Reload to refresh your session. First, retrieve the user Id of the desired guest using the ‘Get-MgUser’ cmdlet, and the group ID using the ‘Get-MgGroup’ cmdlet. You can use Get-Help Get-MgUser -Full for full help. Type: SwitchParameter: Position: Named:. com -Property department | select departmentAfter running the script, it will automatically open c: empuserslicenses. I recently started a new job and I’m trying my darndest to be. Get-MgUser {DeviceManagementApps. Graph. I can work around this by starting a new Get-MgUser -UserId request for each user, which then returns the needed extensionAttribute value, but increases the time the script takes massively (from under 10 minutes to multiple hours). I’ll stay here, until next time. Read. As a bonus, re-run the Get-MgContext` command and view the additional scope (hint: you may need to expand the `Scopes` property to. For information on hash tables, run Get-Help about_Hash_Tables. Users. Azure Managed Identity is a feature of Azure Active Directory (AAD) that allows Azure resources to authenticate to other Azure. Some common uses for this function are to: This API is available in the following national cloud deployments. e. Similarly, I could invoke Get-MgGroup -Filter 'resourceProvisioningOptions/Any(x:x eq ''Team'')' -Count to get a count of the number of. They are always empty, even if you explicitly specify them using the -Property parameter. more details can be found in my tutorial How To Use Get-MgUser with Microsoft Graph PowerShell, although the tutorial goes into the Get-MgUser cmdlet, the same concepts apply to Get-MgGroup. For example ‘Get-ADUser mishka’ works as SamAccountName is the default. OnPremisesExtensionAttributes did return empty values. Graph. Is it possible to list extensionAttribute1 - extensionAttribute15 via PowerShell command?. Graph. Read more about the parameters in the chat session from the Create chat. With reference to this MSFT article: Get a user, getting a user returns a default set of properties only (businessPhones, displayName, givenName,. The. Update-MgUser -UserId "[email protected] line:1 char:1 + Get-MgUser + ~~~~~ + CategoryInfo : NotSpecified: (:) [Get-MgUser_List], AggregateException + FullyQualifiedErrorId : System. Get-MgUser. I would like to grab the last sign in logs with the filter up to 30 days of last sign in of a user. Re: Get-MgUser - how to get only users? @Benjamin1998 Azure AD doesn’t distinguish between an account used by a human and one used by a resource, like a shared mailbox. Graph. com" | fl Us and. Graph To verify the installed sub-modules and their versions, run: Get-InstalledModule The version in the output should match the latest version published on the PowerShell Gallery. Unfortunately, the results of running Get-MgGroupMember are simply a list of user Id’s, which is not meaningful to us humans,. The v1. You can choose based on your needs. Get the number of the resource. The slowest part of you script would be the individual Get-MgUser for each user in the CSV that would create one request for every user which isn't need because you can get all the information you after from the first request. Run the Get-MgUser cmdlet to find all guest accounts and then loop through the set of accounts. Example 2: Get enabled usersThese cmdlets include Get-MgUser, Get-MgGroup, and Get-MgTeam (beta only). Read. Because the user resource supports extensions, you can also use the GET operation to get custom properties and extension data in a user instance. You can get the Azure AD user accounts that work at a specific department in your organization. Although this topic lists all parameters for the. For example, I could get a count of users in whatever tenant I have connect to by simply invoking Get-MgUser -Count. com-Property Department. Get-MgUser_Get1: Access is denied. The sole prerequisite is that the set must contain a property to allow Azure AD to identify each account. Export the Last Sign-in date and time of All Users into a CSV file using below Powershell script. Get-MgUser); From what I can tell the type of directory object can't be gleaned via PowerShell with out 'trial-and-error'. Open up a text editor. To soft-delete an Azure AD user account, use the Remove-MgUser cmdlet with Microsoft Graph PowerShell. Note: The beta version of the Graph API is unsupported. To get list of all users and their current password expiration policy activation status, run the below command: PowerShell. To learn more about the Get-MgUser cmdlet, check out my tutorial: How To Use Get-MgUser with Microsoft Graph PowerShell. Creating, Updating, and Deleting Users - Basic User Management Commands: - Get-MgUser - Remove-MgUser - New-MgUser - Update-MgUser . Create and Team-Enable a New Group. So, I have given both ways to check MFA status using Get-MSolUser and Get-MgUser. Manager. Shown. 1 person found this answer helpful. : The calendar color, expressed in a hex color code of three hexadecimal values, each ranging from 00 to FF and representing the red, green, or blue components of the color in the RGB color space. It displays up to the default value of 500 results. I'm trying to use Get-MgUser but properties are either missing (empty) or showing some weird object that Google can't tell me much about. Graph. All permission to the app, imported Microsoft. This API is available in the following national cloud. Two methods exist to create a new Azure AD account with PowerShell. Users Get-MgUser -Filter "NOT(imAddresses/any(i:i eq '[email protected]” with the user’s email address you want to check. Microsoft Graph however requires one to specify, for example. Update-MgUser -UserId <user ID> -PasswordPolicies DisablePasswordExpiration. Frequent password changes lead to weak passwords, so it’s better to have a solid and hard-to-crack password strategy, which can be set to never. 0. Type: SwitchParameter: Position: Named: Default value: None: Required: False: Accept pipeline input: False: Accept wildcard characters:これまでユーザー情報の取得にし使用していた Get-MsolUser や Get-AzureADUser コマンドは、 Get-MgUser コマンドに置き換えられます。ここでは様々なシナリオでユーザーを取得する方法についてご紹介します。 テナントの全ユーザーを取得し. Entra ID is a cloud-based identity and access management service that helps users to access the resources they need. To retrieve the last sign-in activity data for a specific user, use the Get-MgUser cmdlet with the -UserId parameter to specify the user’s object ID and the -Property parameter to retrieve the sign-in activity data. # THE PYTHON SDK IS IN PREVIEW. com' and c/issuer eq 'My B2C tenant')" Important. Sign-ins that are interactive in nature (where a username/password is passed as part of auth token) and successful federated sign-ins are currently included in the sign-in logs. Graph. ACTIVITIES <IMicrosoftGraphUserActivity[]>: The user's activities. However, all cmdlets output objects that simply have the Id property. Microsoft Graph A Microsoft programmability model that exposes REST APIs and client libraries to access data on. I am able to get the phone numbers to show but I'm curious as to how I can get the UPN from MGUser in the output? In this article Syntax Set-Mg User License -UserId <String> [-AddLicenses <IMicrosoftGraphAssignedLicense[]>] [-AdditionalProperties <Hashtable>] [-RemoveLicenses. -Filter "UserPrincipalName eq '[email protected]'" # Microsoft Graph PowerShell Command Get-MgUser ` -Filter "UserPrincipalName eq ' [email protected] '" The following example shows how to create a new user account, assign a license and then add the user to a security group with the MSOnline module and the Microsoft Graph equivalent:Get-InstalledModule graph | Uninstall-Module -AllVersions -Force. I'm running a script that fills a variable to return LastNonInteractiveSignInDateTime with Get-MGUser. We will provide a fix in. This operation returns by default only a subset of the more commonly used properties for each user. Read. All". Read. may need to close out of all windows . This command works because you allowed the application to use the `User. Run the Get-MGUserAuthenticationMethod cmdlet. One common task is to retrieve the last sign-in date time for all users in Azure AD. All Update-MgUser -UserId edwardlt501edwar@<managed. We’re going to assume you have already created an Automation account in your subscription. For example, if you're looking for commands related to Microsoft Teams, you can run the. powershell; graph; azure-active-directory; microsoft-graph-api; microsoft-graph-mail; Share. Graph. INPUTOBJECT <IGroupsIdentity> : Identity Parameter [AttachmentId <String>] : The unique identifier of attachmentThe current replacement I have found Get-MGUser does not appear to make this information available. To Reproduce Steps to reproduce the behavior: Execute. [AttachmentBaseId <String>]: The unique identifier of attachmentBase. Get-MgUser -All |Select-Object PasswordPolicies. I think you can do simliar with the Az cmdlets or otherwise switch to the MgGraph. Step 8. Replace the user ID with the user ID from your tenant. OnMicrosoft. This information can be found by using Find-MgGraphCommand, we can also limit the results by selecting to display. # THE PYTHON SDK IS IN PREVIEW. 0 version of Graph, the Get-MgUser module must be called using the beta profile (Select-MgProfile -Name "beta") in order to return this data. 👇. [AttachmentBaseId <String>]: The unique identifier of attachmentBase. Get-Mguser I know I might need to use Get-Mguser cmdlets but not sure how can I return only the soft-deleted user. Check if the account has “Expired” in custom attribute 14. Install-Module -Name Microsoft. PowerShell includes a command-line shell, object-oriented scripting language, and a set of tools for executing scripts/cmdlets and. For example, john_contoso. To create the parameters described below, construct a hash table containing the appropriate properties. Graph. to migrate away from the Azure AD module (being deprecated) to MS Graph, how do I achieve the same thing with 'Update-MgUser', 'Update-MgUserSetting' or 'New-MgUser'? powershell;. Re: Get-MgUser - how to get only users? @Benjamin1998 Azure AD doesn’t distinguish between an account used by a human and one used by a resource, like a shared mailbox. FollowIt is possible to do a Get-MgUser against a user object and then search within any of the properties above. Some customers want to move to the cloud and are using Azure AD. Graph. Azure License Management with Microsoft Graph - Azure Cloud & AI Domain Blog. com. Expand related entities. User. This example shows how to use the Get-MgUserDrive Cmdlet. If the answer is helpful, please click " Accept Answer " and kindly upvote it. Microsoft Graph PowerShell module is published on PowerShell Gallery. With PowerShell, we can easily get the MFA Status of all our Office 365 users. INPUTOBJECT <IUsersIdentity>: Identity Parameter [AttachmentBaseId <String>]: The unique identifier of attachmentBase Automate and manage your Microsoft 365 tenant by using the Microsoft Graph PowerShell SDK that brings the Microsoft Graph API to PowerShell. Examples Example 1: Create an event in a specific calendarThe Get-MsolUser cmdlet gets an individual user or list of users. Graph. Reload to refresh your session. Copy and paste the below code into your text editor. Graph. Users Get-MgUser -Filter "accountEnabled ne true" -CountVariable CountVar -ConsistencyLevel eventual Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance. E. Graph. All permission. This command allows you to get and extract information about users, or specific users based on criteria such as user name, email address, and manager from Azure Active Directory. 0 cmdlet typically returns the skeleton properties so the query can run faster. The sample use-case you learned in this tutorial only covered the basics. All (Application) –. You can get the metadata of the largest available. "get-mailboxstatistics | select LastLogonTime" is today, because "(Get-MgUser -UserId <guid> -Select SignInActivity). Graph. All True Read directory data. Get-MgUser -UserId <string>| Format-List ID, DisplayName, Mail, UserPrincipalName, Country. To get more information for each user, use the -Property parameter. For information on hash tables, run Get-Help about_Hash_Tables. com has access to from the first license that's assigned to her account (the index number is 0). I need to track logins, when using Get-MgAuditLogSignIn I only get information about the interactive logins. g. Conclusion. Note: Generally, the Get-MgUser cmdlet displays only the first 100 users by default. Use Get-MgUser to get Azure AD Users. Here is a version I finally got working, pieces borrowed from various other posts/sources, mostly Andrew Water's other post here: Azure AD - Delete Users after XYZ since last sign in date This one will kick out the display name and creation date in addition since guest accounts UPNs aren't always the most readable. As an example, to identify the permissions needed to run Get-MgUser, run the following command: Find-MgGraphCommand -Command Get-MgUser -ApiVersion v1. All True Read directory data Allows the app to read data in your organization's director… You mean the Graph API query, or? For any of the SDK cmdlets, you can add the -Verbose/-Debug parameters to get the URL called on the backend. Get-MgUser -Filter "Mail eq 'John@contoso. The classic approach is to run a cmdlet like Get-ExoMailbox or Get-MgUser to find the desired objects. read. Connect and share knowledge within a single location that is structured and easy to search. PowerShell. I noticed that for a user who has a mailbox I get the following: 1. For sure you should be building your CSV manually, you can create objects and the pass them through the pipeline to Export-Csv to parse them for you. The supported sizes of HD photos on Microsoft 365 are as follows: 48x48, 64x64, 96x96,. Retrieve the properties and relationships of user object. This command allows you to get and extract information about users, or specific. set-mguser : The term 'set-mguser' is not recognized as the name of a cmdlet, function, script file, or operable program. It will fail, because Get-MgUser and other *-MgUser cmdlets expect-UserId as the object identifier from the pipeline. First, we create two data (CSV) files containing: The product licenses (SKUs) used in the tenant. For information on hash tables, run Get-Help about_Hash_Tables. Start by running the following command. By default, this variable will be set in the global scope. There is also no need at all to query all users first: (get-mguser -UserId [email protected] would return the azureobjectID for the user being gotten. Connect to your tenant using the Microsoft Graph application with the required scopes with a privileged account or Global Admin account. Get-Command -Module Microsoft. JSON, CSV, XML, etc. Graph. Read","Mail. When you run Connect-MgGraph to connect to the Graph, it’s wise to specify the identifier of the tenant to which you want to connect. Install-Module Microsoft. Improve this question. Users -RequiredVersion 1. All permission. Graph. Just a simple device login. What you need to do, is explicitly specify all properties you want to retrieve 👇. To add more properties, use more appropriate attributes. Open the toolkit, Click on Export Users and click Run. ReadWrite. (Office 365 E3, EMS E5, etc. com#EXT#@fabrikam. Get-MgUser –All. 1 Answer. On the opposite side of the coin, to find all enabled users, replace “false” with “true. Connecting to the Graph SDK. Thanks for reaching out. But if you’re expecting the power of the Get-ADUser LdapFilter switch or the PowerShell expression language Filter switch, then you’re in for a sad surprise… The Get-MgUser filter uses OData v3, which is overly complex and lacks lots of functionality. So an admin has no way to know if the user logged in last time 31 days ago or 250 days ago. There are no errors thrown and. All Select-MgProfile -Name beta Get-MgUser -UserId [email protected] | Select -Property EmployeeType Update-MgUser -UserId [email protected]-EmployeeType FTE Share. This article explains how to delete Azure AD user accounts and recover them using cmdlets from the. For instance, to find all the accounts assigned a specific SKU, you can use a command like: For instance, to find all the accounts assigned a. Graph PowerShell module retrieves the Azure AD user account and optionally returns the SignInActivity property. Invalidates all the refresh tokens issued to applications for a user (as well as session. 10. . get-mguser -all. 0 and beta versions is that the beta returns more properties. To create the parameters described below, construct a hash table containing the appropriate properties. Focus on what really matters and build scripts to automate your work instead of worrying about throttling, retries, redirects, and authentication. Models. Get-MgUser from a specific. Getting all users and their last login via graph API. g: Get-MgUser | Select ProxyAddresses,Manager ProxyAddresses : Manager : Microsoft. Follow answered Jun 7 at 9:42. Get all the mailbox settings of the signed-in user's mailbox that include settings for automatic replies, date format, locale (language and country/region), time format, time zone, working hours, and user purpose. Specifies a count of the total number of items in a collection. PowerShell. For instance, (get-azureaduser -SearchString "NAME"). Here is an example: It would be beneficial to be able running search against all properties at once e. Models. You signed out in another tab or window. This example retrieves all contact objects in the directory. Graph. Get-MgUser -Filter ` "endsWith(mail,'microsoft. Installing is as simple as: Install-Module Microsoft. Administrators can then limit third-party app access to only that set of mailboxes by creating an application access policy for access to that group. One of these modules is in Microsoft. Read-only. . Browse to Identity > Users > All users. Graph. All. So you have to filter at shell level. Q&A for work. permissions To identify which permissions are assigned to the current session you can use the get-mgcontext cmdlet, e. INPUTOBJECT <IUsersIdentity>: Identity Parameter. Get-MgUser is the preferred command to use to find information about your users through a command line interface. Read. Then, once Get-MgUser is run, Microsoft. Example 1: Get a user's license details. Per past issues on this project where AggregateException occurred, this version mismatch may be responsible, but not sure how to resolve on my end since the module is responsible for these imports. You can get the user id by running (Get-MgUser -userID [email protected]. 3. INPUTOBJECT <IUsersIdentity>: Identity Parameter [AttachmentBaseId <String>]: The unique identifier of attachmentBaseInstallation Options. The first is the New-AzureADUser cmdlet from the Azure AD module. Next, you need to connect to the Microsoft Graph with the specific scopes or permissions for managing Microsoft Teams. csv and will look like the screenshot below. Hopefully this script to Get MFA Methods using MSGraph API and PowerShell SDK would be useful to replace the legacy method of querying MSOnline to get the user’s strong auth methods. The any operator iteratively applies a Boolean expression to each item of a collection and returns true if the. To set the passwords of all the users in an organization to never expire, run the following. Get-MgUser -OrderBy DisplayName-Search: Returns results based on search criteria: Get-MgUser -ConsistencyLevel eventual -Search '"DisplayName:Conf"'-Property: Filters properties (columns) Get-MgUser -Property Id, DisplayName | Select Id, DisplayName-Top: Sets the page size of results. I have at my disposal a couple commands that I can leverage to assist but I think the one I want to mainly use is Get-MgUser. Get-MgBetaUser. Mail # A UPN can also be used as -UserId. MSOnline to Microsoft Graph PowerShell. List of Bookings Calendars. com. This property contains the LastSignInDateTime property that stores the last recorded login time of. A collection of this user's license details. The only way I get connection is using UserParameterSet: Connect-MgGraph -Scopes , but as soon as I add -TenantId here, it stops working. This is the basic "Get all the devices associated with a user". Get-MgUser - Invalid filter clause 1 minute read On This Page. Several weeks ago I've started to migrate our PowerShell scripts from using soon-to-be-deprecated AzureAD and MSOnline modules and replace them with the Microsoft Graph SDK module. 1 when there are more than ~250 pages to be fetched. Get-MgUser -UserId {objectid} -Property signinactivity | Select-Object -ExpandProperty SignInActivity. Here is a report of Intune related Graph functions, including one to update the primary user - either by name, or to set the primary user to the last user who logged on. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. These default properties are noted in the Properties section. The Update-MgUser cmdlet belongs to the Microsoft. Import-Module Microsoft. company . 1. Groups module that offers different cmdlets admins need to create and manage Azure AD groups via PowerShell. I have a shell for the function built out, but I am having trouble expressing what I need in function. Read. This is because you may. -Property Id,DisplayName,Department) The second (and probably easier) method is to. This blog covers various use cases related. Get-MgUser - Invalid filter clause 1 minute read On This Page. The script returns all the users assigned to an app. I am attempting to write a script that will get all user MFA phone numbers using Graph modules. Get-MgUser -Property DisplayName,onPremisesExtensionAttributes,UserPrincipalName. 0 votes Report a concern. Therefore, these passwords can get hacked at ease. Next, if you run a query in the Graph Explorer, the explorer shows you the permissions required to run the query in the Modify permissions tab (Figure 2). A collection of this user's license details. To test if the cmdlet is working, we can get all users from our Azure Active Directory with the following cmdlet: Get-MgUser -All. I then check for various groups, defined earlier, and assign different license/options on that. Connect-MgGraph -TenantId "828e1143-88e3-492b-bf82-24c4a47ada63". Get-MgUserMessage -UserId $userId -MessageId. Get-MgUser: Get-MgBetaUser: Entity Namespace: Microsoft. Get-MsolUser or Get-AzureADUser cmdlet is used to get the Office 365 user details using PowerShell. In Microsoft Graph, we use Get-MgUser to get the Office 365 user details from Azure Active. To create the parameters described below, construct a hash table containing the appropriate properties. Import-Module Microsoft. com”. For information on hash tables, run Get-Help about_Hash_Tables. Get-MgUserOwnedDevice -UserId $userId. Select-MgProfile -Name "beta". Get-MgGroupMember -GroupId '7b7be3ab-d2b3-441c-8111-2e89b8493fff' Id DeletedDateTime -- ----- 6733b39d-1b5d-46af-adf3-4589718be012 0107d1b2-0402-4ef9-a58c-eb0661c5d596 f9f1bd4f-16ca-4404-925e-5b08b6a3832f 5441e919-583c-4292-aa3f-98250d8d217b. However, this is what we will need for our script: User. Users. Run the below command to get the MFA status for a single user. Inputs. Users: Consider a scenario. But the long-term benefits outweigh the effort to learn it. It. The Get-MgUser cmdlet simply targets v1. ToString("s"))Z" The PowerShell output shows a list of all the Azure AD users created in the last year. ReadWrite. The first task is to connect using the Microsoft Graph PowerShell SDK, which requires you to set the scopes (permissions) required to manage any specific. So for the above (with some formatting issues fixed) we have: Get-MgUser -Filter "userType eq 'Guest' and externalUserState eq 'PendingAcceptance'" -All -Property CreatedDateTime. The time-aligned metadata of the utterances in the transcript. Actions module, you need to pass an empty arround to -RemoveLicenses, otherwise you will get an error: Set-MgUserLicense_AssignExpanded: One or more parameters of the function import 'assignLicense' are missing from the. Read. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. The first step is to create a registered Entra ID app or choose an existing registered app to hold extension attributes. Filter a collection of primitive types (Lambda operators) Lambda operators or Lambda expressions are used to separate the Lambdas parameter list from its body. Get Microsoft 365 Users Report with Specific Parameters: Get-MgUser provides a list of parameters to search and filter the users based on our requirements. If you want to restore deleted Azure AD objects via Graph, there’s a cmdlet for it. COMPLEX PARAMETER PROPERTIES. It does not seem to matter what user I select or if i pull the information for all the users at once. This can be confusing, but it’s explained by: Exchange Online and Azure AD both store. List AD Users by Department with GUI Tool. Microsoft. Hope it can help you. Photos can be any dimension if they are stored in Azure Active Directory. Microsoft 365 admins can update the properties of a user using the ‘Update-MgUser’ cmdlet as demonstrated below. Follow answered May 10 at 15:42. [OAuth2PermissionGrantId <String>]: The unique identifier of oAuth2PermissionGrant. (do note that if you want other properties in the output, you also have to specify them, i. PowerShell. Import-Module Microsoft. I'm working on converting our Azure AD powershell scripts to use Graph. I want to exclude results that have a null value. Get-Mg Group -InputObject <IGroupsIdentity> [-ExpandProperty <String[]>] [-Property <String[]>] [<CommonParameters>] Description. Allows the app to read all schedules, schedule groups, shifts and associated entities in the Teams or Shifts application without a signed-in user. Get-MgUser -UserId [email protected] Get-MgBetaUser -UserId [email protected] Something to note when using the v1. I'm looking for something similar to that for extension attributes with get-mguser. For example, midnight UTC on Jan 1, 2014. Hi @Synthetic-Sentience , to find Azure users who have not signed in within the last 90 days, you can use the Microsoft Graph API to query the lastSignInDateTime property. When pulling the information from graphapi using the below path, i get inconsistent results. Graph. Users'. Examples Example 1: Code snippet Import-Module Microsoft. I am loading the SignInActivity. Get the specified profilePhoto or its metadata (profilePhoto properties). I'm trying reduce the results when making a Graph call by only calling those users with a specific userPrincipalName sub-domain. (Get-MgUserLicenseDetail -UserId belindan@litwareinc. Get-LastSignInDateTime. This makes the expansion of the manager property that was done in the Get-MgUser call completely useless, because none of the expanded properties are serializable. 以下のようにコマンドを実行します。. Authentication version 1. com -Property Id, displayName, assignedLicenses | Select -ExpandProperty AssignedLicenses DisabledPlans SkuId ----- ----- {} 4016f256-b063-4864-816e-d818aad600c9 Assigning Compound Licenses I'd like to get a display Name for these objects; I can obviously do this by running the appropriate 'Get' cmdlet for the type of directory object (i. ReadWrite. Graph. AccessAsUser. Beta. Get-MgUser won’t show deleted users, you need to use Get-MgDirectoryDeletedItem. IComponents103UmuuRequestbodiesAssignlicenserequestbodyContentApplicationJsonSchema. Start by running the following command. Read-only. PowerShell. Learn more about Labs. This one script I'm not having any success in figuring out how to convert. For information on hash tables, run Get-Help about_Hash_Tables. Can you try using Update-MgUser instead and see if that resolves your issue? Update-MgUser -UserId <userID> -DisplayName <displayName> For a full list of parameters. After run: Select-MgProfile -Name "beta",. In this example, I’ll use the AD Pro Toolkit to get all users and their departments. Get-Mg. Get-MgBetaUser (Microsoft. ), REST APIs, and object models. To create the parameters described below, construct a hash table containing the appropriate properties. All and User. For anything else, try Get-MgUser or ask a new question – Cpt. All The Admin role I'm using also has the Attribute Assignment Administrator role.