Azure-docs: How to programmatically access the 'source' attribute?

@dpravo
Thanks for your feedback! We will investigate and update as appropriate.

These specific properties cannot be returned programmatically.

However, you can use Get-AzureADUser -All $True to return all user objects.

Then you can do something like: Get-AzureADUser -all $true | where-object -property DirSyncEnabled -eq "True"

This will give you all of the synced users. You can user -ne if you want cloud only users.

Based on the Powershell output this seems to be as far as it is possible to go. @msmimart can you confirm?

Closing this out as this appears to be the best available solution. Feel free to leave a comment if you would like to continue the discussion.

Interestingly Get-AzureADUser -Filter "dirSyncEnabled eq true" works but all other attempts fail E.G.

Get-AzureADUser -Filter "dirSyncEnabled ne true" or Get-AzureADUser -Filter "dirSyncEnabled eq null" or Get-AzureADUser -Filter "dirSyncEnabled eq false" - all fail with errors

I really don't understand why this topic was closed, the initial question was to make the source property available programmatically and instead a workaround was provided for retrieving non-dirsynced users?

I want to retrieve this source property to filter which external users are MSA/AAD or else, will it be available in the future in any way?

These specific properties cannot be returned programmatically.

However, you can use Get-AzureADUser -All $True to return all user objects.

Then you can do something like: Get-AzureADUser -all $true | where-object -property DirSyncEnabled -eq "True"

This will give you all of the synced users. You can user -ne if you want cloud only users.

This issue should be re-opened.

This answer is wrong in two respects:

1) Yes it can be done programmatically, Azure Portal retrieves the User Source property via REST API

https://main.iam.ad.ext.azure.com/api/Users?searchText=something&top=25&orderByThumbnails=false&maxThumbnailCount=999&filterValue=All&state=All&adminUnit=&searchByObjectId=false

returns JSON payload that includes the Source attribute.

2) dirSyncEnabled is not the same as Source, these are two separate attributes.

View the JSON output from (1), you will see two attributes

{
"items": [
{
"objectId": "some GUID",
"objectType": "User",
"displayName": "some display name",
"dirSyncEnabled": null,
"source": 16,
"sources": [
"Azure Active Directory (self-service)"
],
"sourceText": "Azure Active Directory (self-service)",
},

I realize this is an old closed thread, but the link in the answer doesn't work. Has anything changed so that we can access the Source attribute via powershell or we can export the user list from https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade/AllUsers with the actual source field? If not can a working link be supplied?

I have the same question. If the portal is able to show it, the attribute must be stored somewhere, hence able to be retrieved...
I just want something simple: to list the source of the accounts and groups: on-prem, Cloud (i.e. O365, e.g. Teams) or Azure Active Directory.
Like

or

or

The Source property is still not available in either Azure Powershell or Azure CLI, but for anyone else that needs it, using the API the portal itself uses is the only method I could get working (big thanks to @softwarecraft for the idea!).

In the Azure AD user details page (the one containing the "Source" property), open the developer tools' networking tab, search for "/api/Users/", and find the response containing the JSON payload that @softwarecraft described. Grab the Authorization and x-ms-client-request-id headers. Fetch all the user IDs however you want and loop over them, putting each ID into that API's URL and querying it using Invoke-RestMethod along with the headers you copied. Append the responses to an array and now you've got something you can actually use. There's probably a better way to just fetch all of them, but I couldn't get it working