Microsoft Office 365 User accounts are stored in Azure Active Directory. In a hybrid environment, user accounts and passwords from an on-premises AD DS domain can be synchronized to Azure AD using Azure AD Connect. In this environment, the Azure AD user accounts will either be cloud-only identities, or synced identities.
We can use the Get-AzureADUser cmdlet to retrieve the list of users and apply a filter with the property DirSyncEnabled to find a list of synced and non-synced identities. Before proceeding, install the Azure AD PowerShell V2 module and run the below command to connect Azure AD PowerShell.
Connect-AzureAD
Find list of users synced from On-Premises AD
Run the following command to retrieve all Azure AD users that are synced from AD.
Get-AzureADUser -All $true | Where-Object {$_.DirSyncEnabled -eq $true}
You can easily select required properties such as UserPrincipalName, LastDirSyncTime (Directory Sync Status) and export the result to a CSV file.
Get-AzureADUser -All $true | Where-Object {$_.DirSyncEnabled -eq $true} | `
Select-Object DisplayName,UserPrincipalName,LastDirSyncTime | `
Export-CSV "C:\SyncedUsers.CSV" -NoTypeInformation -Encoding UTF8
List cloud-only users
Run the following command to retrieve a list of cloud-only users (or non-synced users).
Get-AzureADUser -All $true | Where-Object {$_.DirSyncEnabled -eq $null}
Find synchronized users with MSOnline Powershell module
Alternatively, we can use the Get-MsolUser cmdlet to list synchronized users. The below command retrieves the list of users that are synced from On-Premises AD.
Get-MsolUser -All | Where-Object {$_.ImmutableId -ne $null}
Run the following command to get cloud-only users.
Get-MsolUser -All | Where-Object {$_.ImmutableId -eq $null}