Recently I posted about using PowerShell and the Azure Active Directory Authentication Library to connect to Azure AD here. Whilst that post detailed performing simple tasks like updating an attribute on a user, in this post I’ll use the same method to connect to Azure AD via PowerShell but cover;
- enumerate users, contacts or groups
- where the number of objects is greater than the maximum results per page, get all remaining pages of results
- limit results based on filters
The premise of my script was one that could just be executed without prompts. As such the script contains the ‘username’ and ‘password’ that are used to perform the query. No special access is required for this script. Any standard user account will have ‘read’ permissions to Azure AD and will return results.
Here is the base script to return all objects of a given type from a tenant. For your environment;
- change line 7 for your tenant name
- change line 11 for your account in your tenant
- change line 12 for the password associated with the account specified in line 11
- change line 18 for the object type (eg. Users, Groups, Contacts)
I’ve hardcoded the number of results to return per page in both line 39 and 64 to the maximum 999. The default is 100. I wanted to return all objects as quickly as possible.
The first query along with returning 999 query results also returns a value for $query.’odata.nextLink’ if there are more than 999 results. The .nextLink value we then use in subsequent API calls to return the remaining pages until we have returned all objects.
Brilliant. So we can now simply change line 18 for different object types (Users, Groups, Contacts) if required. But what if we want to filter on other criteria such as attribute values?
Here is a slightly modified version (to the URI) to include a query filter. Lines 19-24 have a couple of examples of query filters.
So there you have the basics on getting started returning large numbers of objects from Azure AD via Azure Graph from PowerShell. Hopefully the time I spent working out the syntax for the URI’s helps someone else out as there aren’t any examples I could find whilst working this out.
Follow Darren on Twitter @darrenjrobinson
Hi Darren,
first of all thanks for your blog. It’s been really good to get me started with graph.
I’m looking at this post and I don’t see any attachment or hyperlink to the actual script. Can you please add it back?
Thanks
Thx Luis. The scripts are there, they just don’t always show if you are browsing from mobile/tablet. Here they are just in case though https://gist.github.com/darrenjrobinson/87778fb9d010e25da05f8a249276ec57#file-getallazureadusersgroupscontacts-ps1
https://gist.github.com/darrenjrobinson/5ff68dcc5485b6e15ea2d8b2d532718a#file-getallazureadobjectswithpagingandfilters-ps1
and the other 2nd script is here https://gist.github.com/darrenjrobinson/5ff68dcc5485b6e15ea2d8b2d532718a#file-getallazureadobjectswithpagingandfilters-ps1
Script no longer works with ADAL v3
Checkout this post James for using later versions of the helper libraries. https://blog.darrenjrobinson.com/adapting-to-the-changes-in-the-azuread-preview-powershell-module-adal-helper-library/