Table of Contents
Method 1: Using Microsoft Graph PowerShell SDK
Pre-requisites
Before you begin, you need to ensure the following:
- A computer with Windows PowerShell 5.1+ or PowerShell 7+ (Mac or Linux)
- Installed Microsoft Graph PowerShell SDK.
Or you can open a new PowerShell (Terminal) window then run the below commands to install the Microsoft Graph PowerShell SDK.
Install-Module Microsoft.Graph -Force
Install-Module Microsoft.Graph.Beta -AllowClobber -Force
Once done, connect to Microsoft Graph PowerShell with the following required scopes then sign in using an administrative account or Global admin account.
Connect-MgGraph -Scopes User.Read.All
The PowerShell script
Below is a simple script that help you get the list of disabled user accounts in your Microsoft 365 tenant. You can copy then run the code directly in the PowerShell console or you can create a PowerShell script for later use.
# Define the properties to retrieve from the user
$properties = @(
'DisplayName', 'UserPrincipalName', 'Mail', 'UserType', 'AccountEnabled'
)
# Get a list of inactive users from the Microsoft Graph
$disabledUsers = Get-MgUser -All -Filter "AccountEnabled eq false" -Property $properties
# Output options to console, graphical grid view or export to CSV file.
$disabledUsers | select -Property $properties | Format-Table
# $disabledUsers | select -Property $properties | Out-GridView
# $disabledUsers | select -Property $properties | Export-Csv 'C:\Temp\report.csv' -Nti -Encoding UTF8
In the script, we’ve added some output options such as show it in the graphical grid view or export it to a CSV file. You can uncomment to enable them.
# Output
DisplayName UserPrincipalName Mail UserType AccountEnabled
----------- ----------------- ---- -------- --------------
Alex Wilber [email protected] [email protected] Member False
Allan Deyoung [email protected] [email protected] Member False
Adele Vance [email protected] [email protected] Member False
Bianca Pisani [email protected] Member False
As you notice, the value of the accountEnable property is false means the account is disabled.
Method 2: Using Microsoft Graph REST API
Alternatively, we can use the Microsoft Graph Rest Api to get the list of disabled user accounts in you Microsoft 365 tenant. When using this method:
- We don’t need to install any modules of the Microsoft Graph PowerShell SDK (~ 80 modules).
- We can do it from any machine with Microsoft PowerShell/ PowerShell Core installed (Linux and macOS). Because it uses the native PowerShell cmdlet Invoke-RestMethod to make a request.
- Instead of using an account for authentication and authorization, we use the app-only access (access without a user).
Once the app has been created, replace your app’s information (clientId, tenantId and the clientSecret) into the below code. Steps in this code:
- Get access token ($token) with app registration client secret.
- Create the request header ($headers) for API call.
- Create requests to the Microsoft Graph resource ($uri) with pagination to get all data.
- Build the report ($result) from API call response.
- Output options to console, graphical grid view or export to CSV file.
# Get access token with app registration client secret.
$clientId = "xxxxxxxxxxxxxxxxxxxxxxxxxx"
$tenantId = "xxxxxxxxxxxxxxxxxxxxxxxxxx"
$clientSecret = "xxxxxxxxxxxxxxxxxxxxxxxxxx"
$uri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
$body = @{
Grant_Type = "client_credentials"
Scope = "https://graph.microsoft.com/.default"
client_Id = $clientId
Client_Secret = $clientSecret
}
$tokenRequest = Invoke-RestMethod -Uri $uri -Method POST -Body $body
$token = $tokenRequest.access_token
# Create the request header for API call.
$headers = @{
"Authorization" = "Bearer $token"
"Content-Type" = "application/json"
}
# This resource returns users list with accountEnabled detail for requests.
$uri = "https://graph.microsoft.com/v1.0/users?`$select=displayName,userPrincipalName,userType,accountEnabled&`$filter=accountEnabled eq false"
#Perform pagination if next page link (odata.nextlink) returned.
$result = @()
while ($null -ne $uri) {
$response = Invoke-RestMethod -Uri $uri -Headers $headers -Method GET
$result += $response.value
$uri =$response.'@odata.nextlink'
}
# Output options to console, graphical grid view or export to CSV file.
$result | Format-Table
# $result | Out-GridView
# $result | Export-CSV "C:\Result.csv" -NoTypeInformation -Encoding UTF8
Manage Microsoft 365 Using Microsoft Graph
You can also take a look at the following Microsoft Graph posts that help to manage Microsoft 365 efficiently.
- Create a new user
- Create bulk users in Microsoft 365
- Get a list of all users in Microsoft 365
- Update user properties
- Add a user to a group
- Add bulk users to a group
- Remove users from a group
- Remove multiple users from a group
- Assign managers for Microsoft 365 users
- Assign licenses to users
- Removing licenses from user accounts
- Delete a user from Microsoft 365
- How to use Get-MgUser cmdlet
Not a reader? Watch this related video tutorial: