-
Notifications
You must be signed in to change notification settings - Fork 143
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #642 from kasperbolarsen/main
added new script get-spo-invalid-user-accounts
- Loading branch information
Showing
4 changed files
with
160 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,103 @@ | ||
| --- | ||
| plugin: add-to-gallery | ||
| --- | ||
|
|
||
| # Get Site Collection invalid user accounts | ||
|
|
||
| ## Summary | ||
|
|
||
| When you have an old site collection with a lot of users, it can be hard to keep track of which users are valid and which are not. This script will help you find all the invalid users in your site collection. | ||
|
|
||
| In this script I have checked for two things: | ||
| 1. Users that are disabled in Azure AD | ||
| 2. Users that are not in the User Profile Application | ||
|
|
||
|  | ||
|
|
||
|
|
||
| # [PnP PowerShell](#tab/pnpps) | ||
|
|
||
| ```powershell | ||
| #extract all users from a site collection and check for validity | ||
| $SiteURL = "https://contoso.sharepoint.com/sites/workspaces" | ||
| if(-not $conn) | ||
| { | ||
| $conn = Connect-PnPOnline -Url $SiteURL -Interactive -ReturnConnection | ||
| } | ||
| function Get-AllUsersFromUPA | ||
| { | ||
| $allUPAusers = @() | ||
| $UPAusers = Submit-PnPSearchQuery -Query "*" -SourceId "b09a7990-05ea-4af9-81ef-edfab16c4e31" -SelectProperties "Title,WorkEmail" -All -Connection $conn | ||
| foreach($user in $UPAusers.ResultRows) | ||
| { | ||
| $allUPAusers += $user.LoginName | ||
| } | ||
| $allUPAusers | ||
| } | ||
| function Get-UserFromGraph | ||
| { | ||
| $disabledusersfromgraph = @() | ||
| $result = Invoke-PnPGraphMethod -Url "users?`$select=displayName,mail, AccountEnabled" -Connection $conn | ||
| $result.value.Count | ||
| foreach($account in $result.value) | ||
| { | ||
| if($account.accountEnabled -eq $false) | ||
| { | ||
| $disabledusersfromgraph += $account.mail | ||
| } | ||
| } | ||
| $disabledusersfromgraph | ||
| } | ||
| $disabledusersfromgraph = Get-UserFromGraph | ||
| $allUPAusers = Get-AllUsersFromUPA | ||
| $allSiteUsers = Get-PnPUser -Connection $conn | ||
| $validUsers = @() | ||
| $invalidUsers = @() | ||
| foreach($user in $allSiteUsers) | ||
| { | ||
| try { | ||
| $userObj = Get-PnPUser -Identity $user.LoginName -Connection $conn -ErrorAction Stop | ||
| if($userObj.Email -in $disabledusersfromgraph) | ||
| { | ||
| Write-Host "User $($userObj.LoginName) is disabled in Azure AD" | ||
| $invalidUsers += $user | ||
| } | ||
| else | ||
| { | ||
| $hit = $allUPAusers | Where-Object {$_ -eq $userObj.LoginName} | ||
| if(-not $hit) | ||
| { | ||
| Write-Host "User $($userObj.LoginName) is not in the UPA" | ||
| $invalidUsers += $user | ||
| } | ||
| } | ||
| } | ||
| catch { | ||
| $invalidUsers += $user | ||
| } | ||
| } | ||
| $invalidUsers | Export-Csv -Path "C:\temp\invalidusers.csv" -Delimiter "|" -Encoding utf8 -Force | ||
| ``` | ||
| [!INCLUDE [More about PnP PowerShell](../../docfx/includes/MORE-PNPPS.md)] | ||
| *** | ||
|
|
||
|
|
||
| ## Contributors | ||
|
|
||
| | Author(s) | | ||
| |-----------| | ||
| | Kasper Larsen | | ||
|
|
||
| [!INCLUDE [DISCLAIMER](../../docfx/includes/DISCLAIMER.md)] | ||
| <img src="https://m365-visitor-stats.azurewebsites.net/script-samples/scripts/get-spo-invalid-user-accounts" aria-hidden="true" /> |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| [ | ||
| { | ||
| "name": "get-spo-invalid-user-accounts", | ||
| "source": "pnp", | ||
| "title": "Get Site Collection invalid user accounts", | ||
| "shortDescription": "Find the user accounts which no longer is valid, export report to CSV", | ||
| "url": "https://pnp.github.io/script-samples/get-spo-invalid-user-accounts/README.html", | ||
| "longDescription": [ | ||
| "" | ||
| ], | ||
| "creationDateTime": "2024-01-10", | ||
| "updateDateTime": "2024-01-10", | ||
| "products": [ | ||
| "SharePoint", | ||
| "Graph" | ||
| ], | ||
| "metadata": [ | ||
| { | ||
| "key": "PNP-POWERSHELL", | ||
| "value": "2.3.0" | ||
| } | ||
| ], | ||
| "categories": [ | ||
| "Data", | ||
| "Report", | ||
| "Security" | ||
| ], | ||
| "tags": [ | ||
| "Invoke-PnPGraphMethod", | ||
| "Get-PnPUser", | ||
| "Submit-PnPSearchQuery" | ||
| ], | ||
| "thumbnails": [ | ||
| { | ||
| "type": "image", | ||
| "order": 100, | ||
| "url": "https://raw.githubusercontent.com/pnp/script-samples/main/scripts/get-spo-invalid-user-accounts/assets/preview.png", | ||
| "alt": "Preview of the sample Get Site Collection invalid user accounts" | ||
| } | ||
| ], | ||
| "authors": [ | ||
| { | ||
| "gitHubAccount": "kasperbolarsen", | ||
| "company": "", | ||
| "pictureUrl": "https://github.com/kasperbolarsen.png", | ||
| "name": "Kasper Larsen" | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "name": "Want to learn more about PnP PowerShell and the cmdlets", | ||
| "description": "Check out the PnP PowerShell site to get started and for the reference to the cmdlets.", | ||
| "url": "https://aka.ms/pnp/powershell" | ||
| } | ||
| ] | ||
| } | ||
| ] |