Getting Inactive Users in Office 365 with PowerShell
One of the biggest problems we encounter when managing any platform is the control of inactive users.
This problem is aggravated in Office365, since between the users who stop using and the guest users we end up having the Azure AD badly managed. In addition, we are faced with the Office365 Security Directives, which require us to monitor users who have not logged in for the last 30 to 90 days.
To obtain these users we will follow the following steps:
1. Modify the PowerShell Script
We start with the PowerShell Script Modification.
This script takes us to the directive to create a CSV file with the “UserPrincipalName” of the users to generate a report.
2. Executing the Script
For the execution of this Script, we have to pay attention to which points we have to modify to put the account of a Tenant’s Manager.
#Set admin UPN $UPN = 'firstname.lastname@example.org'
In the variable $UPN (UserPrincipalName) we will have to put the login of a Tenant’s administrator. This variable is used to open the connection with the EXO of Exchange Online.
If we need to know the inactive users with another time period we just need to modify the next variable:
$startDate = (Get-Date).AddDays(-90).ToString('MM/dd/yyyy')
If in the variable $startDate we change “-90” by another amount we will generate the report of the inactive users with this period. For example, if we put “-30” the report that will be generated will be the inactive users that have not logged in for 30 days or more.
3. Get History
The script will leave you the report in “C:\Users\”+ $DesktopUser +”\Documents\Return\Auditorias_” + $date +”.csv” so you should have created the “Return” folder in your “Documents” folder. This file that is created will have the date and time of the moment it was created. This way you can have a history of inactive users.
import-module MSOnline #$CredO365 = Get-Credential -Message "Exchange credentials" #$SesionO365 = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $CredO365 -Authentication Basic -AllowRedirection #Import-PSSession $SesionO365 -AllowClobber #$SessionEOP = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.protection.outlook.com/powershell-liveid/ -Credential $CredO365 -Authentication Basic -AllowRedirection #Import-PSSession $SessionEOP -AllowClobber $date = Get-Date -UFormat "%Y%m%dT%H%M%S" #$TenantId = "e3b21e9f-0c39-46be-b4db-4ccf9ce8d1f7" #"d2c93295-3e7a-4b26-80b9-295bd8216aaf" $DesktopUser = $env:USERNAME $ReturnFile = "C:\Users\"+ $DesktopUser +"\Documents\Return\Auditorias_" + $date +".csv" $Value = "UserPrincipalName" Add-Content -Path $ReturnFile -Value $Value #Set admin UPN $UPN = 'email@example.com' #This connects to Azure Active Directory & Exchange Online Connect-MsolService $EXOSession = New-ExoPSSession -UserPrincipalName $UPN Import-PSSession $EXOSession -AllowClobber $startDate = (Get-Date).AddDays(-90).ToString('MM/dd/yyyy') $endDate = (Get-Date).ToString('MM/dd/yyyy') $allUsers = @() $allUsers = Get-MsolUser -All -EnabledFilter EnabledOnly | Select UserPrincipalName, ObjectId $loggedOnUsers = @() $loggedOnUsers = Search-UnifiedAuditLog -StartDate $startDate -EndDate $endDate -Operations UserLoggedIn, PasswordLogonInitialAuthUsingPassword, UserLoginFailed, CreationDate -ResultSize 5000
I hope this post was helpful.
You can check my other posts about:
- How to get Full Inventory of Teams with PowerShell
- How to Sign Up Users in Office 365 with PowerShell
Consultor en plataformas Microsoft con más de 20 años de experiencia y con las de 15 años de experiencia en Microsoft Sharepoint