-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get-MGAuditLogSignin - How to use a variable in a filter #2128
Comments
Normally when you use single quotes in PowerShell, it treats things as a literal, so your $UPN variable is no longer your object, but instead is literally the characters $UPN. As you've correctly established, the filter command needs those single quotes around them. To pass them nicely to the Graph API, you will probably need to escape the single quotes using the backtick, so that instead of the $UPN being treated as literal characters, the quotes are: In your example, this looks like: |
Thank you for your comments and I think you are on the right track but I still doesn't work. |
@barabetto, your code works for me without any changes: PS> Get-MgAuditLogSignIn -All -Filter "userPrincipalName eq 'aleksandar@mydomain.onmicrosoft.com'" -Top 1 | select userprincipalname, createddatetime
UserPrincipalName CreatedDateTime
----------------- ---------------
aleksandar@mydomain.onmicrosoft.com 7/10/2023 2:27:42 PM
PS> $upn = 'aleksandar@mydomain.onmicrosoft.com'
PS> Get-MgAuditLogSignIn -All -Filter "userPrincipalName eq '$upn'" -Top 1 | select userprincipalname, createddatetime
UserPrincipalName CreatedDateTime
----------------- ---------------
aleksandar@mydomain.onmicrosoft.com 7/10/2023 2:27:42 PM |
Thanks Alexandair, I'm currently unable to test on 7.3 at the moment. If you're running 7.3 in your lab, could you please also test what barabetto is doing (re: getting the UPN from a variable after using Get-MgUser)?
and then move onto the |
@SeniorConsulting That works too. PS> $user = get-mguser -UserId 'aleksandar@mydomain.onmicrosoft.com'
PS> [string]$upn = $user.UserPrincipalName
PS> Get-MgAuditLogSignIn -All -Filter "userPrincipalName eq '$UPN'" -Top 1 | select userprincipalname, createddatetime
UserPrincipalName CreatedDateTime
----------------- ---------------
aleksandar@mydomain.onmicrosoft.com 7/10/2023 8:55:24 PM |
Thanks Alexandair. Barabetto, it might be worth running the commands with the -debug flag, and/or including some screenshots so that we've got an idea of what you're working with. It's hard to tell when most things come back OK. If you do include screenshots, feel free to sanitise any data you would prefer us not to see (e.g. full UPN names). My only theory at the moment is whether the following is case sensitive: If it is, writing the output of $UPN would return a blank value. I tested this theory in 5.1, and had no problems, but it might be a little different for you. |
It's not case sensitive. I've tested that too.
…________________________________
From: SeniorConsulting ***@***.***>
Sent: Monday, July 10, 2023 11:35:02 PM
To: microsoftgraph/msgraph-sdk-powershell ***@***.***>
Cc: Aleksandar Nikolić ***@***.***>; Comment ***@***.***>
Subject: Re: [microsoftgraph/msgraph-sdk-powershell] Get-MGAuditLogSignin - How to use a variable in a filter (Issue #2128)
Thanks Alexandair.
Barabetto, it might be worth running the commands with the -debug flag, and/or including some screenshots so that we've got an idea of what you're working with. It's hard to tell when most things come back OK. If you do include screenshots, feel free to sanitise any data you would prefer us not to see (e.g. full UPN names).
My only theory at the moment is whether the following is case sensitive:
[string]$upn = $user.userprincipalname
If it is, writing the output of $UPN would return a blank value. I tested this theory in 5.1, and had no problems, but it might be a little different for you.
—
Reply to this email directly, view it on GitHub<#2128 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAX5RXFCE5V6FFWPWJUILMTXPRYQNANCNFSM6AAAAAA2AWG6MY>.
You are receiving this because you commented.Message ID: ***@***.***>
|
Thanks for all your help. So I have entered the commands on the command line the same as alexandair, however it does not find anything : PS C:> connect-mggraph -Scopes auditlog.read.all $user = get-mguser -UserId 'username@domain.com' HTTP Method: Absolute Uri: Headers: Body: DEBUG: ============================ HTTP RESPONSE ============================ Status Code: Headers: Body: If I enter the name of the user manually then it works: PS C:> Get-MgAuditLogSignIn -All -Filter "userPrincipalName eq 'username@domain.com'" -Top 1 | select userprincipalname, createddatetime UserPrincipalName CreatedDateTime username@domain.com 12/07/2023 12:18:39 Just in case its my specific version of Powershell: Name Value PSVersion 7.3.5 Version of mggraph: CommandType Name Version Source Function Get-MgUser 1.22.0 Microsoft.Graph.Users in fact the list goes on and all entries are the same version |
I have also updated to Graph V2.0.0 and still have the same issue. |
I have the same issue on another computer as well. |
I'm also not able to repro the issue on my end using the latest version of the SDK, v2.6.1. Per the |
This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. |
Hi,
I am new to working with Graph and I am trying to create a script that gets the last logon for certain users
If I run the following command for a specific account I get last logon information back:
Get-MgAuditLogSignIn -All -Filter "userPrincipalName eq 'username@domain.com'" -Top 1 | select userprincipalname, createddatetime
I have a variable that contains the UPN of an account $UPN
If I use the following, nothing is returned:
Get-MgAuditLogSignIn -All -Filter "userPrincipalName eq '$UPN'" -Top 1 | select userprincipalname, createddatetime
I am guessing it is something to do with how the variable is entered in the filter but I can't seem to find much documentation.
In my script:
I get the UPN in this way:
$User = Get-MgUser -userid username@domain.com
[string]$upn = $user.userprincipalname
however if I manually enter an account as follows, the script works:
$upn = "username@domain.com"
I have run $upn.gettype() and for both instances it returns a type of string.
I am running in PowerShell 7
Any help would be greatly appreciated.
Thank You
The text was updated successfully, but these errors were encountered: