Hello,
is there a way to retrieve the Identity Issuer information for an Azure AD user (external) via PowerShell ?
Thank you,
Luca
Retrieve Azure AD Identity Issuer via PowerShell
@lucafabbri365 ,
I understand that you are trying to get information on whether we have a PowerShell cmdlet to obtain the Identity Issuer information for any Azure AD User . I tried three different PowerShell modules related to user information and this is currently not available through PowerShell . I am assuming that you are trying to get information on your external guest users from other tenants who have been invited like you see on the portal .
I tried three different powershell modules as below but could not get that exact information in any of them . So I can conclude that this information is only available from portal as seen above and not using any powershell cmdlet at this point .
-
PS C:\> Get-MsolUser -ObjectId 13d6b73e-xxxx-xxxx-xxxx-974125e0e66a | fl ExtensionData : System.Runtime.Serialization.ExtensionDataObject AlternateEmailAddresses : {adm@0000000.onmicrosoft.com} AlternateMobilePhones : {} AlternativeSecurityIds : {16 3 191 253 139 203 84 181} BlockCredential : False City : CloudExchangeRecipientDisplayType : 6 Country : Department : DirSyncProvisioningErrors : {} DisplayName : Umbrella A Errors : Fax : FirstName : shashi ImmutableId : IndirectLicenseErrors : {} IsBlackberryUser : False IsLicensed : False LastDirSyncTime : LastName : LastPasswordChangeTimestamp : 6/23/2020 5:11:13 PM LicenseAssignmentDetails : {} LicenseReconciliationNeeded : False Licenses : {} LiveId : 1003200000000000 MSExchRecipientTypeDetails : MSRtcSipDeploymentLocator : MSRtcSipPrimaryUserAddress : MobilePhone : ObjectId : 13d6b73e-xxxx-xxxx-xxxx-974125e0e66a Office : OverallProvisioningStatus : None PasswordNeverExpires : PasswordResetNotRequiredDuringActivate : PhoneNumber : PortalSettings : PostalCode : PreferredDataLocation : PreferredLanguage : ProxyAddresses : {SMTP:adm@0000000.onmicrosoft.com} ReleaseTrack : ServiceInformation : {} SignInName : adm@0000000.onmicrosoft.com SoftDeletionTimestamp : State : StreetAddress : StrongAuthenticationMethods : {Microsoft.Online.Administration.StrongAuthenticationMethod, Microsoft.Online.Administration.StrongAuthenticationMethod} StrongAuthenticationPhoneAppDetails : {} StrongAuthenticationProofupTime : StrongAuthenticationRequirements : {} StrongAuthenticationUserDetails : StrongPasswordRequired : StsRefreshTokensValidFrom : 6/23/2020 5:11:13 PM Title : UsageLocation : IN UserLandingPageIdentifierForO365Shell : UserPrincipalName : adm_0000000.onmicrosoft.com#EXT#@A1111.onmicrosoft.com UserThemeIdentifierForO365Shell : UserType : Guest ValidationStatus : Healthy WhenCreated : 6/23/2020 5:11:13 PM
If you use the Get-AzureADUser cmdlet then you can filter them by value of CreationType parameter which will be Invitation for external users always. It will include everyone who has redeemed an invitation which will give you list of all users who are external users in the tenant. (this includes Microsoft Account and B2B users from external AzureAD tenant)
PS C:\> get-AzureADUser -ObjectId 13d6b73e-xxxx-xxxx-xxxx-974125e0e66a | fl
ExtensionProperty : {[odata.metadata, https://graph.windows.net/adfxxxxa-xxxx-xxxx-xxxx-581xxxx7a74f/$metadata#directoryObjects/@Element], [odata.type,
Microsoft.DirectoryServices.User], [createdDateTime, 6/23/2020 5:11:13 PM], [employeeId, ]...}
DeletionTimestamp :
ObjectId : 13d6b73e-xxxx-xxxx-xxxx-974125e0e66a
ObjectType : User
AccountEnabled : True
AgeGroup :
AssignedLicenses : {}
AssignedPlans : {}
City :
CompanyName :
ConsentProvidedForMinor :
Country :
CreationType : Invitation
Department :
DirSyncEnabled :
DisplayName : Umbrella Admin
FacsimileTelephoneNumber :
GivenName : shashi
IsCompromised :
ImmutableId :
JobTitle :
LastDirSyncTime :
LegalAgeGroupClassification :
Mail : adm@0000000.onmicrosoft.com
MailNickName : adm_0000000.onmicrosoft.com#EXT#
Mobile :
OnPremisesSecurityIdentifier :
OtherMails : {adm@0000000.onmicrosoft.com}
PasswordPolicies :
PasswordProfile :
PhysicalDeliveryOfficeName :
PostalCode :
PreferredLanguage :
ProvisionedPlans : {}
ProvisioningErrors : {}
ProxyAddresses : {SMTP:adm@0000000.onmicrosoft.com}
RefreshTokensValidFromDateTime : 6/23/2020 5:11:13 PM
ShowInAddressList : False
SignInNames : {}
SipProxyAddress :
State :
StreetAddress :
Surname : shailaj
TelephoneNumber :
UsageLocation : IN
UserPrincipalName : adm_0000000.onmicrosoft.com#EXT#@x11111.onmicrosoft.com
UserState : Accepted
UserStateChangedOn : 2020-06-23T17:11:52Z
UserType : Guest
I tried checking the extension attribute as well however it does not have the Issuer Identity information as well
PS C:\> Get-AzureADUserExtension -ObjectId 13d6b73e-xxxx-xxxx-xxxx-974125e0e66a | fl
Key : odata.metadata
Value : https://graph.windows.net/adfxxxxa-xxxx-xxxx-xxxx-581xxxx7a74f/$metadata#directoryObjects/@Element
Key : odata.type
Value : Microsoft.DirectoryServices.User
Key : createdDateTime
Value : 6/23/2020 5:11:13 PM
Key : employeeId
Value :
Key : onPremisesDistinguishedName
Value :
Key : userIdentities
Value : []
I also tried the Microsoft Graph powershell module for querying the users as well but that also does not provide this kind of information for users from external directory
PS C:\> Get-MgUser -UserId 13d6b73e-xxxx-xxxx-xxxx-974125e0e66a | fl
AboutMe :
AccountEnabled :
Activities :
AgeGroup :
AgreementAcceptances :
AppRoleAssignments :
AssignedLicenses :
AssignedPlans :
Authentication : Microsoft.Graph.PowerShell.Models.MicrosoftGraphAuthentication1
Birthday :
BusinessPhones : {}
Calendar : Microsoft.Graph.PowerShell.Models.MicrosoftGraphCalendar1
CalendarGroups :
CalendarView :
Calendars :
Chats :
City :
CompanyName :
ConsentProvidedForMinor :
ContactFolders :
Contacts :
Country :
CreatedDateTime :
CreatedObjects :
CreationType :
DeletedDateTime :
Department :
DeviceEnrollmentLimit :
DeviceManagementTroubleshootingEvents :
DirectReports :
DisplayName : Umbrella A
Drive : Microsoft.Graph.PowerShell.Models.MicrosoftGraphDrive1
Drives :
EmployeeHireDate :
EmployeeId :
EmployeeOrgData : Microsoft.Graph.PowerShell.Models.MicrosoftGraphEmployeeOrgData
EmployeeType :
Events :
Extensions :
ExternalUserState :
ExternalUserStateChangeDateTime :
FaxNumber :
FollowedSites :
GivenName : sam
HireDate :
Id : 13d6b73e-xxxx-xxxx-xxxx-974125e0e66a
Identities :
ImAddresses :
InferenceClassification : Microsoft.Graph.PowerShell.Models.MicrosoftGraphInferenceClassification
Insights : Microsoft.Graph.PowerShell.Models.MicrosoftGraphOfficeGraphInsights
Interests :
IsResourceAccount :
JobTitle :
JoinedTeams :
LastPasswordChangeDateTime :
LegalAgeGroupClassification :
LicenseAssignmentStates :
LicenseDetails :
Mail : adm@0000000.onmicrosoft.com
MailFolders :
MailNickname :
MailboxSettings : Microsoft.Graph.PowerShell.Models.MicrosoftGraphMailboxSettings1
ManagedAppRegistrations :
ManagedDevices :
Manager : Microsoft.Graph.PowerShell.Models.MicrosoftGraphDirectoryObject
MemberOf :
Messages :
MobilePhone :
MySite :
Oauth2PermissionGrants :
OfficeLocation :
OnPremisesDistinguishedName :
OnPremisesDomainName :
OnPremisesExtensionAttributes : Microsoft.Graph.PowerShell.Models.MicrosoftGraphOnPremisesExtensionAttributes
OnPremisesImmutableId :
OnPremisesLastSyncDateTime :
OnPremisesProvisioningErrors :
OnPremisesSamAccountName :
OnPremisesSecurityIdentifier :
OnPremisesSyncEnabled :
OnPremisesUserPrincipalName :
Onenote : Microsoft.Graph.PowerShell.Models.MicrosoftGraphOnenote1
OnlineMeetings :
OtherMails :
Outlook : Microsoft.Graph.PowerShell.Models.MicrosoftGraphOutlookUser1
OwnedDevices :
OwnedObjects :
PasswordPolicies :
PasswordProfile : Microsoft.Graph.PowerShell.Models.MicrosoftGraphPasswordProfile
PastProjects :
People :
Photo : Microsoft.Graph.PowerShell.Models.MicrosoftGraphProfilePhoto
Photos :
Planner : Microsoft.Graph.PowerShell.Models.MicrosoftGraphPlannerUser1
PostalCode :
PreferredLanguage :
PreferredName :
Presence : Microsoft.Graph.PowerShell.Models.MicrosoftGraphPresence1
ProvisionedPlans :
ProxyAddresses :
RegisteredDevices :
Responsibilities :
Schools :
ScopedRoleMemberOf :
Settings : Microsoft.Graph.PowerShell.Models.MicrosoftGraphUserSettings1
ShowInAddressList :
SignInSessionsValidFromDateTime :
Skills :
State :
StreetAddress :
Surname : sm
Teamwork : Microsoft.Graph.PowerShell.Models.MicrosoftGraphUserTeamwork1
Todo : Microsoft.Graph.PowerShell.Models.MicrosoftGraphTodo
TransitiveMemberOf :
UsageLocation :
UserPrincipalName : adm_0000000.onmicrosoft.com#EXT#@A111.onmicrosoft.com
UserType :
AdditionalProperties : {[@odata.context, https://graph.microsoft.com/v1.0/$metadata#users/$entity]}
Hope this helps. Unfortunately the information you require is not available at the moment through any powershell cmdlet and only available from the portal. If the information shared is useful , please do accept the post as answer as it will be helpful to other community members searching the similar queries. Should you have any other query , do let us know and we will be happy to help .
Thank you.
Please don't forget to click on
whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is howWant a reminder to come back and check responses? Here is how to subscribe to a notification
If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators
4 people are following this question.
