Description
Describe the feature
Get-EntraUser is currently unable to filter (-Filter) on the onPremisesImmutableID property. Get-MgUser is able to do this, though.
Example of filtering using Get-MgUser:
Get-MgUser -Filter "onPremisesImmutableId eq '$($ImmutableID)'" -Property userPrincipalName, Mail, ID, OnPremisesImmutableID -ErrorAction Stop | Select-Object userPrincipalName, Mail, ID, OnPremisesImmutableID
How will this feature enhance your project and further the project’s overall goals? Who will benefit from this feature (i.e. all users; the project team)?
Firstly, I believe this feature should be implemented mostly to keep the Entra module in line with the Graph module. If the Graph module is more capable for EntraID management then there is less reason for people to utilize the Entra module for EntraID management. Secondly, The onPremisesImmutableID is an ideal property to filter on given that many environments have hybrid users whose UPN & Mail properties do not match (external\B2B users). If you are able to pull the ObjectGUID from an Active Directory user object and convert it to the onPremisesImmutableID you can guarantee a successful match against the corresponding EntraID user object.
Describe alternatives you've considered
Currently, in my own environment, I have a function that tries to match the Active Directory user object with an EntraID object using userPrincipalName, Mail, & MailNickname (in that order). This works for the most part but requires more code than should be necessary.
Additional context
Calculating onPremisesImmutableID from objectGUID:
$ImmutableID = [Convert]::ToBase64String([guid]::New($i.ObjectGuid).ToByteArray())