Filtering

How to filter like the O365 portal: Global Admins

This post is a part in a series of blog post which explains how to reproduce the filters which are provided by the O365 admin portal. With PowerShell scripting! This time let me show how to find users which are NOT blocked for sign in.

Getting a list of users which has the Global Admin role in the tenant

This is the filter we want to reproduce:

Screenshot of the O365 Admin portal: Filter for users which are Global Admin role holder

To get a list of all global admin accounts in your O365 / Azure AD tenant by script, use this PowerShell commands:

$role = Get-AzureADDirectoryRole | Where {$_.DisplayName -eq "Global Administrator"}
Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId
Screenshot with the PowerShell cmdlets Get-AzureADDirectoryRole and Get-AzureADDirectoryRoleMember

You could also use the old MSOL module:

$role = Get-MSOLRole | Where {$_.Name -eq "Company Administrator"}
Get-MSOLRoleMember -RoleObjectId $role.ObjectId

Please note that with the MSOL API, the Global Adminrole is named ‘Company Administrator’!

Leave a Reply

Your email address will not be published. Required fields are marked *