We have requirement of getting on-premises synced users SAM Account Name and Security ID from powershell.
$onPremUsers = Get-AzureADUser -Filter "onPremisesSyncEnabled eq true"
foreach ($user in $onPremUsers) {
Write-Output "User: $($user.UserPrincipalName)"
Write-Output " SAM Account Name: $($user.onPremisesSamAccountName)"
Write-Output " SID: $($user.onPremisesSecurityIdentifier)"
Write-Output ""
}
Failing with Get-AzureADUser : Error occurred while executing GetUsers Code: Request_UnsupportedQuery Message: Property 'onPremisesSyncEnabled' does not exist as a declared property or extension property. RequestId: b968799c-3ce7-422d-83e4-29afe75655db DateTimeStamp: Mon, 07 Aug 2023 07:23:29 GMT HttpStatusCode: BadRequest HttpStatusDescription: Bad Request HttpResponseStatus: Completed At line:1 char:16
- ... onPremUsers = Get-AzureADUser -Filter "onPremisesSyncEnabled eq true"
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~- CategoryInfo : NotSpecified: (:) [Get-AzureADUser], ApiException
- FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUser
#Changed to ADMS
$onPremUsers = Get-AzureADMSUser -Filter "onPremisesSyncEnabled eq true"
foreach ($user in $onPremUsers) {
Write-Output "User: $($user.UserPrincipalName)"
Write-Output " SAM Account Name: $($user.onPremisesSamAccountName)"
Write-Output " SID: $($user.onPremisesSecurityIdentifier)"
Write-Output ""
}
User: username@******.onmicrosoft.com SAM Account Name: SID:
UPNs are correct but blank responses for SAM Account Name and Security ID.
I have below on-premises synced users in my Azure AD tenant:
When I ran your script in my environment, I too got same error:
Response:
When I ran your second script, it gave me same response with correct UPNs but blank response for SAM Account Name and Security ID:
Response:
Instead of that, you can directly use below Microsoft Graph PowerShell commands to get
SAM Account NameandSecurity IDof on-premises synced Azure AD users:Response: