List On-Premises AD Synced users and Cloud only users in PowerShell

Microsoft Office 365 User accounts are stored in Azure Active Directory. In a hybrid environment, user accounts and passwords from an on-premises AD DS domain can be synchronized to Azure AD using Azure AD Connect. In this environment, the Azure AD user accounts will either be cloud-only identities, or synced identities.

We can use the Get-AzureADUser cmdlet to retrieve the list of users and apply a filter with the property DirSyncEnabled to find a list of synced and non-synced identities. Before proceeding, install the Azure AD PowerShell V2 module and run the below command to connect Azure AD PowerShell.

Connect-AzureAD

Find list of users synced from On-Premises AD

Run the following command to retrieve all Azure AD users that are synced from AD.

Get-AzureADUser -All $true | Where-Object {$_.DirSyncEnabled -eq $true}

You can easily select required properties such as UserPrincipalName, LastDirSyncTime (Directory Sync Status) and export the result to a CSV file.

Get-AzureADUser -All $true | Where-Object {$_.DirSyncEnabled -eq $true} | `
Select-Object DisplayName,UserPrincipalName,LastDirSyncTime | `
Export-CSV "C:\SyncedUsers.CSV" -NoTypeInformation -Encoding UTF8

List cloud-only users

Run the following command to retrieve a list of cloud-only users (or non-synced users).

Get-AzureADUser -All $true | Where-Object {$_.DirSyncEnabled -eq $null}

Find synchronized users with MSOnline Powershell module

Alternatively, we can use the Get-MsolUser cmdlet to list synchronized users. The below command retrieves the list of users that are synced from On-Premises AD.

Get-MsolUser -All | Where-Object {$_.ImmutableId -ne $null}

Run the following command to get cloud-only users.

Get-MsolUser -All | Where-Object {$_.ImmutableId -eq $null}