You have been using Azure Active Directory for a while. Now you notice you have several "external - guest" user listed in your Azure AD users. You need to gather the list of inactive guest user account.
Resolution:
We can try to get the list of inactive users by using Microsoft Graph.
Connect-MgGraph -Scopes "User.Read.All","AuditLog.Read.All"
#Logon using Global Admin
$guestUsers = Get-MgUser -Filter "userType eq 'Guest' and accountEnabled eq true" -Property DisplayName, UserPrincipalName, SignInActivity, CreatedDateTime
$inactiveGuestUsers = $guestUsers | Where-Object {($_.SignInActivity.LastSignInDateTime -lt (Get-Date).AddDays(-90)) -or ($_.SignInActivity.LastSignInDateTime -eq $null)}
# Display the list of inactive guest users
$inactiveGuestUsers | Select-Object DisplayName, UserPrincipalName, @{Name="LastSignInDateTime"; Expression={$_.SignInActivity.LastSignInDateTime}}, CreatedDateTime
No comments:
Post a Comment