如何使用 Powershell 将扩展属性从 Azure AD 导出到 csv

Question

My goal is to export a user list from Azure AD to a csv file I can read from Python. That's easy enough using:

Get-MsolUser -All | Select-Object UserPrincipalName, WhenCreated | export-csv c:\try2.csv

But how do I include extension attributes in the output? I tried:

Get-MsolUser -All | Select-Object UserPrincipalName, WhenCreated, 
    extension_60a1274a0a9d4344bd172d81b06d0f50_MemberNumber | export-csv c:\try2.csv

But this exports only a blank third column

The extension attribute I want is there (extension_60a1274a0a9d4344bd172d81b06d0f50_MemberNumber), and I can see it using:

$user = Get-AzureADUser -ObjectID first.last@domain.com

Then

Get-AzureADUserExtension -ObjectId $User.ObjectId

Which outputs:

Key                                                     Value
---                                                     -----
odata.metadata                                          https://graph.windows.net/3523a793-0e50-4646...
odata.type                                              Microsoft.DirectoryServices.User
createdDateTime                                         4/23/2020 10:22:17 PM
employeeId                                              12345
onPremisesDistinguishedName
thumbnailPhoto@odata.mediaEditLink                      directoryObjects/7fed7e4a-78be-4e87-9d88...
thumbnailPhoto@odata.mediaContentType                   image/Jpeg
userIdentities                                          []
extension_60a1274a0a9d4344bd172d81b06d0f50_MemberNumber 19999

But how do I export these extension attributes in a CSV file for all users (along with the regular attributes)? I don't care if it exports just the one extension attribute I need, or all of them--I can just use what I need from the Python side.

I've read through many Microsoft and other articles but can't find how to do this.

Thanks very much!

OK, based on Satya's excellent suggestion, I'm making progress. I thought it would be easy to loop through all users to export them to one csv file, but I've got something wrong... here's the current:

$all = get-azureaduser -All $true
$all | foreach-object {
$user = $_
#Expanding only the Extension Attributes related to the user and converting the Dictionary to Custom Object so that keys can be accessed through the dot (.) operator
$Extension_Attributes = New-Object Psobject -Property $user.ExtensionProperty 

#Combining the required attributes from the user object and extension_attributes to A single object

$u_properties = [pscustomobject] @{
"UserPrincipalName" = $user.UserPrincipalName 
"Country" = $user.Country 
"Created" = $Extension_Attributes.createdDateTime 
"MemberNumber" = $Extension_Attributes.extension_60a1274a0a9d4344bd172d81b06d0f50_MemberNumber
}

# check
write-host "got $u_properties"

}
Select-object $u_properties | Export-csv -Path c:\ulist.csv -NoTypeInformation -Force

The loop works and the write-host shows each record, but the export-csv produces no records in the file. I had also tried -append but read there is some problem with it that prevents it working inside a foreach.

Answer 1

You could try the below snippet:

As far as I researched, there might be little less possiblity of retrieving it from the Get-MSOLUser

I have made use of the Get-AzureAD that would meet your requirement

#Gettting the User from the AAD
$user= Get-AzureADUser -ObjectID user@domain.com

#Expanding only the Extenstion Attributes related to the user and converting the Dictionary to Custom Object so that keys can be accessed through the dot (.) operator
$Extension_Attributes = New-Object Psobject -Property $user.ExtensionProperty 

#Combining the required attributes from the user object and extension_attributes to A single object
$u_properties = [pscustomobject] @{
"UserPrincipal" = $user.UserPrincipalName
"Name" = $user.Country
"Created" = $Extension_Attributes.createdDateTime
}
#if you need more attributes you can accordingly


#Exporting the object to a file in an append fashoin
$u_properties | Export-Csv -Path D:\File.csv -Append -NoTypeInformation

Sample Output

Updated Code

$all = get-azureaduser -All $true
$all | foreach-object {
$user = $_
#Expanding only the Extension Attributes related to the user and converting the Dictionary to Custom Object so that keys can be accessed through the dot (.) operator
$Extension_Attributes = New-Object Psobject -Property $user.ExtensionProperty 

#Combining the required attributes from the user object and extension_attributes to A single object

$u_properties = [pscustomobject] @{
"UserPrincipalName" = $user.UserPrincipalName 
"Country" = $user.Country 
"Created" = $Extension_Attributes.createdDateTime 
"MemberNumber" = $Extension_Attributes.extension_60a1274a0a9d4344bd172d81b06d0f50_MemberNumber
}

# check
write-host "got $u_properties"

 $u_properties | Export-csv -Path D:\File3.csv -NoTypeInformation -Force -Append

}

Answer 2

My goal is to export a user list from Azure AD to a csv file I can read from Python. That's easy enough using:

Get-MsolUser -All | Select-Object UserPrincipalName, WhenCreated | export-csv c:\try2.csv

But how do I include extension attributes in the output? I tried:

Get-MsolUser -All | Select-Object UserPrincipalName, WhenCreated, 
    extension_60a1274a0a9d4344bd172d81b06d0f50_MemberNumber | export-csv c:\try2.csv

But this exports only a blank third column

The extension attribute I want is there (extension_60a1274a0a9d4344bd172d81b06d0f50_MemberNumber), and I can see it using:

$user = Get-AzureADUser -ObjectID first.last@domain.com

Then

Get-AzureADUserExtension -ObjectId $User.ObjectId

Which outputs:

Key                                                     Value
---                                                     -----
odata.metadata                                          https://graph.windows.net/3523a793-0e50-4646...
odata.type                                              Microsoft.DirectoryServices.User
createdDateTime                                         4/23/2020 10:22:17 PM
employeeId                                              12345
onPremisesDistinguishedName
thumbnailPhoto@odata.mediaEditLink                      directoryObjects/7fed7e4a-78be-4e87-9d88...
thumbnailPhoto@odata.mediaContentType                   image/Jpeg
userIdentities                                          []
extension_60a1274a0a9d4344bd172d81b06d0f50_MemberNumber 19999

But how do I export these extension attributes in a CSV file for all users (along with the regular attributes)? I don't care if it exports just the one extension attribute I need, or all of them--I can just use what I need from the Python side.

I've read through many Microsoft and other articles but can't find how to do this.

Thanks very much!

OK, based on Satya's excellent suggestion, I'm making progress. I thought it would be easy to loop through all users to export them to one csv file, but I've got something wrong... here's the current:

$all = get-azureaduser -All $true
$all | foreach-object {
$user = $_
#Expanding only the Extension Attributes related to the user and converting the Dictionary to Custom Object so that keys can be accessed through the dot (.) operator
$Extension_Attributes = New-Object Psobject -Property $user.ExtensionProperty 

#Combining the required attributes from the user object and extension_attributes to A single object

$u_properties = [pscustomobject] @{
"UserPrincipalName" = $user.UserPrincipalName 
"Country" = $user.Country 
"Created" = $Extension_Attributes.createdDateTime 
"MemberNumber" = $Extension_Attributes.extension_60a1274a0a9d4344bd172d81b06d0f50_MemberNumber
}

# check
write-host "got $u_properties"

}
Select-object $u_properties | Export-csv -Path c:\ulist.csv -NoTypeInformation -Force

The loop works and the write-host shows each record, but the export-csv produces no records in the file. I had also tried -append but read there is some problem with it that prevents it working inside a foreach.