Friday, November 23, 2018

Azure AD : Getting the UPN

I've been playing around with the custom SAML connection in Azure AD and the "claims transformations"  that you can do e.g. tolower.

My interest was Guest accounts.

The user screens don't show the UPN so I needed to do this with PowerShell.

connect-azuread -tenant tenantname

Get-AzureADUser -Filter "userType eq 'Guest'" -All $true | select Displa
yName,UserPrincipalName,Mail,Department,UserType,CreationType,RefreshTokensValid
FromDateTime,AccountEnabled


This displays:

DisplayName                    : Joe
UserPrincipalName              : joe@company.com#EXT#@tenantname
Mail                           : joe@company.com
Department                     :
UserType                       : Guest
CreationType                   : Invitation
RefreshTokensValidFromDateTime : 21/11/2018 11:13:58 p.m.
AccountEnabled                 : True

Or if you wanted the top 10:

Get-AzureADUser -Filter "userType eq 'Guest'" -Top 10 | select DisplayNa
me,UserPrincipalName,Mail,Department,UserType,CreationType,RefreshTokensValidFro
mDateTime,AccountEnabled


Or complex filter:

Get-AzureADUser -Filter "mail eq 'joe@company.com' and userType eq '
Guest'"


If you want to see the full list of Azure AD attributes with the complete schema, use:

Get-AzureADUser  -All $true | fl > allad.txt

Enjoy!