Question 105268 in Azure Question posted in
The official documentation to get you started can be found here.

Azure – get deleted users – Using Get-AzureADUser

I’m hoping to use the updated graph powershell commands to be able to pull more information on deleted users.

I’m trying to use:

Get-AzureADUser -Filter "aad.IsDeleted eq 'True'"

but it returns the error:

The child type ‘aaad.IsDeleted’ in a cast was not an entitity type.

Ho do I filter for deleted accounts, if possible, so that I can also do a select to include additional parameters / attributes?

I’m hoping to be able to know when an account was deleted, a description, etc.

Moving some users to cloud only so we need to move them in AD to a container that is excluded from AD Connect. Then need to use a script to undelete them and validate licenses are still in use.

I know with

get-MsolUser -ReturnDeletedUsers

works, however I haven’t been able to figure out how to return additional values / parameters / attributes.

Tags:

3

Answers


  1. 0

    It doesn’t appear that Get-AzureADUser or Get-AzADUser have a way of filtering or returning deleted users. You can’t even use -Filter as the property is not returned from the API call.

    You can however workaround this slightly and call the API directly.

    $result = Invoke-AzRestMethod -Uri 'https://graph.microsoft.com/beta/directory/deleteditems/microsoft.graph.user'
$jsonOutput = $result.content | ConvertFrom-Json
$jsonOutput.value | Select-Object id, displayName, mail, deletedDateTime

    There are a couple of examples on github where people have written functions to assist with making those calls:

    https://github.com/Azure/GuardrailsSolutionAccelerator/blob/0f3f4994c03d8e47d7d67bd790ba3b290f37560a/src/GUARDRAIL%202%20MANAGEMENT%20OF%20ADMINISTRATIVE%20PRIVILEGES/Audit/Check-DeletedAndDisabledUsers.psm1

    and

    https://github.com/Panzerbjrn/AzureGraphApiHelper/blob/4cd2dcd1067bdabd349b044f1760bb958d54179d/AzureGraphApiHelper/Functions/Get-AGDeletedUsers.ps1

    Login or Signup to reply.
  2. 0

    • You can surely get all the details of the deleted Azure AD user accounts from your tenant through the below command. Also, you can use filter and attributes as shown below along with this command for sorting out specific details for a particular deleted user account: –

    Command: –

     Get-MsolUser -ReturnDeletedUsers -MaxResults 50 -EnabledFilter All | Export-Csv -Path C:Usersv-kartikbDownloadsReatappdelete4.csv ’

    Output: –

    MS Online Server

    Similarly, if you want to get any information regarding a specific user or search a user ID based on the search string, then please refer to the below commands: –

     Get-MsolUser -ReturnDeletedUsers | FL UserPrincipalName,ObjectID

 Get-MsolUser –ReturnDeletedUsers –SearchString <User UPN>| FLUserPrincipalName,ObjectID

    Also, do ensure that you will have to sign into Microsoft Office 365 service for executing the above commands successfully by executing the below command successfully: –

     Connect-MsolService

    Also, you can get the details of any deleted user if you have the object ID with you by executing the below Azure AD command through powershell: –

    Connect-AzureAD
Get-AzureADMSDeletedDirectoryObject -Id <ObjectID>

    Output: –

    Azure AD command output

    Please find the below link for more details regarding the above commands: –

    http://ajaxtechinc.com/question/manage-delete-users-office-365-recycle-bin/

    Login or Signup to reply.
  3. 0

    This can be accomplished using the graph api and the Azure CLI for auth

    $deletedUsers = az rest `
--method "GET" `
--url "https://graph.microsoft.com/v1.0/directory/deletedItems/microsoft.graph.user" `
--headers "Content-Type=application/json" | ConvertFrom-Json
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search