04 Sep 25

User Management

They're the bane of your professional life, but without them you wouldn't have job.😄

Here's how we manage the minions...


Active Directory (ADDS)

If you have to modify Active Directory users en-masse, I recommend grabbing Wisesoft's Bulk AD Users tool.

If you want to query and generate reports etc. You'll need PowerShell 😉, use the code snippets below to get you started...


Install Active Directory Tools

You'll need an elevated shell session for this, but you only have to do it once.

Add-WindowsCapability -Name Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0 -Online

Import the Active Directory module

Put this at the start of your script to import the AD commandlets.

Import-Module ActiveDirectory

Get all users name, department and eMail

Get-ADUser -Identity * -Properties Name, Department, EmailAddress

Get a user by name..

Get-ADUser -Filter 'Name -like "Han Sulu"'

Microsoft Entra ID (ME-ID)

Not a lot of options here... it's PowerShell again!

In 2024 this changed, what used to be the Azure Active Directory Module has now been incorporated into Microsoft Graph.


Trust Repository and install Graph module

Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted
Install-Module Microsoft.Graph -Scope CurrentUser -AcceptLicense -Force

Authenticate and Connect

Connect-MgGraph -Scopes "User.Read.All", "Group.Read.All", "Directory.Read.All"

Get user by UPN

Get-MgUser -UserId "han.sulu@enterprise.com"

Get user by email

Get-MgUser -Filter "mail eq 'han.sulu@enterprise.com'"

Get members of Group

Get-MgGroupMember -GroupId "group-object-id"

Get Group memberships

Get-MgUserMemberOf -UserId "user-id"

Get Intune devices registered to user

Get-MgDevice | Where-Object { $_.RegisteredOwners -contains "user-id" }

Get Sign-in Activity

Get-MgAuditLogSignIn -Filter "userPrincipalName eq 'user@example.com'"