diff --git a/scripts/get-spo-invalid-user-accounts/README.md b/scripts/get-spo-invalid-user-accounts/README.md index 567c8bac6..60364e610 100644 --- a/scripts/get-spo-invalid-user-accounts/README.md +++ b/scripts/get-spo-invalid-user-accounts/README.md @@ -26,66 +26,79 @@ if(-not $conn) $conn = Connect-PnPOnline -Url $SiteURL -Interactive -ReturnConnection } -function Get-AllUsersFromUPA -{ - $allUPAusers = @() - $UPAusers = Submit-PnPSearchQuery -Query "*" -SourceId "b09a7990-05ea-4af9-81ef-edfab16c4e31" -SelectProperties "Title,WorkEmail" -All -Connection $conn - foreach($user in $UPAusers.ResultRows) - { - $allUPAusers += $user.LoginName - } - $allUPAusers +# --------------------------- +# Function: Get all users from UPA +# --------------------------- +function Get-AllUsersFromUPA { + param([Parameter(Mandatory)] $Connection) + + $UPAusers = Submit-PnPSearchQuery ` + -Query "*" ` + -SourceId "b09a7990-05ea-4af9-81ef-edfab16c4e31" ` + -SelectProperties "Title,WorkEmail" ` + -All ` + -Connection $Connection + + return $UPAusers.ResultRows | ForEach-Object { $_.LoginName } } -function Get-UserFromGraph -{ - $disabledusersfromgraph = @() - $result = Invoke-PnPGraphMethod -Url "users?`$select=displayName,mail, AccountEnabled" -Connection $conn - - $result.value.Count - foreach($account in $result.value) - { - if($account.accountEnabled -eq $false) - { - $disabledusersfromgraph += $account.mail - } - } - $disabledusersfromgraph -} +# --------------------------- +# Function: Get disabled users from Azure AD (Graph) +# --------------------------- +function Get-DisabledUsersFromGraph { + param([Parameter(Mandatory)] $Connection) -$disabledusersfromgraph = Get-UserFromGraph -$allUPAusers = Get-AllUsersFromUPA + $result = Invoke-PnPGraphMethod -Url "users?`$select=displayName,mail,accountEnabled" -Connection $Connection + return $result.value | Where-Object { $_.accountEnabled -eq $false } | ForEach-Object { $_.mail } +} -$allSiteUsers = Get-PnPUser -Connection $conn -$validUsers = @() -$invalidUsers = @() -foreach($user in $allSiteUsers) -{ - try { - $userObj = Get-PnPUser -Identity $user.LoginName -Connection $conn -ErrorAction Stop - if($userObj.Email -in $disabledusersfromgraph) - { - Write-Host "User $($userObj.LoginName) is disabled in Azure AD" - $invalidUsers += $user - } - else - { - $hit = $allUPAusers | Where-Object {$_ -eq $userObj.LoginName} - if(-not $hit) - { - Write-Host "User $($userObj.LoginName) is not in the UPA" +# --------------------------- +# Function: Validate site users +# --------------------------- +function Validate-SiteUsers { + param( + [Parameter(Mandatory)] $Connection, + [Parameter(Mandatory)] $UPAusers, + [Parameter(Mandatory)] $DisabledUsers + ) + + $invalidUsers = @() + $allSiteUsers = Get-PnPUser -Connection $Connection + + foreach ($user in $allSiteUsers) { + try { + $userObj = Get-PnPUser -Identity $user.LoginName -Connection $Connection -ErrorAction Stop + + if ($userObj.Email -in $DisabledUsers) { + Write-Host "User $($userObj.LoginName) is disabled in Azure AD" -ForegroundColor Yellow + $invalidUsers += $user + } + elseif (-not ($UPAusers -contains $userObj.LoginName)) { + Write-Host "User $($userObj.LoginName) is not in the UPA" -ForegroundColor Yellow $invalidUsers += $user } } - - - } - catch { - $invalidUsers += $user + catch { + Write-Host "Error retrieving user $($user.LoginName), marking as invalid." -ForegroundColor Red + $invalidUsers += $user + } } + + return $invalidUsers } + +# --------------------------- +# Main Script Execution +# --------------------------- +$allUPAusers = Get-AllUsersFromUPA -Connection $conn +$disabledUsersFromGraph = Get-DisabledUsersFromGraph -Connection $conn +$invalidUsers = Validate-SiteUsers -Connection $conn -UPAusers $allUPAusers -DisabledUsers $disabledUsersFromGraph + +# Export invalid users to CSV $invalidUsers | Export-Csv -Path "C:\temp\invalidusers.csv" -Delimiter "|" -Encoding utf8 -Force +Write-Host "Script completed. Invalid users exported to C:\temp\invalidusers.csv" -ForegroundColor Green + ``` [!INCLUDE [More about PnP PowerShell](../../docfx/includes/MORE-PNPPS.md)] ***