Enterprise Mobility and Security Blog


Howdy folks,

It’s Friday, so it’s time for another Azure AD Mailbag. This time Mark and the team have pulled together some great tips and tricks for using Azure AD with PowerShell.

I hope this is helpful. If you have questions make sure to send them to AskAzureADBlog@microsoft.com

Best Regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of PM

Microsoft Identity Products and Services


Hey y’all, Mark Morowczynski back again with another mailbag post to start off your new year on the right foot. Our previous posts have typically focused on a specific feature, this post is going to be a bit different. This one will focus on questions that we see over and over again but you can use PowerShell to find the answer you are looking for! If you haven’t started learning PowerShell yet well for the 1,000th time you really should start on it. Seriously. Here is a nice free Microsoft Virtual Academy- Getting Started With PowerShell 3.0 Jump Start, to get you going

Question: Why is Azure Active Directory PowerShell separate from Azure PowerShell?

Answer: Azure Active Directory is used by all Microsoft online services including Microsoft Office 365. It pre-dates the current Azure PowerShell. In addition, Azure Active Directory does not currently leverage Azure Resource Management.

Question: Where do I get the latest version of Azure AD PowerShell?

Answer: The current version can be found here: https://msdn.microsoft.com/en-us/library/jj151815.aspx#bkmk_installmodule. There is also a preview version of Azure AD PowerShell with support for MFA that we discussed in a previous post: http://blogs.technet.com/b/ad/archive/2015/10/20/azure-ad-powershell-public-preview-of-support-for-azure-mfa-new-device-management-commands.aspx

Question: I’m using B2B or I have invited some external users to my Azure Active Directory, is there any way to see all these users?

Answer: Yes, PowerShell! These types of accounts are called Guest Accounts. You can run this command:

Get-MsolUser -All | where {$_.UserType -eq “Guest”}

Question: I want to find all users containing something specific. Is there any way to do this?

Answer: Yes, PowerShell! For example, let’s say I wanted to find everyone in a specific department:

Get-MsolUser -All | where {$_.Department -like “*IT*”}

Question: I want to see all of the users in my Azure Active Directory that have a specific Administrator role, for example like Company Administrators. Is there a way to see that?

Answer: Yes, I think you are getting the point by now, PowerShell! First we want to get a list of all roles. To do that run”


We are looking for Company Administrators. To do that we run:

$companyAdminRole = Get-MsolRole -RoleName “Company Administrator”

Get-MsolRoleMember -RoleObjectId $companyAdminRole.ObjectId

Question: Is there a way to check to see if the user is a member of a group using PowerShell?

Answer: This one we went and created a PowerShell Function you can use:

 function IsMemberOfGroup($groupName, $userPrincipalName) {

$group = Get-MsolGroup -SearchString $groupName -All

  if($group -eq $null){

Write-Output $group

Write-Host “Group not found”



  if($group.count -gt 1){

Write-Host “More than one matching group found”



  $user =Get-MsolUser -UserPrincipalName $userPrincipalName

  if($user -eq $null){

Write-Host “User not found”



  $groupMember = Get-MsolGroupMember -GroupObjectId $group.ObjectId -All | where {$_.ObjectId -eq $user.ObjectId}

  if($groupMember -eq $null){

Write-Output $false


write-Output $true



 Then run:

IsMemberOfGroup “GroupName” userprincipalname


We hope you’ve found this post and this series to be helpful. For any questions you can reach us at
Microsoft Forums
and on Twitter
@AzureAD, @MarkMorow
and @Alex_A_Simons

-Mark Morowczynski, Edward Wu, Chad Hasbrook and Shane Oatman