Property 'onPremisesSyncEnabled' does not exist as a declared property or extension property

We have requirement of getting on-premises synced users SAM Account Name and Security ID from powershell.

$onPremUsers = Get-AzureADUser -Filter "onPremisesSyncEnabled eq true"

foreach ($user in $onPremUsers) {
    Write-Output "User: $($user.UserPrincipalName)"
    Write-Output "  SAM Account Name: $($user.onPremisesSamAccountName)"
    Write-Output "  SID: $($user.onPremisesSecurityIdentifier)"
    Write-Output ""
}

Failing with Get-AzureADUser : Error occurred while executing GetUsers Code: Request_UnsupportedQuery Message: Property 'onPremisesSyncEnabled' does not exist as a declared property or extension property. RequestId: b968799c-3ce7-422d-83e4-29afe75655db DateTimeStamp: Mon, 07 Aug 2023 07:23:29 GMT HttpStatusCode: BadRequest HttpStatusDescription: Bad Request HttpResponseStatus: Completed At line:1 char:16

• ... onPremUsers = Get-AzureADUser -Filter "onPremisesSyncEnabled eq true"

•               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [Get-AzureADUser], ApiException
  • FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUser

#Changed to ADMS
$onPremUsers = Get-AzureADMSUser -Filter "onPremisesSyncEnabled eq true"

foreach ($user in $onPremUsers) {
    Write-Output "User: $($user.UserPrincipalName)"
    Write-Output "  SAM Account Name: $($user.onPremisesSamAccountName)"
    Write-Output "  SID: $($user.onPremisesSecurityIdentifier)"
    Write-Output ""
}

User: username@******.onmicrosoft.com SAM Account Name: SID:

UPNs are correct but blank responses for SAM Account Name and Security ID.

I have below on-premises synced users in my Azure AD tenant:

When I ran your script in my environment, I too got same error:

$onPremUsers = Get-AzureADUser -Filter "onPremisesSyncEnabled eq true"

foreach ($user in $onPremUsers) {
    Write-Output "User: $($user.UserPrincipalName)"
    Write-Output "  SAM Account Name: $($user.onPremisesSamAccountName)"
    Write-Output "  SID: $($user.onPremisesSecurityIdentifier)"
    Write-Output ""
}

Response:

When I ran your second script, it gave me same response with correct UPNs but blank response for SAM Account Name and Security ID:

#Changed to ADMS
$onPremUsers = Get-AzureADMSUser -Filter "onPremisesSyncEnabled eq true"

foreach ($user in $onPremUsers) {
    Write-Output "User: $($user.UserPrincipalName)"
    Write-Output "  SAM Account Name: $($user.onPremisesSamAccountName)"
    Write-Output "  SID: $($user.onPremisesSecurityIdentifier)"
    Write-Output ""
}

Response:

Instead of that, you can directly use below Microsoft Graph PowerShell commands to get SAM Account Name and Security ID of on-premises synced Azure AD users:

Connect-MgGraph -Scopes "User.Read.All"
Import-Module Microsoft.Graph.Users

Get-MgUser -Filter "onPremisesSyncEnabled eq true " -Property "userPrincipalName,onPremisesSamAccountName,onPremisesSecurityIdentifier" | Select-Object "userPrincipalName","onPremisesSamAccountName","onPremisesSecurityIdentifier"

Response: