Forum Discussion
Exclude test guest users from a script listing all guest users
Hey, Francesco.
Yeah, there's multiple ways to tackle this both in the server-side (which would be rather ugly) and client-side filtering contexts.
If there's anything common about the test accounts, perhaps a client-side Regex approach would be easiest, as that would automatically identify any new test accounts added later on.
Here's an example of the client-side Regex approach, which I've tacked onto the "getting" side:
$GuestUsers = Get-AzureADUser -Filter "UserType eq 'Guest'" -All $true | Where-Object { $_.displayName -notmatch "test|someOtherName|yetAnotherName" } | Select-Object DisplayName,JobTitle,Mail,UserType,AccountEnabled | Sort-Object DisplayNameBasically, you're just added values to exclude separated by the pipe ("|") symbol.
If you want to go down the array path, this is one approach you could take. The notable difference in my example is that only exact matches would be excluded.
You could blend the two but for 15 or so accounts, it's not worth doing so.
$Exclusions = @( "test1", "test2", "test3" ) $GuestUsers = Get-AzureADUser -Filter "UserType eq 'Guest'" -All $true | Where-Object { $_.displayName -notin $Exclusions } | Select-Object DisplayName,JobTitle,Mail,UserType,AccountEnabled | Sort-Object DisplayNameCheers,
Lain
Hi, Francesco.
If the test accounts begin with (or if you're happy to make it so that they do) a well-defined prefix on any of the "common" attributes, you can perform server-side filtering as shown in the example below (which uses userPrincipalName, but you can choose something else.)
Get-AzureADUser -Filter "userType eq 'Member' and startswith(userPrincipalName, 'test')"
Note: While attribute references are not case-sensitive, the "startswith()" function name is case-sensitive.
Search functionality is significantly less in Graph than in Active Directory meaning you will need to fall back to using client-side filtering if the prefix isn't well defined.
At fifteen guest accounts, the volume is so small that it doesn't matter whether you filter server- or client-side. It's quite a different story when you're in the tens of thousands with "high" latency, but until you're running queries returning large volumes, do whatever is easiest.
Cheers,
Lain
Thank you LainRobertson and VasilMichev for your quick responses!
Unfortunately the test guest users don't have a defined prefix so I will use the client-side filtering as suggested by VasilMichev . I have another question, though: can I create an array with all those test guest users and then ask PowerShell to exclude all the entries in the list?
Many thanks for your help!
Francesco
Hey, Francesco.
Yeah, there's multiple ways to tackle this both in the server-side (which would be rather ugly) and client-side filtering contexts.
If there's anything common about the test accounts, perhaps a client-side Regex approach would be easiest, as that would automatically identify any new test accounts added later on.
Here's an example of the client-side Regex approach, which I've tacked onto the "getting" side:
$GuestUsers = Get-AzureADUser -Filter "UserType eq 'Guest'" -All $true | Where-Object { $_.displayName -notmatch "test|someOtherName|yetAnotherName" } | Select-Object DisplayName,JobTitle,Mail,UserType,AccountEnabled | Sort-Object DisplayNameBasically, you're just added values to exclude separated by the pipe ("|") symbol.
If you want to go down the array path, this is one approach you could take. The notable difference in my example is that only exact matches would be excluded.
You could blend the two but for 15 or so accounts, it's not worth doing so.
$Exclusions = @( "test1", "test2", "test3" ) $GuestUsers = Get-AzureADUser -Filter "UserType eq 'Guest'" -All $true | Where-Object { $_.displayName -notin $Exclusions } | Select-Object DisplayName,JobTitle,Mail,UserType,AccountEnabled | Sort-Object DisplayNameCheers,
Lain
Thank you LainRobertson!
Nothing common about the test accounts, so I had to use the array path. It works great!
Many many thanks to you and VasilMichev
Francesco