Get-AzureADUser - ALL - PowerShell Slow Get all users and users who made changes to account

1
votes

I am working with Azure AD and need to get all users and export it into csv file and finally put it into SQL.

At this moment we have about 10,000 users. The problem is the PowerShell command [Get-AzureADUser – ALL] it’s SUPER SLOW!! It takes about 58 minutes to complete the task. Today we noticed that some users made changes to their account. I need to update the whole list to find the changes made.

My questions is:

1) Is there a faster way I can get ALL users?

2) How can I only find users who made changes to their account?

Powershell script:

$aadUsers = Get-AzureADUser -All $true | Select DisplayName, ObjectId, userType,GivenName
2
sqlazurepowershellazure-active-directory
you could try using the latest Az module, performance might be better4c74356b41
@Vel Do you have any other concerns?Jim Xu
Hi @JimXu real quick before I accept your answer. How can I select only the information inside of InitatedBy to be displayed and nothing elseVel
@Vel You can try to use the command Get-AzureADAuditDirectoryLogs -All $true -Filter "Category eq 'UserManagement' and result eq 'success'" | Select-Object InitiatedByJim Xu
@JimXu I am exporting it to CSV all the data for one users goes into one row. How can I split it into different columns 'User: , AppId, DisplayName, PrincipalNameId'Vel

2 Answers

1
votes

According to my research, if we want to get the users' changes, we have two ways to do that

  1. Track changes to users with Users audit logs.

    We can use Azure AD Powershell command Get-AzureADAuditDirectoryLogs to get Users audit logs. For more details, please refer to https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureadauditdirectorylogs?view=azureadps-2.0-preview

Install-module AzureADPreview
Connect-AzureAD
Get-AzureADAuditDirectoryLogs -All $true -Filter "Category eq 'UserManagement' and result eq 'success'"

enter image description here

  1. Track changes to users with Microsoft Graph delta query The API is as below
Get https://graph.microsoft.com/v1.0/users/delta

For example

GET https://graph.microsoft.com/v1.0/users/delta?$select=displayName,givenName,surname

enter image description here

If your response is too big, it will return @odata.nextLink in the response. Then you can directly use the link to get the next page response. At the last page response, it will return @odata.deltaLink in the response. You can save it and directly use the link to get the changes in next time. For more details, please refer to https://docs.microsoft.com/en-us/graph/delta-query-users

0
votes
Get-msoluser -all | select DisplayName, ObjectId, userType, FirstName
Get-msoluser -all | select *
Get-msoluser -all | Where {$_.city -eq 'chicago'}

This module seems quite a bit faster.