Tuesday, 13 February 2018

Check if Office 365 User is Blocked or Not using PowerShell

In this post I am going to share PowerShell script to check if a given office 365 user is blocked to sign-in by using latest Azure AD PowerShell for Graph. We can use Get-AzureADUser cmdlet to get office 365 user information, this command returns the property AccountEnabled and it indicates whether the login status of user is enabled or disabled. Earlier with Old Azure AD powershell command (Get-MsolUser) we had the same attribute with different name BlockCredential.

Before proceed install Azure Active Directory PowerShell for Graph and run the below command to connect Azure AD PowerShell module:
Connect-AzureAD
The below command checks if login status is enabled or blocked for the given azure ad user account:
$user = "username@o365domain.com"
$accountEnabled = (Get-AzureADUser -ObjectId $user).AccountEnabled
If ($accountEnabled) {
      Write-Host "$user enabled"
 } Else {
        Write-Host "$user disabled"
}

Check sign-in status of multiple user accounts:

Use the below command to check sign-in status is enabled or blocked for multiple user accounts:
$users = "user1@o365domain.com","user1@o365domain.com"
ForEach ($user in $users) {
$accountEnabled = (Get-AzureADUser -ObjectId $user).AccountEnabled
If ($accountEnabled) {
      Write-Host "$user enabled"
 } Else {
        Write-Host "$user disabled"
}}

Check account status for bulk users from CSV file:

The below command gets account status for bulk azure ad users by importing users from CSV file and export the result to csv file.
$Result=@() 
Import-Csv 'C:\Users.csv' | ForEach-Object {
$user = $_."UserPrincipalName"
$userObj = Get-AzureADUser -ObjectId $user
$Result += New-Object PSObject -property @{ 
Name = $userObj.DisplayName
UserPrincipalName = $userObj.UserPrincipalName
AccountEnabled = $userObj.AccountEnabled }
}
$Result | Export-CSV "C:\\AccountStatusReport.csv" -NoTypeInformation -Encoding UTF8

Export all Azure AD users account status to CSV file:

The below command gets all office 365 users and exports account enabled status to csv file.
$Result=@() 
Get-AzureADUser -All $True | ForEach-Object {
$Result += New-Object PSObject -property @{ 
Name = $_.DisplayName
UserPrincipalName = $_.UserPrincipalName
AccountEnabled = $_.AccountEnabled }
}
$Result | Export-CSV "C:\\AccountStatusReport.csv" -NoTypeInformation -Encoding UTF8

Advertisements
Advertisements

No comments:

Post a Comment