Zoho Banner September 2011

Archive for May, 2019

Earlier this week, I had a need to produce a list of Guest users in an Azure AD tenant who had not yet redeemed invitations that had been sent to them.  It took me a little while to figure out the Powershell query for this, so I thought I would share it here.

The state of the Guest user is buried in the ExtensionProperty attribute that is returned from the Get-AzureADUser cmdlet.


For Guest users that have redeemed their invitations, the value returned is ‘Accepted’, while for those who have yet to accept the invitations the value is ‘PendingAcceptance’.

The query to find all Guest users who have not yet redeemed their invitations looks for the ‘PendingAcceptance’ value as follows:

Get-AzureADUser -Filter “Usertype eq ‘Guest’” | ? {$_.extensionproperty.userState -eq “PendingAcceptance”} | select mail

Please leave a comment if you have a simpler or more effective way of doing the same thing.  Thanks!

The other day I tried (and failed) to find an easy way to query which applications were assigned to a specific Azure AD Application Proxy Connector Group.  Of course if you only have a few applications, you can simply grind through each application in the Azure Portal and view the assignment (see screenshot below).

Connector in AAD App Proxy app

If, on the other hand, you have a large number of applications, grinding through each application individually will be more than a little frustrating.  As always, Powershell offers a simpler way to get the result you need.

There are a couple of cmdlets that at first look appear to be very helpful: Get-AzureADApplicationProxyApplication and AzureADApplicationProxyApplicationConnectorGroup.  Unfortunately, these are quite limited in their scope.  What I was looking for was a cmdlet that would give me all the applications that use the Azure AD Application Proxy and include the relevant connector in the output.  Those two cmdlets can’t do that.  This is the closest I could get.

$proxyapps = Get-AzureADApplication | ? {$_.Homepage -match “msappproxy.net”}
foreach ($proxyapp in $proxyapps) {
$cgroup = (Get-AzureADApplicationProxyApplicationConnectorGroup -ObjectId $proxyapp.ObjectID).Name
Write-Host “Application Proxy app $($proxyapp.Displayname) uses Connector Group: $cgroup”
} #end

Yes, it’s a bit of kludge!  If you have a cleaner method then please leave a comment.  I’d love to know.