-
Notifications
You must be signed in to change notification settings - Fork 28
Enganga/get msidinactivesigninuser #1438
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
1853c09
927d205
8b924ee
91f27e0
673ed07
a018358
d778da9
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
# ------------------------------------------------------------------------------ | ||
# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. | ||
# ------------------------------------------------------------------------------ | ||
|
||
function Get-EntraInactiveSignInUser { | ||
[CmdletBinding()] | ||
[OutputType([string])] | ||
param ( | ||
# User Last Sign In Activity is before Days ago | ||
[Parameter(Mandatory = $true, ValueFromPipeline = $true, Position = 1)] | ||
[Alias("BeforeDaysAgo")] | ||
[int] $LastSignInBeforeDaysAgo = 30, | ||
# Return results for All, Member, or Guest userTypes | ||
[ValidateSet("All", "Member", "Guest")] | ||
[string] | ||
$UserType = "All" | ||
) | ||
|
||
process { | ||
$customHeaders = New-EntraCustomHeaders -Command $MyInvocation.MyCommand | ||
$queryDate = (Get-Date).AddDays(-$LastSignInBeforeDaysAgo).ToString("yyyy-MM-ddTHH:mm:ssZ") | ||
$inactiveFilter = "(signInActivity/lastSignInDateTime le $queryDate)" | ||
|
||
$uri = "/v1.0/users?`$filter=$inactiveFilter&`$select=signInActivity,UserPrincipalName,Id,DisplayName,mail,userType,createdDateTime,accountEnabled" | ||
|
||
Write-Debug ("Retrieving Users with Filter {0}" -f $inactiveFilter) | ||
$queryUsers = (Invoke-GraphRequest -Method GET -Uri $uri -Headers $customHeaders).value | ||
|
||
switch ($UserType) { | ||
"Member" { $users = $queryUsers | Where-Object { $_.userType -eq 'Member' } } | ||
"Guest" { $users = $queryUsers | Where-Object { $_.userType -eq 'Guest' } } | ||
"All" { $users = $queryUsers } | ||
} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can this be filtered at the API level instead of client-side? if ($UserType -ne "All") { Then just use the results directly |
||
|
||
foreach ($userObject in $users) { | ||
$checkedUser = [ordered] @{ | ||
UserID = $userObject.Id | ||
DisplayName = $userObject.DisplayName | ||
UserPrincipalName = $userObject.UserPrincipalName | ||
Mail = $userObject.Mail | ||
UserType = $userObject.UserType | ||
AccountEnabled = $userObject.AccountEnabled | ||
} | ||
|
||
If ($null -eq $userObject.signInActivity.LastSignInDateTime) { | ||
$checkedUser["LastSignInDateTime"] = "Unknown" | ||
$checkedUser["LastSigninDaysAgo"] = "Unknown" | ||
$checkedUser["lastNonInteractiveSignInDateTime"] = "Unknown" | ||
} | ||
else { | ||
$checkedUser["LastSignInDateTime"] = $userObject.signInActivity.LastSignInDateTime | ||
$checkedUser["LastSigninDaysAgo"] = (New-TimeSpan -Start $checkedUser.LastSignInDateTime -End (Get-Date)).Days | ||
$checkedUser["lastSignInRequestId"] = $userObject.signInActivity.lastSignInRequestId | ||
|
||
If ($null -eq $userObject.signInActivity.lastNonInteractiveSignInDateTime) { | ||
$checkedUser["lastNonInteractiveSignInDateTime"] = "Unknown" | ||
$checkedUser["LastNonInteractiveSigninDaysAgo"] = "Unknown" | ||
} else { | ||
$checkedUser["lastNonInteractiveSignInDateTime"] = $userObject.signInActivity.lastNonInteractiveSignInDateTime | ||
$checkedUser["LastNonInteractiveSigninDaysAgo"] = (New-TimeSpan -Start $checkedUser.lastNonInteractiveSignInDateTime -End (Get-Date)).Days | ||
$checkedUser["lastNonInteractiveSignInRequestId"] = $userObject.signInActivity.lastNonInteractiveSignInRequestId | ||
} | ||
} | ||
|
||
If ($null -eq $userObject.CreatedDateTime) { | ||
$checkedUser["CreatedDateTime"] = "Unknown" | ||
$checkedUser["CreatedDaysAgo"] = "Unknown" | ||
} | ||
else { | ||
$checkedUser["CreatedDateTime"] = $userObject.CreatedDateTime | ||
$checkedUser["CreatedDaysAgo"] = (New-TimeSpan -Start $userObject.CreatedDateTime -End (Get-Date)).Days | ||
} | ||
|
||
Write-Output ([PSCustomObject]$checkedUser) | ||
} | ||
} | ||
} | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
# ------------------------------------------------------------------------------ | ||
# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. | ||
# ------------------------------------------------------------------------------ | ||
|
||
function Get-EntraBetaInactiveSignInUser { | ||
[CmdletBinding()] | ||
[OutputType([string])] | ||
param ( | ||
# User Last Sign In Activity is before Days ago | ||
[Parameter(Mandatory = $true, ValueFromPipeline = $true, Position = 1)] | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. this paramater seems to be mandatory but has a default value of 30, should the [ValidateRange(30, [int]::MaxValue)] attribute be better to use here? |
||
[Alias("BeforeDaysAgo")] | ||
[int] $LastSignInBeforeDaysAgo = 30, | ||
# Return results for All, Member, or Guest userTypes | ||
[ValidateSet("All", "Member", "Guest")] | ||
[string] | ||
$UserType = "All" | ||
) | ||
|
||
process { | ||
$customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand | ||
$queryDate = (Get-Date).AddDays(-$LastSignInBeforeDaysAgo).ToString("yyyy-MM-ddTHH:mm:ssZ") | ||
$inactiveFilter = "(signInActivity/lastSignInDateTime le $queryDate)" | ||
|
||
$uri = "/beta/users?`$filter=$inactiveFilter&`$select=signInActivity,UserPrincipalName,Id,DisplayName,mail,userType,createdDateTime,accountEnabled" | ||
|
||
Write-Debug ("Retrieving Users with Filter {0}" -f $inactiveFilter) | ||
$queryUsers = (Invoke-GraphRequest -Method GET -Uri $uri -Headers $customHeaders).value | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. can this be filtered at the API level instead of client-side? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. i.e if ($UserType -ne "All") { Then just use the results directly |
||
|
||
switch ($UserType) { | ||
"Member" { $users = $queryUsers | Where-Object { $_.userType -eq 'Member' } } | ||
"Guest" { $users = $queryUsers | Where-Object { $_.userType -eq 'Guest' } } | ||
"All" { $users = $queryUsers } | ||
} | ||
|
||
foreach ($userObject in $users) { | ||
$checkedUser = [ordered] @{ | ||
UserID = $userObject.Id | ||
DisplayName = $userObject.DisplayName | ||
UserPrincipalName = $userObject.UserPrincipalName | ||
Mail = $userObject.Mail | ||
UserType = $userObject.UserType | ||
AccountEnabled = $userObject.AccountEnabled | ||
} | ||
|
||
If ($null -eq $userObject.signInActivity.LastSignInDateTime) { | ||
$checkedUser["LastSignInDateTime"] = "Unknown" | ||
$checkedUser["LastSigninDaysAgo"] = "Unknown" | ||
$checkedUser["lastNonInteractiveSignInDateTime"] = "Unknown" | ||
} | ||
else { | ||
$checkedUser["LastSignInDateTime"] = $userObject.signInActivity.LastSignInDateTime | ||
$checkedUser["LastSigninDaysAgo"] = (New-TimeSpan -Start $checkedUser.LastSignInDateTime -End (Get-Date)).Days | ||
$checkedUser["lastSignInRequestId"] = $userObject.signInActivity.lastSignInRequestId | ||
|
||
If ($null -eq $userObject.signInActivity.lastNonInteractiveSignInDateTime) { | ||
$checkedUser["lastNonInteractiveSignInDateTime"] = "Unknown" | ||
$checkedUser["LastNonInteractiveSigninDaysAgo"] = "Unknown" | ||
} else { | ||
$checkedUser["lastNonInteractiveSignInDateTime"] = $userObject.signInActivity.lastNonInteractiveSignInDateTime | ||
$checkedUser["LastNonInteractiveSigninDaysAgo"] = (New-TimeSpan -Start $checkedUser.lastNonInteractiveSignInDateTime -End (Get-Date)).Days | ||
$checkedUser["lastNonInteractiveSignInRequestId"] = $userObject.signInActivity.lastNonInteractiveSignInRequestId | ||
} | ||
} | ||
|
||
If ($null -eq $userObject.CreatedDateTime) { | ||
$checkedUser["CreatedDateTime"] = "Unknown" | ||
$checkedUser["CreatedDaysAgo"] = "Unknown" | ||
} | ||
else { | ||
$checkedUser["CreatedDateTime"] = $userObject.CreatedDateTime | ||
$checkedUser["CreatedDaysAgo"] = (New-TimeSpan -Start $userObject.CreatedDateTime -End (Get-Date)).Days | ||
} | ||
|
||
Write-Output ([PSCustomObject]$checkedUser) | ||
} | ||
} | ||
} | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,154 @@ | ||
--- | ||
title: Get-EntraBetaInactiveSignInUser | ||
description: This article provides details on the Get-EntraBetaInactiveSignInUser command. | ||
|
||
ms.topic: reference | ||
ms.date: 04/02/2025 | ||
ms.author: eunicewaweru | ||
ms.reviewer: stevemutungi | ||
manager: CelesteDG | ||
author: msewaweru | ||
|
||
external help file: Microsoft.Entra.Beta.Users-Help.xml | ||
Module Name: Microsoft.Entra.Beta | ||
online version: https://learn.microsoft.com/powershell/module/Microsoft.Entra.Beta/Get-EntraBetaInactiveSignInUser | ||
|
||
schema: 2.0.0 | ||
--- | ||
|
||
# Get-EntraBetaInactiveSignInUser | ||
|
||
## Synopsis | ||
|
||
Retrieve users who have not had interactive sign-ins since a specified number of days ago. | ||
|
||
## Syntax | ||
|
||
```powershell | ||
Get-EntraBetaInactiveSignInUser | ||
[-LastSignInBeforeDaysAgo <Int32>] | ||
[-UserType <String>] | ||
[<CommonParameters>] | ||
``` | ||
|
||
## Description | ||
|
||
The `Get-EntraBetaInactiveSignInUser` cmdlet retrieves users who have not signed in interactively within a specified number of days. This can be useful for identifying inactive accounts in your Microsoft Entra ID environment. | ||
|
||
## Examples | ||
|
||
### Example 1: Retrieve users who have not signed in for 30 days | ||
|
||
```powershell | ||
Get-EntraBetaInactiveSignInUser -LastSignInBeforeDaysAgo 30 | ||
``` | ||
|
||
```Output | ||
UserID : dddddddd-3333-4444-5555-eeeeeeeeeeee | ||
DisplayName : John Doe | ||
UserPrincipalName : [email protected] | ||
Mail : [email protected] | ||
UserType : Member | ||
AccountEnabled : True | ||
LastSignInDateTime : 03/02/2025 5:59:28 AM | ||
LastSigninDaysAgo : 30 | ||
lastSignInRequestId : cccccccc-2222-3333-4444-dddddddddddd | ||
lastNonInteractiveSignInDateTime : Unknown | ||
LastNonInteractiveSigninDaysAgo : Unknown | ||
CreatedDateTime : 01/04/2025 5:55:34 AM | ||
CreatedDaysAgo : 30 | ||
|
||
UserID : aaaaaaaaa-3333-4444-5555-eeeeeeeeeeee | ||
DisplayName : Example User | ||
UserPrincipalName : [email protected] | ||
Mail : [email protected] | ||
UserType : Guest | ||
AccountEnabled : True | ||
LastSignInDateTime : 03/02/2025 5:59:28 AM | ||
LastSigninDaysAgo : 30 | ||
lastSignInRequestId : ddddddddd-2222-3333-4444-dddddddddddd | ||
lastNonInteractiveSignInDateTime : Unknown | ||
LastNonInteractiveSigninDaysAgo : Unknown | ||
CreatedDateTime : 01/04/2025 5:00:34 AM | ||
CreatedDaysAgo : 30 | ||
``` | ||
|
||
This command retrieves users who have not had an interactive sign-in within the last 30 days. | ||
|
||
### Example 2: Retrieve inactive guest users | ||
|
||
```powershell | ||
Get-EntraBetaInactiveSignInUser -LastSignInBeforeDaysAgo 90 -UserType "Guest" | ||
``` | ||
|
||
```Output | ||
UserID : dddddddd-3333-4444-5555-eeeeeeeeeeee | ||
DisplayName : John Doe | ||
UserPrincipalName : [email protected] | ||
Mail : [email protected] | ||
UserType : Guest | ||
AccountEnabled : True | ||
LastSignInDateTime : 03/02/2025 5:59:28 AM | ||
LastSigninDaysAgo : 30 | ||
lastSignInRequestId : cccccccc-2222-3333-4444-dddddddddddd | ||
lastNonInteractiveSignInDateTime : Unknown | ||
LastNonInteractiveSigninDaysAgo : Unknown | ||
CreatedDateTime : 01/04/2025 5:55:34 AM | ||
CreatedDaysAgo : 30 | ||
``` | ||
|
||
This command retrieves guest users who have not had an interactive sign-in within the last 90 days. | ||
|
||
## Parameters | ||
|
||
### -LastSignInBeforeDaysAgo | ||
|
||
Specifies the number of days since the last interactive sign-in. Users who have not signed in within this period will be returned. | ||
|
||
```yaml | ||
Type: System.Int32 | ||
Parameter Sets: (All) | ||
Aliases: | ||
|
||
Required: True | ||
Position: Named | ||
Default value: None | ||
Accept pipeline input: True (ByPropertyName, ByValue) | ||
Accept wildcard characters: False | ||
``` | ||
|
||
### -UserType | ||
|
||
Filters users based on their type (e.g., "Member" or "Guest"). | ||
|
||
```yaml | ||
Type: System.String | ||
Parameter Sets: (All) | ||
Aliases: | ||
|
||
Required: False | ||
Position: Named | ||
Default value: "All" | ||
Accept pipeline input: True (ByPropertyName, ByValue) | ||
Accept wildcard characters: False | ||
``` | ||
|
||
### CommonParameters | ||
|
||
This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, `-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, `-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). | ||
|
||
## Inputs | ||
|
||
### System.Int32 | ||
|
||
You can pipe an integer value to the `-LastSignInBeforeDaysAgo` parameter. | ||
|
||
## Outputs | ||
|
||
### System.Object | ||
|
||
Returns a list of users who have not signed in within the specified period. | ||
|
||
## Notes | ||
|
||
## Related Links |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this paramater seems to be mandatory but has a default value of 30, should the [ValidateRange(30, [int]::MaxValue)] attribute be better used here?