Added stale user script.
This commit is contained in:
Thomas De Reyck
78
microsoft/entra_id/list_stale_licensed_users.ps1
Normal file
78
microsoft/entra_id/list_stale_licensed_users.ps1
Normal file
@ -0,0 +1,78 @@
|
||||
"Connecting to Graph API."
|
||||
Connect-MgGraph -NoWelcome -Scopes "AuditLog.Read.All"
|
||||
|
||||
"Connecting to Exchange On-line"
|
||||
Connect-ExchangeOnline -ShowBanner:$false
|
||||
|
||||
"Fetching list of SKUs."
|
||||
# Note that SKU product names are documented at:
|
||||
# https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-service-plan-reference
|
||||
$SKUs = Get-MgSubscribedSku
|
||||
|
||||
"Fetching list of all users."
|
||||
$Users = Get-MgUser -All -Property Id, UserPrincipalName, DisplayName, SignInActivity, UserType
|
||||
|
||||
# Define an empty list for our results.
|
||||
$StaleUsers = @()
|
||||
|
||||
# Determine the cutoff date for users to be considered stale:
|
||||
$CutoffDate = $(Get-Date).AddDays(-90)
|
||||
|
||||
"Processing users."
|
||||
ForEach($User in $Users) {
|
||||
# If the user is a guest user, skip it.
|
||||
If($User.UserType -like "Guest") {
|
||||
Continue
|
||||
}
|
||||
|
||||
# If the user has signed in in the last 30 days, skip it.
|
||||
If($User.SignInActivity.LastSignInDateTime) {
|
||||
$LastSignInDateTime = [datetime]::parseexact($User.SignInActivity.LastSignInDateTime,'MM/dd/yyyy HH:mm:ss',$Null)
|
||||
If($LastSignInDateTime -gt $CutoffDate) {
|
||||
Continue
|
||||
}
|
||||
} Else {
|
||||
$LastSignInDateTime = "Never"
|
||||
}
|
||||
|
||||
# Get the recipient type from Exchange, if a mailbox exists.
|
||||
$OldPref = $global:ErrorActionPreference
|
||||
try {
|
||||
$global:ErrorActionPreference = 'Stop'
|
||||
$Type = (Get-EXOMailbox -Identity $User.UserPrincipalName).RecipientTypeDetails
|
||||
} catch {
|
||||
$Type = "No Mailbox"
|
||||
}
|
||||
finally {
|
||||
$global:ErrorActionPreference = $OldPref
|
||||
}
|
||||
|
||||
# Create a record to add to the results.
|
||||
$UserRecord = [PSCustomObject]@{
|
||||
Id = $User.Id
|
||||
UserPrincipalName = $User.UserPrincipalName
|
||||
DisplayName = $User.DisplayName
|
||||
LastSignInDateTime = $LastSignInDateTime
|
||||
AnyLicenseAssigned = $False
|
||||
Type = $Type
|
||||
}
|
||||
|
||||
ForEach($SKU in $SKUs) {
|
||||
Add-Member -InputObject $UserRecord -MemberType NoteProperty -Name $SKU.SkuPartNumber -Value $False
|
||||
}
|
||||
|
||||
$LicenseDetails = Get-MgUserLicenseDetail -UserId $User.UserPrincipalName
|
||||
|
||||
ForEach($LicenseDetail in $LicenseDetails) {
|
||||
$UserRecord.$($LicenseDetail.SkuPartNumber) = $True
|
||||
$UserRecord.AnyLicenseAssigned = $True
|
||||
}
|
||||
|
||||
$StaleUsers += ,$UserRecord
|
||||
|
||||
}
|
||||
|
||||
"Exporting results to CSV file."
|
||||
$StaleUsers | Sort-Object LastSignInDateTime | Select UserPrincipalName, DisplayName, Type, LastSignInDateTime, AnyLicenseAssigned, SPE_E3, SPE_E5 | Export-Csv -Path "stale_licensed_users.csv"
|
||||
|
||||
Disconnect-MgGraph
|
||||
Reference in New Issue
Block a user