Saturday, February 12, 2022

Query recently created users in Azure AD

Recently had a project where we wanted to identify users created an automated process in the last day. This script gets the job done.

#Gather a list of recently created users

#specify time that will be compared against -24 is the most recent 24 hours
#you can use the option funtion addDays for a longer time period
#Note that time from AzureAD is UTC

$time = (get-date).ToUniversalTime().AddHours(-24)

$users = Get-AzureADUser -All

$newusers = New-Object Collections.Generic.List

foreach ($u in $users) {
    # Write-Host $u.ExtensionProperty.createdDateTime
    If ([datetime]$u.ExtensionProperty.createdDateTime -gt $time) {
        $newusers.Add($u)
    }
}

Write-host "There are " $newusers.count " new users"
$newusers



2 comments:

  1. Would this have scalability issues in massive directories? How would you move the filtering into the query itself?

    ReplyDelete
    Replies
    1. For sure in larger directories this will be slow because it's querying all users and then filtering. I've worked on projects where we've queried 100,000 users and it works.

      I couldn't figure out the correct syntax to filter directly with the Get-AzureADUser cmdlet. Since the value is returned as a string rather than a date object, it might not be possible. When I was looking for syntax info I did find a reference from someone that you can't filter the property by using Graph. So, it's quite possible the same holds true for this.

      Delete