Export + Entra User Reports with a Single PowerShell Script

By /

Listen to this Post

Exporting Entra users is straightforward, but filtering them based on specific conditions can be complex. To simplify this, a single PowerShell script has been developed to export 20+ different Entra user reports with minimal input.

Reports You Can Generate:

✅ All Entra users

✅ Disabled users

✅ Recently created guest users

✅ Disabled users with licenses

✅ Enabled users without licenses

✅ Unmanaged users who are still enabled

…and many more!

This script is ideal for audits, tenant cleanup, and improving visibility into your Microsoft 365 environment.

📥 Download the script here: https://lnkd.in/gFYB-qAP

You Should Know:

PowerShell Commands for Entra ID (Azure AD) User Management
Here are some essential PowerShell commands to manage Entra ID users effectively:

  1. Connect to Microsoft Graph (Required for the Script) 
    Connect-MgGraph -Scopes "User.Read.All", "Directory.Read.All"

2. List All Entra ID Users

Get-MgUser -All

3. Export Disabled Users

Get-MgUser -All | Where-Object { $_.AccountEnabled -eq $false } | Export-Csv "DisabledUsers.csv" -NoTypeInformation
  1. Find Guest Users Created in the Last 30 Days 
    $30DaysAgo = (Get-Date).AddDays(-30) 
Get-MgUser -All | Where-Object { $<em>.UserType -eq "Guest" -and $</em>.CreatedDateTime -gt $30DaysAgo }

5. Check Licensed vs. Unlicensed Users

 Licensed Users 
Get-MgUser -All | Where-Object { $_.AssignedLicenses -ne $null }

Unlicensed Users 
Get-MgUser -All | Where-Object { $_.AssignedLicenses -eq $null }

6. Find Orphaned (Unmanaged) Users

Get-MgUser -All | Where-Object { $<em>.AccountEnabled -eq $true -and $</em>.OnPremisesSyncEnabled -ne $true }

7. Bulk Disable Inactive Users (90+ Days)

$InactiveUsers = Get-MgUser -All | Where-Object { (Get-Date) - $<em>.LastLogonDate -gt 90 } 
$InactiveUsers | ForEach-Object { Update-MgUser -UserId $</em>.Id -AccountEnabled $false }

What Undercode Say

Managing Entra ID users efficiently requires automation, and PowerShell is the best tool for the job. The provided script simplifies bulk reporting, but mastering these commands enhances control over your Microsoft 365 environment.

For deeper automation, consider:

  • Scheduled PowerShell Scripts (via Azure Automation or Task Scheduler)
  • Microsoft Graph API Integration for custom queries
  • Conditional Access Policies to enforce security rules

Always test scripts in a non-production environment before execution.

Expected Output:

A structured CSV file containing filtered user data based on your selected report criteria.

Example Output Columns:

– `UserPrincipalName`
– `DisplayName`
– `AccountEnabled` (True/False)
– `LastLogonDate`
– `LicenseStatus`
– `UserType` (Member/Guest)

For more details, visit: Microsoft Graph PowerShell Documentation

References:

Reported By: Kavya A – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: