------- -------------- -------- +cccccccc-2222-3333-4444-dddddddddddd Angel Brown AngelB@contoso.com True Member +dddddddd-3333-4444-5555-eeeeeeeeeeee Avery Smith AveryS@contoso.com True Member +eeeeeeee-4444-5555-6666-ffffffffffff Sawyer Miller SawyerM@contoso.com True Member +``` + +This example demonstrates how to retrieve all users assigned a specific license. + +### Example 4: Get a list of users, their assigned licenses, and licensing source ```powershell Connect-Entra -Scopes 'Organization.Read.All','User.Read.All','Group.Read.All' diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUser.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUser.md index 60bdfec49..fa2640f96 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUser.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUser.md @@ -175,6 +175,139 @@ New User cccccccc-2222-3333-4444-dddddddddddd NewUser@tenant.com This example demonstrates how to retrieve all users with disabled accounts. +### Example 8: List users based in a specific country + +```powershell +Connect-Entra -Scopes 'User.Read.All' +$usersInCanada = Get-EntraBetaUser -Filter "Country eq 'Canada'" +$usersInCanada | Select-Object Id, DisplayName, UserPrincipalName, OfficeLocation, Country | Format-Table -AutoSize +``` + +```Output +Id DisplayName UserPrincipalName OfficeLocation Country +-- ----------- ----------------- -------------- ------- +cccccccc-2222-3333-4444-dddddddddddd New User NewUser@tenant.com 23/2102 Canada +``` + +This example demonstrates how to retrieve all users based in Canada. + +### Example 9: List user count per department + +```powershell +Connect-Entra -Scopes 'User.Read.All' +$departmentCounts = Get-EntraBetaUser -All | Group-Object -Property Department | Select-Object Name, @{Name="MemberCount"; Expression={$_.Count}} +$departmentCounts | Format-Table Name, MemberCount -AutoSize +``` + +```Output +Name MemberCount +---- ----------- + 7 +Engineering 2 +Executive Management 1 +Finance 1 +HR 1 +``` + +This example demonstrates how to retrieve user count in each department. + +### Example 10: List disabled users with active licenses + +```powershell +Connect-Entra -Scopes 'User.Read.All' +$disabledUsersWithLicenses = Get-EntraBetaUser -Filter "accountEnabled eq false" -All | Where-Object { + $_.AssignedLicenses -ne $null -and $_.AssignedLicenses.Count -gt 0 +} +$disabledUsersWithLicenses | Select-Object Id, DisplayName, UserPrincipalName, AccountEnabled | Format-Table -AutoSize +``` + +```Output +Id DisplayName UserPrincipalName AccountEnabled +-- ----------- ----------------- -------------- +cccccccc-2222-3333-4444-dddddddddddd New User NewUser@tenant.com False +``` + +This example demonstrates how to retrieve disabled users with active licenses. + +### Example 11: Retrieve guest users with active licenses + +```powershell +Connect-Entra -Scopes 'User.Read.All' +$guestUsers = Get-EntraBetaUser -Filter "userType eq 'Guest'" -All +$guestUsersWithLicenses = foreach ($guest in $guestUsers) { + if ($guest.AssignedLicenses.Count -gt 0) { + [pscustomobject]@{ + Id = $guest.Id + DisplayName = $guest.DisplayName + UserPrincipalName = $guest.UserPrincipalName + AssignedLicenses = ($guest.AssignedLicenses | ForEach-Object { $_.SkuId }) -join ", " + } + } +} +$guestUsersWithLicenses | Format-Table Id, DisplayName, UserPrincipalName, AssignedLicenses -AutoSize +``` + +```Output +Id DisplayName UserPrincipalName AssignedLicenses +-- ----------- ----------------- ---------------- +cccccccc-2222-3333-4444-dddddddddddd Sawyer Miller sawyerm_gmail.com#EXT#@contoso.com c42b9cae-ea4f-4ab7-9717-81576235ccac +``` + +This example demonstrates how to retrieve guest users with active licenses. + +### Example 12: Retrieve users without managers + +```powershell +Connect-Entra -Scopes 'User.Read.All' +$allUsers = Get-EntraBetaUser -All +$usersWithoutManagers = foreach ($user in $allUsers) { + $manager = Get-EntraBetaUserManager -ObjectId $user.Id -ErrorAction SilentlyContinue + if (-not $manager) { + [pscustomobject]@{ + Id = $user.Id + DisplayName = $user.DisplayName + UserPrincipalName = $user.UserPrincipalName + } + } +} +$usersWithoutManagers | Format-Table Id, DisplayName, UserPrincipalName -AutoSize +``` + +```Output +Id DisplayName UserPrincipalName +-- ----------- ----------------- +cccccccc-2222-3333-4444-dddddddddddd New User NewUser@tenant.com +bbbbbbbb-1111-2222-3333-cccccccccccc Sawyer Miller SawyerM@contoso.com +``` + +This example demonstrates how to retrieve users without managers. + +### Example 13: List failed sign-ins for a user + +```powershell +Connect-Entra -Scopes 'AuditLog.Read.All','Directory.Read.All' +$failedSignIns = Get-EntraBetaAuditSignInLog -Filter "userPrincipalName eq 'SawyerM@contoso.com' and status/errorCode ne 0" +$failedSignIns | Select-Object UserPrincipalName, CreatedDateTime, Status, IpAddress, ClientAppUsed | Format-Table -AutoSize +``` + +This example demonstrates how to retrieve failed sign-ins for a user. + +### Example 14: List all guest users + +```powershell +Connect-Entra -Scopes 'User.Read.All' +$guestUsers = Get-EntraBetaUser -Filter "userType eq 'Guest'" -All +$guestUsers | Select-Object DisplayName, UserPrincipalName, Id, createdDateTime, creationType, accountEnabled, UserState | Format-Table -AutoSize +``` + +```Output +DisplayName UserPrincipalName Id CreatedDateTime CreationType AccountEnabled UserState +----------- ----------------- -- --------------- ------------ -------------- --------- +Sawyer Miller sawyerm_gmail.com#EXT#@contoso.com bbbbbbbb-1111-2222-3333-cccccccccccc 9/13/2024 6:37:33 PM Invitation True Accepted +``` + +This example demonstrates how to retrieve list all guest users. + ## Parameters ### -All diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserManager.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserManager.md index a7b9cfe0d..09c4f63db 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserManager.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserManager.md @@ -64,6 +64,33 @@ This example demonstrates how to retrieve the manager of a specific user. - `-ObjectId` Parameter specifies ObjectID or User Principal Name of User. +### Example 2: Retrieve users without managers + +```powershell +Connect-Entra -Scopes 'User.Read.All' +$allUsers = Get-EntraBetaUser -All +$usersWithoutManagers = foreach ($user in $allUsers) { + $manager = Get-EntraBetaUserManager -ObjectId $user.Id -ErrorAction SilentlyContinue + if (-not $manager) { + [pscustomobject]@{ + Id = $user.Id + DisplayName = $user.DisplayName + UserPrincipalName = $user.UserPrincipalName + } + } +} +$usersWithoutManagers | Format-Table Id, DisplayName, UserPrincipalName -AutoSize +``` + +```Output +Id DisplayName UserPrincipalName +-- ----------- ----------------- +cccccccc-2222-3333-4444-dddddddddddd New User NewUser@tenant.com +bbbbbbbb-1111-2222-3333-cccccccccccc Sawyer Miller SawyerM@contoso.com +``` + +This example demonstrates how to retrieve users without managers. + ## Parameters ### -ObjectId diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserMembership.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserMembership.md index 83cd1682f..5f39f434f 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserMembership.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUserMembership.md @@ -123,6 +123,22 @@ Id DeletedDateTime This example demonstrates how to retrieve users top three memberships in Microsoft Entra ID. +### Example 5: List groups that Sawyer Miller is a member of + +```powershell +Connect-Entra -Scopes 'User.Read.All' +$groups = Get-EntraBetaUserMembership -ObjectId 'SawyerM@contoso.com' +$groups | Select-Object DisplayName, Id, GroupTypes, Visibility | Format-Table -AutoSize +``` + +```Output +DisplayName Id GroupTypes Visibility +----------- -- ---------- ---------- +Contoso Group bbbbbbbb-1111-2222-3333-cccccccccccc {Unified} Public +``` + +This example demonstrates how to retrieve the groups that a user is a member of. + ## Parameters ### -All diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraAuditSignInLog.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraAuditSignInLog.md index d56ec818a..409b8604e 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraAuditSignInLog.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraAuditSignInLog.md @@ -104,6 +104,16 @@ Get-EntraAuditSignInLog -Filter "createdDateTime ge 2024-07-01T00:00:00Z and cre This example shows how to retrieve sign-in logs between dates. +### Example 5: List failed sign-ins for a user + +```powershell +Connect-Entra -Scopes 'AuditLog.Read.All','Directory.Read.All' +$failedSignIns = Get-EntraAuditSignInLog -Filter "userPrincipalName eq 'SawyerM@contoso.com' and status/errorCode ne 0" +$failedSignIns | Select-Object UserPrincipalName, CreatedDateTime, Status, IpAddress, ClientAppUsed | Format-Table -AutoSize +``` + +This example demonstrates how to retrieve failed sign-ins for a user. + ## Parameters ### -All diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDeletedApplication.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDeletedApplication.md index c89144c78..74cdce0fb 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDeletedApplication.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDeletedApplication.md @@ -133,7 +133,25 @@ DisplayName Id AppId TestApp1 aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc AzureADMyOrg contoso.com ``` -This cmdlet retrieves deleted applications having specified display name. +This cmdlet retrieves deleted applications having specified display name. + +### Example 6: Get deleted applications with deletion age in days + +```powershell +Connect-Entra -Scopes 'Application.Read.All' +Get-EntraDeletedApplication | + Select-Object DisplayName, Id, AppId, SignInAudience, PublisherDomain, DeletedDateTime, + @{Name='DeletionAgeInDays'; Expression={(Get-Date) - $_.DeletedDateTime | Select-Object -ExpandProperty Days}} | + Format-Table -AutoSize +``` + +```Output +DisplayName Id AppId SignInAudience PublisherDomain DeletedDateTime DeletionAgeInDays +----------- -- ----- -------------- --------------- --------------- ----------------- +Entra PowerShell App aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc AzureADMyOrg contoso.com 9/18/2024 7:41:44 AM 1 +``` + +This cmdlet retrieves deleted applications with deletion age in days. ## Parameters diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraServicePrincipal.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraServicePrincipal.md index 40465f020..9a82a3802 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraServicePrincipal.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraServicePrincipal.md @@ -220,6 +220,37 @@ Global secure access app 00001111-aaaa-2222-bbbb-3333cccc4444 33334444-dddd- This example demonstrates how to retrieve all Global secure access apps. +### Example 11: List all applications without user assignment + +```powershell +Connect-Entra -Scopes 'Application.Read.All' +Get-EntraServicePrincipal -All | Where-Object {$_.appRoleAssignmentRequired -ne 'true'} +``` + +```Output +DisplayName Id AppId SignInAudience ServicePrincipalType +----------- -- ----- -------------- -------------------- +App without user assignment 00001111-aaaa-2222-bbbb-3333cccc4444 33334444-dddd-5555-eeee-6666ffff7777 Application +``` + +This example demonstrates how to retrieve all applications without user assignment. + +### Example 12: List all SAML application details + +```powershell +Connect-Entra -Scopes 'Application.Read.All' +$servicePrincipal = Get-EntraServicePrincipal -Filter "PreferredSingleSignOnMode eq 'saml'" +$servicePrincipal | Select-Object Id, DisplayName, AccountEnabled, AppId, PreferredSingleSignOnMode, AppRoleAssignmentRequired, SignInAudience, NotificationEmailAddresses, PreferredTokenSigningKeyEndDateTime, PreferredTokenSigningKeyValid, ReplyUrls,LoginUrl, LogoutUrl | Format-Table -AutoSize +``` + +```Output +Id DisplayName AccountEnabled AppId PreferredSingleSignOnMode AppRoleAssignmentRequired SignInAudience NotificationEmailAddresses +-- ----------- -------------- ----- ------------------------- ------------------------- -------------- -------------- +00001111-aaaa-2222-bbbb-3333cccc4444 SAML App True 33334444-dddd-5555-eeee-6666ffff7777 saml True AzureADMyOrg {admin@Contoso} +``` + +This example demonstrates how to retrieve all SAML application details. + ## Parameters ### -All diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraSubscribedSku.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraSubscribedSku.md index 948ebb73f..98cc125dd 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraSubscribedSku.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraSubscribedSku.md @@ -2,7 +2,6 @@ title: Get-EntraSubscribedSku description: This article provides details on the Get-EntraSubscribedSku command. - ms.topic: reference ms.date: 06/26/2024 ms.author: eunicewaweru @@ -81,7 +80,29 @@ This example demonstrates how to retrieve specified subscribed SKUs to Microsoft - `-ObjectId` parameter specifies the ID of the SKU (Stock Keeping Unit). -### Example 3: Get a list of users, their assigned licenses, and licensing source +### Example 3: Retrieve all users assigned a specific license + +```powershell +Connect-Entra -Scopes 'Organization.Read.All' +$sku = Get-EntraSubscribedSku | Where-Object { $_.SkuPartNumber -eq 'DEVELOPERPACK_E5' } +$skuId = $sku.SkuId +$usersWithDeveloperPackE5 = Get-EntraUser -All | Where-Object { + $_.AssignedLicenses -and ($_.AssignedLicenses.SkuId -contains $skuId) +} +$usersWithDeveloperPackE5 | Select-Object Id, DisplayName, UserPrincipalName, AccountEnabled, UserType | Format-Table -AutoSize +``` + +```Output +Id DisplayName UserPrincipalName AccountEnabled UserType +-- ----------- ----------------- -------------- -------- +cccccccc-2222-3333-4444-dddddddddddd Angel Brown AngelB@contoso.com True Member +dddddddd-3333-4444-5555-eeeeeeeeeeee Avery Smith AveryS@contoso.com True Member +eeeeeeee-4444-5555-6666-ffffffffffff Sawyer Miller SawyerM@contoso.com True Member +``` + +This example demonstrates how to retrieve all users assigned a specific license. + +### Example 4: Get a list of users, their assigned licenses, and licensing source ```powershell Connect-Entra -Scopes 'Organization.Read.All','User.Read.All','Group.Read.All' diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUser.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUser.md index 10e5f3a7d..443eb9ec2 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUser.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUser.md @@ -174,6 +174,139 @@ New User cccccccc-2222-3333-4444-dddddddddddd NewUser@tenant.com This example demonstrates how to retrieve all users with disabled accounts. +### Example 8: List users based in a specific country + +```powershell +Connect-Entra -Scopes 'User.Read.All' +$usersInCanada = Get-EntraUser -Filter "Country eq 'Canada'" +$usersInCanada | Select-Object Id, DisplayName, UserPrincipalName, OfficeLocation, Country | Format-Table -AutoSize +``` + +```Output +Id DisplayName UserPrincipalName OfficeLocation Country +-- ----------- ----------------- -------------- ------- +cccccccc-2222-3333-4444-dddddddddddd New User NewUser@tenant.com 23/2102 Canada +``` + +This example demonstrates how to retrieve all users based in Canada. + +### Example 9: List user count per department + +```powershell +Connect-Entra -Scopes 'User.Read.All' +$departmentCounts = Get-EntraUser -All | Group-Object -Property Department | Select-Object Name, @{Name="MemberCount"; Expression={$_.Count}} +$departmentCounts | Format-Table Name, MemberCount -AutoSize +``` + +```Output +Name MemberCount +---- ----------- + 7 +Engineering 2 +Executive Management 1 +Finance 1 +HR 1 +``` + +This example demonstrates how to retrieve user count in each department. + +### Example 10: List disabled users with active licenses + +```powershell +Connect-Entra -Scopes 'User.Read.All' +$disabledUsersWithLicenses = Get-EntraUser -Filter "accountEnabled eq false" -All | Where-Object { + $_.AssignedLicenses -ne $null -and $_.AssignedLicenses.Count -gt 0 +} +$disabledUsersWithLicenses | Select-Object Id, DisplayName, UserPrincipalName, AccountEnabled | Format-Table -AutoSize +``` + +```Output +Id DisplayName UserPrincipalName AccountEnabled +-- ----------- ----------------- -------------- +cccccccc-2222-3333-4444-dddddddddddd New User NewUser@tenant.com False +``` + +This example demonstrates how to retrieve disabled users with active licenses. + +### Example 11: Retrieve guest users with active licenses + +```powershell +Connect-Entra -Scopes 'User.Read.All' +$guestUsers = Get-EntraUser -Filter "userType eq 'Guest'" -All +$guestUsersWithLicenses = foreach ($guest in $guestUsers) { + if ($guest.AssignedLicenses.Count -gt 0) { + [pscustomobject]@{ + Id = $guest.Id + DisplayName = $guest.DisplayName + UserPrincipalName = $guest.UserPrincipalName + AssignedLicenses = ($guest.AssignedLicenses | ForEach-Object { $_.SkuId }) -join ", " + } + } +} +$guestUsersWithLicenses | Format-Table Id, DisplayName, UserPrincipalName, AssignedLicenses -AutoSize +``` + +```Output +Id DisplayName UserPrincipalName AssignedLicenses +-- ----------- ----------------- ---------------- +cccccccc-2222-3333-4444-dddddddddddd Sawyer Miller sawyerm_gmail.com#EXT#@contoso.com c42b9cae-ea4f-4ab7-9717-81576235ccac +``` + +This example demonstrates how to retrieve guest users with active licenses. + +### Example 12: Retrieve users without managers + +```powershell +Connect-Entra -Scopes 'User.Read.All' +$allUsers = Get-EntraUser -All +$usersWithoutManagers = foreach ($user in $allUsers) { + $manager = Get-EntraUserManager -ObjectId $user.Id -ErrorAction SilentlyContinue + if (-not $manager) { + [pscustomobject]@{ + Id = $user.Id + DisplayName = $user.DisplayName + UserPrincipalName = $user.UserPrincipalName + } + } +} +$usersWithoutManagers | Format-Table Id, DisplayName, UserPrincipalName -AutoSize +``` + +```Output +Id DisplayName UserPrincipalName +-- ----------- ----------------- +cccccccc-2222-3333-4444-dddddddddddd New User NewUser@tenant.com +bbbbbbbb-1111-2222-3333-cccccccccccc Sawyer Miller SawyerM@contoso.com +``` + +This example demonstrates how to retrieve users without managers. + +### Example 13: List failed sign-ins for a user + +```powershell +Connect-Entra -Scopes 'AuditLog.Read.All','Directory.Read.All' +$failedSignIns = Get-EntraAuditSignInLog -Filter "userPrincipalName eq 'SawyerM@contoso.com' and status/errorCode ne 0" +$failedSignIns | Select-Object UserPrincipalName, CreatedDateTime, Status, IpAddress, ClientAppUsed | Format-Table -AutoSize +``` + +This example demonstrates how to retrieve failed sign-ins for a user. + +### Example 14: List all guest users + +```powershell +Connect-Entra -Scopes 'User.Read.All' +$guestUsers = Get-EntraUser -Filter "userType eq 'Guest'" -All +$guestUsers | Select-Object DisplayName, UserPrincipalName, Id, createdDateTime, creationType, accountEnabled, UserState | Format-Table -AutoSize +``` + +```Output +DisplayName UserPrincipalName Id CreatedDateTime CreationType AccountEnabled UserState +----------- ----------------- -- --------------- ------------ -------------- --------- +Sawyer Miller sawyerm_gmail.com#EXT#@contoso.com bbbbbbbb-1111-2222-3333-cccccccccccc 9/13/2024 6:37:33 PM Invitation True Accepted +``` + +This example demonstrates how to retrieve list all guest users. + ## Parameters ### -All diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserManager.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserManager.md index 522c0b4df..660358aa1 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserManager.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserManager.md @@ -64,6 +64,33 @@ This example demonstrates how to retrieve the manager of a specific user. - `-ObjectId` Parameter specifies ObjectID or User Principal Name of User. +### Example 2: Retrieve users without managers + +```powershell +Connect-Entra -Scopes 'User.Read.All' +$allUsers = Get-EntraUser -All +$usersWithoutManagers = foreach ($user in $allUsers) { + $manager = Get-EntraUserManager -ObjectId $user.Id -ErrorAction SilentlyContinue + if (-not $manager) { + [pscustomobject]@{ + Id = $user.Id + DisplayName = $user.DisplayName + UserPrincipalName = $user.UserPrincipalName + } + } +} +$usersWithoutManagers | Format-Table Id, DisplayName, UserPrincipalName -AutoSize +``` + +```Output +Id DisplayName UserPrincipalName +-- ----------- ----------------- +cccccccc-2222-3333-4444-dddddddddddd New User NewUser@tenant.com +bbbbbbbb-1111-2222-3333-cccccccccccc Sawyer Miller SawyerM@contoso.com +``` + +This example demonstrates how to retrieve users without managers. + ## Parameters ### -ObjectId diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserMembership.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserMembership.md index 641f56f67..49a7811e2 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserMembership.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUserMembership.md @@ -123,6 +123,22 @@ Id DeletedDateTime This example demonstrates how to retrieve users top three memberships in Microsoft Entra ID. +### Example 5: List groups that Sawyer Miller is a member of + +```powershell +Connect-Entra -Scopes 'User.Read.All' +$groups = Get-EntraUserMembership -ObjectId 'SawyerM@contoso.com' +$groups | Select-Object DisplayName, Id, GroupTypes, Visibility | Format-Table -AutoSize +``` + +```Output +DisplayName Id GroupTypes Visibility +----------- -- ---------- ---------- +Contoso Group bbbbbbbb-1111-2222-3333-cccccccccccc {Unified} Public +``` + +This example demonstrates how to retrieve the groups that a user is a member of. + ## Parameters ### -All