forked from 12Knocksinna/Office365itpros
-
Notifications
You must be signed in to change notification settings - Fork 0
/
FindOldGuestUsers.ps1
69 lines (62 loc) · 4.31 KB
/
FindOldGuestUsers.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# FindOldGuestUsers.PS1
# Script to find Guest User Accounts in an Office 365 Tenant that are older than 365 days (update the $GuestAccountAge variable to set a different
# number of days to check for) and the groups they belong to
# Script needs to connect to Azure Active Directory and Exchange Online PowerShell.
# https://github.com/12Knocksinna/Office365itpros/blob/master/FindOldGuestUsers.ps1
# Make sure the right modules are loaded...
If ("ExchangeOnlineManagement" -notin $Modules.Name) {Write-Host "Please connect to Exchange Online Management before continuing...";break}
If ("AzureAD" -notin $Modules.Name) {Write-Host "Please connect to Azure AD before continuing...";break}
# Set age threshold for reporting a guest account
[int]$AgeThreshold = 365
# Output report name
$OutputReport = "c:\Temp\OldGuestAccounts.csv"
# Get all guest accounts in the tenant
$GuestUsers = Get-AzureADUser -All $true -Filter "UserType eq 'Guest'" | Sort DisplayName
$Today = (Get-Date); $i = 0; $StaleGuests = 0; $Report = [System.Collections.Generic.List[Object]]::new()
# Loop through the guest accounts looking for old accounts
CLS
ForEach ($Guest in $GuestUsers) {
# Check the age of the guest account, and if it's over the threshold for days, report it
$AADAccountAge = ($Guest.RefreshTokensValidFromDateTime | New-TimeSpan).Days
$i++
If ($AADAccountAge -gt $AgeThreshold) {
$ProgressBar = "Processing Guest " + $Guest.DisplayName + " " + $AAdAccountAge + " days old " + " (" + $i + " of " + $GuestUsers.Count + ")"
Write-Progress -Activity "Checking Guest Account Information" -Status $ProgressBar -PercentComplete ($i/$GuestUsers.Count*100)
$StaleGuests++
# Find what Office 365 Groups the guest belongs to... if any
$DN = (Get-Recipient -Identity $Guest.UserPrincipalName).DistinguishedName
# The distinguished name for some accounts might contain an apostrophe, so we need to process them in a certain way
If ($Dn -like "*'*") {
$DNNew = "'" + "$($dn.Replace("'","''''"))" + "'"
$Cmd = "Get-Recipient -Filter 'Members -eq '$DNnew'' -RecipientTypeDetails GroupMailbox | Select DisplayName, ExternalDirectoryObjectId"
$GuestGroups = Invoke-Expression $Cmd }
Else {
$GuestGroups = (Get-Recipient -Filter "Members -eq '$Dn'" -RecipientTypeDetails GroupMailbox | Select DisplayName, ExternalDirectoryObjectId) }
$GroupNames = $Null
If ($GuestGroups -ne $Null) {
$GroupNames = $GuestGroups.DisplayName -join ", " }
# Find the last sign-in date for the guest account, which might indicate how active the account is
$UserLastLogonDate = $Null
$UserObjectId = $Guest.ObjectId
$UserLastLogonDate = (Get-AzureADAuditSignInLogs -Top 1 -Filter "userid eq '$UserObjectId' and status/errorCode eq 0").CreatedDateTime
If ($UserLastLogonDate -ne $Null) {
$UserLastLogonDate = Get-Date ($UserLastLogonDate) -format g }
Else {
$UserLastLogonDate = "No recent sign in records found" }
$ReportLine = [PSCustomObject][Ordered]@{
UPN = $Guest.UserPrincipalName
Name = $Guest.DisplayName
Age = $AADAccountAge
"Account created" = $Guest.RefreshTokensValidFromDateTime
"Last sign in" = $UserLastLogonDate
Groups = $GroupNames
DN = $DN}
$Report.Add($ReportLine) }
}
$Report | Sort Name | Export-CSV -NoTypeInformation $OutputReport
$PercentStale = ($StaleGuests/$GuestUsers.Count).toString("P")
Write-Host ("Script complete. {0} guest accounts found aged over {1} days ({2} of total). Output CSV file is in {3}" -f $StaleGuests, $AgeThreshold, $PercentStale, $OutputReport)
# An example script used to illustrate a concept. More information about the topic can be found in the Office 365 for IT Pros eBook https://gum.co/O365IT/
# and/or a relevant article on https://office365itpros.com or https://www.petri.com. See our post about the Office 365 for IT Pros repository # https://office365itpros.com/office-365-github-repository/ for information about the scripts we write.
# Do not use our scripts in production until you are satisfied that the code meets the need of your organization. Never run any code downloaded from the Internet without
# first validating the code in a non-production environment.