microsoftgraph
Filtering block throwing errors for Entra commands
Customer feedback:
Error: Get-EntraUser: Cannot evaluate parameter 'Filter' because its argument is specified as a script block and there is no input. A script block cannot be evaluated without input.
Example:
PS C:\Program Files\PowerShell\Modules> get-entrauser -Filter {mail eq 'user@contoso'} | select-object userprincipalname
Get-EntraUser: Cannot evaluate parameter 'Filter' because its argument is specified as a script block and there is no input. A script block cannot be evaluated without input.
Working example:
PS C:\Program Files\PowerShell\Modules> get-entrauser -Filter "mail eq '[email protected]'" | select-object userprincipalname
UserPrincipalName
----
[email protected]
Microsoft Graph PowerShell cmdlet example:
PS C:\Program Files\PowerShell\Modules> get-mguser -filter {mail eq '[email protected]'} -property userprincipalname | select-object userprincipalname
UserPrincipalName
----
user@contoso
Contributor: @brvr-esko
What is the issue here?
-Filter parameter accepts a string value not a script block.
Get-MgUser
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-Filter <String>]
...
...
Hello, the issue is standardization. I'm not clear why it would work with get-mguser and not with get-entrauser. Having no standardization will make it harder to port existing code to the new entra graph module. Using a scriptblock works with get-aduser and get-mguser, so I would expect it to work with get-entrauser as well.
There is no standard in PowerShell to make a parameter that expects a string to work with a script block.
# this works
PS> Get-Service -Name winrm
# this fails
PS> Get-Service -Name {winrm}
Get-Service: Cannot evaluate parameter 'Name' because its argument is specified as a script block and there is no input. A script block cannot be evaluated without input.
It's true that Get-MgUser and Get-AzAdUser work when you pass the script block to the -Filter parameter, but Get-AzureAdUser doesn't.
Get-AzureAdUser gives you the same error as Get-EntraUser.
Hello, @brvr-esko. We recognize the importance of standardization and are committed to maintaining as much consistency as possible.
However, our primary goal is to adopt a forward-looking approach, prioritizing alignment with Microsoft Graph platform standards. While we strive to ensure backward compatibility with older modules like AzureAD, our focus on a forward-looking posture will take precedence.
cc: @alexandair.
@SteveMutungi254 @brvr-esko
After some research...
It's all about delay-bind script blocks: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_script_blocks?view=powershell-7.4#using-delay-bind-script-blocks-with-parameters
-Filter parameter for Get-AzADUser and Get-MgUser doesn't accept a pipeline input, that's why script block is just converted to string and cmdlets work.
-Filter parameter for Get-AzureADUser and Get-EntraUser DOES ACCEPT pipeline input and delay-bind script blocks. However, input is not coming through the pipeline, so cmdlets fail with the error: "Cannot evaluate parameter 'Filter' because its argument is specified as a script block and there is no input. A script block cannot be evaluated without input."
That's the reason why:
Get-AzADUser -Filter {...} works
Get-MgUser -Filter {...} works
Get-AzureADUser -Filter {...} fails
Get-EntraUser -Filter {...} fails