40 C
Dubai
Thursday, August 11, 2022
spot_img

Find Azure AD Inactive Users using Powershell and Graph

Finding Inactive users with the Last Logon Date from the Azure Active Directory has never been easier. LastSignInDateTime property was introduced in Microsoft Graph to make it easier for Admins to retrieve so that cleanup can be done periodically.

There are numerous ways to retrieve this property, Simplified the whole process with a few lines of code so that it doesn’t complicate starters to retrieve them from Azure AD. Please note this requires the tenant to have Azure AD P1 or P2 license
if you don’t have the required license to retrieve this property, you will get the below error.

“error”:{“code”:”Authentication_RequestFromNonPremiumTenantOrB2CTenant”,”message”:”Neither tenant is B2C or tenant doesn’t have premium license”

Firstly we need an Azure AD App Registration with a few permissions like AuditLog.Read.All and Directory.Read.All
Let’s create an App Registration,

I have named it UserSigninLogs

App is Created

Client Secret is Created.

Add the required permissions, AuditLog.Read.All and Directory.Read.All and Grant Admin Consent.

Now we have the Application ID and Directory ID and Client Secret for our Script to retrieve data via Microsoft Graph.

After replacing the above value you can retrieve them into a CSV file. You can change the number and CSV file name as per your requirements, or run without parameters it will take default values.

.\AzureAD_Inactive_Users.ps1 -LastLogonDays 90 -CSVFileName 90daysinactive.csv


.\AzureAD_Inactive_Users.ps1 -LastLogonDays 60 


.\AzureAD_Inactive_Users.ps1 

CSV Format

Download from GitHub –

AzureAD_Inactive_Users/AzureAD_Inactive_Users.ps1 at main ยท azure365pro/AzureAD_Inactive_Users (github.com)

Satheshwaran Manoharan
Satheshwaran Manoharanhttps://www.azure365pro.com
Specialized in Microsoft Azure - Office 365 / Microsoft Exchange; conducted numerous projects worldwide in designing, supporting, and implementing messaging and virtualization infrastructure for medium-sized and large enterprises. Further, I am a Cloud Architect and Technical Advisor for various start-ups.

Related Articles

2 COMMENTS

  1. Does this script account for users who have never logged in? Example: a user was created 2 years ago and has never logged in. Will this script mark the account as inactive?

LEAVE A REPLY

Please enter your comment!
Please enter your name here