Differentiating users that are synchronized from an on-premise AD and users created in Office 365 is easy when logged in through the Office 365 Portal. When using Powershell, it's another matter. While there's a parameter for Get-MsolUser to show only synchronized users, the ability to filter on only cloud users is missing. However, as cloud-only users do not have the ImmutableID set, you can build your own filter.
This one's obvious:
Get-MsolUser -All -Synchronized
You can filter on ImmutableID as it's not set for cloud-only users:
Get-MsolUser -All | ? ImmutableID -eq $null
If you want to filter out external users (i.e. if you shared something in Sharepoint Online with users that aren't in the tenant's Azure AD), you can filter down even further:
Get-MsolUser -All | ? {$_.ImmutableID -eq $null -and $_.UserPrincipalName -notlike "*#EXT#*"}
| « ‹ | April 2025 | › » | ||||
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | |||
