In hybrid Office 365 deployments (either Exchange Online, Skype for Business Online, or SharePoint Online), often you need to know whether a particular user account is sourced (e.g. created) from on-premises AD, or in the cloud (created in Azure AD).
This can be see in the Office 365 Portal (under Admin centers | Azure AD). In the classic Azure AD portal, select the corresponding Azure AD directory for your Office 365 tenant, and navigate to “Users”. You will see a SOURCED FROM column which will show whether this user account was sourced from the Azure AD in the cloud or on-premises as in this example:
Azure AD Admin Center
I often need to know this information when working in PowerShell however. Here is how to determine whether a user account is being synchronized from on-premises AD, or is a pure Office 365 Azure AD account.
To do this we are going to use the Get-MsolUser cmdlet which resides in the Azure AD PowerShell module (which can be downloaded here : https://docs.microsoft.com/en-us/powershell/msonline/v1/azureactivedirectory). Either the older MSOnline V1 Azure AD PowerShell module or AD, or the newer Azure AD V2 module can be used. Also remmeber to use these simple 3 steps to connect to your Azure AD tenant with Administrator permissions:
Import-Module -Name MSOnline
$myCreds = Get-Credential
Connect-MsolService -Credential $myCreds
To get the source of the user account, retrieve the attribute called the “ImmutableID”. All users that are synchronized from on-premises AD, have a value for this attribute – it holds that data if the user is synchronized from On-Premises Active Directory. If it is $null, then we know the user was source from Azure AD in the Office 365 tenant.
To get the value for a particular user, use this PowerShell query:
Get-MSOlUser –UserPrincipalName <user principal name> | Select ImmutableID
The see all users that are source from the cloud (Azure AD), run this PowerShell query:
Get-MSOlUser -All | Where ImmutableID -ne $Null
The above command instructs Get-MSOlUser to query all users that do not have a value assigned to the ImmutableID attribute.