Entra Provisioning Logs Reporting Scripts
Produce CSV report files based on downloaded JSON files of Entra Provisioning Logs.
Provide an easy way to report on changes made in Target Systems via Entra Provisioning Connectors.
- EntraProvisioningLogsReporter.ps1 (Windows PowerShell 5.1)
- Runs on Windows PowerShell 5.1.
- Uses System.Web.Extensions (JavaScriptSerializer) for performance on large JSON.
- EntraProvisioningLogsReporter_PSv7.ps1 (PowerShell 7.2+)
- Runs on PowerShell 7.2+ (Windows, Linux, macOS).
- Requires .NET 6+ (in-box System.Text.Json Nodes).
https://learn.microsoft.com/en-us/graph/api/resources/provisioningobjectsummary?view=graph-rest-1.0
The reports are CSV text files. Typically, these files are opened in Excel/Sheets where filtering can be used to analyze the data. Further processing can also be done via other processes/scripts capable of reading CSV text files.
Columns included in all reports generated by the scripts.
- id
- activityDateTime
- tenantId
- jobId
- cycleId
- changeId
- provisioningAction
- sourceSystemDisplayName
- targetSystemDisplayName
- initiatedByDisplayName
- provisioningStatusInfoStatus
- reportableIdentifier – In some cases, this is the only value available to identify objects in the Source system.
Columns that provide relevant information about Source/Target system attribute values. These attribute values are used by an Entra connector’s Synchronization Rule for Scoping Filters and Attribute Mappings.
These columns are included when the -Detailed switch is used.
The values are Entra-generated GUIDs that represent each Source/Target object. They exist only within the context of an Entra connector.
- SourceIdentity_EntraId
- TargetIdentity_EntraId
Columns used to identify an object’s attribute name and values in their respective Source/Target systems. Attribute names that exist on an object in the Source system are prefixed with "SourceIdentity_". Attribute names that exist on an object in the Target system are prefixed with "TargetIdentity_".
These columns help provide detailed analysis of how data flows through an Entra connector by providing the attributes from Source/Target systems used by Entra when evaluating scoping, matching, and updating actions on objects.
NOTE: The values in these columns are the existing values in the Source/Target system before changes are made by Entra.
| Column Name | Description |
|---|---|
| SourceIdentity_LegalFirstName | LegalFirstName is the attribute name from the Source system |
| TargetIdentity_FirstName | FirstName is the attribute name from the Target system |
Columns used to represent changes in the Target system made by an Entra connector. Each attribute that is changed will have a pair of corresponding columns identifying old and new attribute values. Columns indicating the previous value are suffixed with "_oldValue". Columns indicating the updated value are suffixed with "_newValue".
NOTE: To identify where a new value is null, a value of "(Null)" is used.
NOTE: To identify where a new value is whitespace or empty string, a value of "(EmptyString)" is used.
| Column Name | Description |
|---|---|
| FirstName_oldValue | Original value of FirstName attribute in the Target system |
| FirstName_newValue | Updated value of FirstName attribute in the Target system |
| PowerShell Version | Script Name | Compatibility |
|---|---|---|
| 5.1 | EntraProvisioningLogsReporter.ps1 | Will run in v7, but uses substantially more memory; preferred on PS 5.1 |
| 7.2+ | EntraProvisioningLogsReporter_PSv7.ps1 | Optimized for PS 7.2+ (.NET 6+); will fail in v5.1 |
Parameters used by the scripts to generate a report.
Parameter sets are mutually exclusive: AllRecords, Changes (default), Failures.
- JsonFile – Path to the JSON file downloaded from Entra containing Provisioning Logs.
- OutputFolder – Path to the folder where the generated CSV report will be written.
| Name | Details | Default Value | Notes |
|---|---|---|---|
| AllRecords | Generate a report containing all records within the JSON file. No filtering is applied. | False | When false, the report contains only records where at least one attribute was modified. Cannot be used with Failures. |
| Failures | Generate a report containing records where status is not "success" or "skipped". | False | When false, the report contains only records with successful changes. Cannot be used with AllRecords. |
| Detailed | Include "SourceIdentity_" and "TargetIdentity_" columns when present. | False | When false, these identity columns are not included. Can be used with or without AllRecords or Failures. |
Report names include a prefix of "Report_", the file name of the JsonFile used, the token "GeneratedOn", a timestamp (format "yyyy-MM-dd_HHmmss") of when the report was generated, followed by any switches used.
NOTE: When the AllRecords switch is false, "Changes" is used to indicate which records are included in the file.
JsonFile – C:\Scripts\provisioningLog.json
Time report generated – May 3rd, 2025, at 11:35:01 AM
| Switches | Report File Name |
|---|---|
| None | Report_provisioningLog_GeneratedOn_2025-05-03_113501_Changes.csv |
| Detailed | Report_provisioningLog_GeneratedOn_2025-05-03_113501_Changes_Detailed.csv |
| AllRecords | Report_provisioningLog_GeneratedOn_2025-05-03_113501_AllRecords.csv |
| AllRecords, Detailed | Report_provisioningLog_GeneratedOn_2025-05-03_113501_AllRecords_Detailed.csv |
| Failures | Report_provisioningLog_GeneratedOn_2025-05-03_113501_Failures.csv |
| Failures, Detailed | Report_provisioningLog_GeneratedOn_2025-05-03_113501_Failures_Detailed.csv |
| Command | Description |
|---|---|
| C:\Scripts\EntraProvisioningLogsReporter.ps1 -JsonFile "C:\Scripts\provisioningLog.json" -OutputFolder "C:\Scripts" | Generates report with default value of false for AllRecords, Failures, and Detailed. The report includes only records where changes were made to the Target System. Identity columns are not included. |
| C:\Scripts\EntraProvisioningLogsReporter.ps1 -JsonFile "C:\Scripts\provisioningLog.json" -OutputFolder "C:\Scripts" -Detailed | Generates report with Detailed enabled. The report includes only records where changes were made to the Target System and includes SourceIdentity_/TargetIdentity_ columns. |
| C:\Scripts\EntraProvisioningLogsReporter.ps1 -JsonFile "C:\Scripts\provisioningLog.json" -OutputFolder "C:\Scripts" -AllRecords | Generates a report with all records in the JSON file. Identity columns are not included. |
| C:\Scripts\EntraProvisioningLogsReporter.ps1 -JsonFile "C:\Scripts\provisioningLog.json" -OutputFolder "C:\Scripts" -AllRecords -Detailed | Generates a report with all records and includes SourceIdentity_/TargetIdentity_ columns. |
| C:\Scripts\EntraProvisioningLogsReporter.ps1 -JsonFile "C:\Scripts\provisioningLog.json" -OutputFolder "C:\Scripts" -Failures | Generates a report with only records where status is not "success" or "skipped". Identity columns are not included. |
| C:\Scripts\EntraProvisioningLogsReporter.ps1 -JsonFile "C:\Scripts\provisioningLog.json" -OutputFolder "C:\Scripts" -Failures -Detailed | Generates a report with only failed/skipped records and includes SourceIdentity_/TargetIdentity_ columns. |
| C:\Scripts\EntraProvisioningLogsReporter_PSv7.ps1 -JsonFile "C:\Scripts\provisioningLog.json" -OutputFolder "C:\Scripts" | Use this variant on PowerShell 7.2+. Supports the same switches and behavior as above. |
- Large files:
- On Windows PowerShell 5.1: use EntraProvisioningLogsReporter.ps1.
- On PowerShell 7.2+ (.NET 6+): use EntraProvisioningLogsReporter_PSv7.ps1.
- On PowerShell 6.x or 7.0/7.1: upgrade to 7.2+, or run the PS 5.1 script from a PS 5.1 host (its PS 6/7 fallback is more memory-intensive).
- Missing identity/step columns: Use the -Detailed switch.
- Encoding: If scripts or CSVs show garbled non-ASCII characters on PS 5.1, save files as UTF-8 with BOM, or specify -Encoding when reading/writing.