Using Okta-PSModule to list users from a particular domain Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
John BogdanJohn Bogdan 

Using Okta-PSModule to list users from a particular domain

Using Okta-PSModule from, how would I 
1.  List all active users that have a username ending in ""
2.  List all users coming from Active Directory integration.  In other words, list all users with the status "Profile mastered by Active Directory".
3.  List all users who have logged in successfully in the last 30 days.

Thanks.  Please also send any link to better documentation on using PSModule.
John BogdanJohn Bogdan
I played around and number 3 is "OktaListUsersbyStatus -oOrg Prod -status ACTIVE | where {$_.lastLogin -gt (get-date).AddDays(-30)}
John BogdanJohn Bogdan
For the first one, "OktaListUsersbyStatus -oOrg Prod -status ACTIVE | select -ExpandProperty profile | where {$ -like "*"}
Matt EganMatt Egan (Okta, Inc.)
Hi John,

Until becomes GA you are going to have to perform client side filtering for #1 and #3.

Something like this
$users = oktaListUsers

$loggedRecently = New-Object System.Collections.ArrayList
$matchDomain = New-Object System.Collections.ArrayList
$now = Get-Date
$then = $now.AddDays(-30)

foreach ($u in $users)
    if ($u.lastLogin -gt $then)
        $_c = $loggedRecently.Add($u)
    if ($u.profile.login -like '*')
        $_c = $matchDomain.Add($u)

for #2 we'll need to fetch the appUser objects for the Active Director "app" instance to find out, start by finding out what the appId for your Active Directory instance is.
$apps = oktaListApps

foreach ($a in $apps)
    if ($ -eq 'active_directory')
        Write-Host $ `t $a.label

You can also extract it from the URL of the Admin UI:
Directory -> Directory Intergrations -> Your Domain

Now with the appId in hand
#my AD appId
$ad_appId =  "0oarja7d8gWSEGZBPZVB"
#All of my Okta Users
$users = oktaListUsers

#All of my Users from AD
$adUsers = oktaGetUsersbyAppID -aid $ad_appId
#A hash table by okta ID of the AD Users (for quick retrieval later)
$adUsersHash = New-Object System.Collections.Hashtable
foreach ($aduser in $adUsers)

#A hash table to sort and collate oktaUser objects and appUser objects
$usersHash = New-Object System.Collections.Hashtable
foreach ($u in $users)
    #temp variable to store the collated parts
    $myThing = New-Object System.Collections.Hashtable
    #do we have an "ad" appUser object?
    if ( $adUsersHash.ContainsKey($ )
        #store the appUser object in an adUser property
        $myThing.Add("adUser", $adUsersHash[$])
    #store the oktaUser object in oktaUser
    $myThing.Add("oktaUser", $u)

#usersHash now contains our collated users, iterate through and do stuff
foreach ($key in $usersHash.Keys)
    Write-Host($usersHash[$key]['oktaUser'].profile.login + "`t" + $key )
    if ( $usersHash[$key].ContainsKey('adUser') )
            $strGuid = oktaExternalIdtoGUID -externalId $usersHash[$key]['adUser'].externalId.ToString()    
            $strGuid = "None"
        Write-Host("`t Is AD Mastered: Status; " + $usersHash[$key]['adUser'].status.ToString() + ", syncState; " + $usersHash[$key]['adUser'].syncState.ToString() + ", objectGuid; " + $strGuid)
    } else {
        Write-Host `t "Isn't AD Mastered:"

Hopefully that helps a little.

If you aren't using VSCode or the PowerShell ISE i'd highly recommend it.

Other examples that might help can be found here:

Dylann FezeuDylann Fezeu (Customer First Programs)

Thanks for posting your inquiry in Okta Community Portal.

​If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer." 

Thank you,

​Dylann Fezeu
Okta Help Center Team