Check if Office 365 User is Blocked or Not using PowerShell

by

In this post I am going to share PowerShell script to check if a given office 365 user is blocked to sign-in by using latest Azure AD PowerShell for Graph. We can use Get-AzureADUser cmdlet to get office 365 user information, this command returns the property AccountEnabled and it indicates whether the login status of user is enabled or disabled. Earlier with Old Azure AD powershell command (Get-MsolUser) we had the same attribute with different name BlockCredential.

Before proceed install Azure Active Directory PowerShell for Graph and run the below command to connect Azure AD PowerShell module:

Connect-AzureAD

The below command checks if login status is enabled or blocked for the given azure ad user account:

$user = "[email protected]"
$accountEnabled = (Get-AzureADUser -ObjectId $user).AccountEnabled
If ($accountEnabled) {
      Write-Host "$user enabled"
 } Else {
        Write-Host "$user disabled"
}

Check sign-in status of multiple user accounts

Use the below command to check sign-in status is enabled or blocked for multiple user accounts:

$users = "[email protected]","[email protected]"
ForEach ($user in $users) {
$accountEnabled = (Get-AzureADUser -ObjectId $user).AccountEnabled
If ($accountEnabled) {
      Write-Host "$user enabled"
 } Else {
        Write-Host "$user disabled"
}}

Check account status for bulk users from CSV file

The below command gets account status for bulk azure ad users by importing users from CSV file and export the result to csv file.

$Result=@() 
Import-Csv 'C:\Users.csv' | ForEach-Object {
$user = $_."UserPrincipalName"
$userObj = Get-AzureADUser -ObjectId $user
$Result += New-Object PSObject -property @{ 
Name = $userObj.DisplayName
UserPrincipalName = $userObj.UserPrincipalName
AccountEnabled = $userObj.AccountEnabled }
}
$Result | Export-CSV "C:\AccountStatusReport.csv" -NoTypeInformation -Encoding UTF8

Export all Azure AD users account status to CSV file

The below command gets all office 365 users and exports account enabled status to csv file.

$Result=@() 
Get-AzureADUser -All $True | ForEach-Object {
$Result += New-Object PSObject -property @{ 
Name = $_.DisplayName
UserPrincipalName = $_.UserPrincipalName
AccountEnabled = $_.AccountEnabled }
}
$Result | Export-CSV "C:\AccountStatusReport.csv" -NoTypeInformation -Encoding UTF8

Related Posts

Advertisement

Leave a Comment