cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Office 365 Group history

Senthilrajan Kaliyaperumal
Brass Contributor

‎Jun 26 2018 01:06 AM

‎Jun 26 2018 01:06 AM

Office 365 Group history

Hi,

 

We have found many orphaned office 365 groups in our tenant. It is bit difficult to identify the next owner for those groups. We decided the check if there is any feature or REST API available to get the past owners of Office 365 group. If it is available then we can contact some of the previous owner to propose an new owner for orphaned groups.

 

Are there any way to collect Office 365 Group history using custom scripts?

 

Thanks in advance,

K Senthilrajan

Labels:
10.2K Views
0 Likes
6 Replies
Reply
6 Replies
Tony Redmond

‎Jun 26 2018 02:38 AM

‎Jun 26 2018 02:38 AM

Re: Office 365 Group history

One way is to look at the Office 365 audit log and check the Remove owner from group records.

 

Or take Paul Cunningham's script https://practical365.com/blog/help-test-v1-02-office-365-groups-report-script/ and amend it to track owner changes.

2 Likes
Reply
Senthilrajan Kaliyaperumal

‎Jun 26 2018 05:57 AM

‎Jun 26 2018 05:57 AM

Re: Office 365 Group history

Thanks Tony for the quick reply,  But there is no filter activity "Removed owner from group" in audit log search as well the audit logs available only for 3 months. So audit log approach will not help us because we need minimum 12 months data.

 

Paul Cunningham script is maintaining logs internally for tracing the change. If I use this script it may help for future occurrences but not helpful for past.

 

I decided the process the orphaned groups manually, its time taking but I feel it efficient than other approaches.

 

Please clarify below queries. 

1. How to check which workload used for creating existing office 365 groups?

2. If I manually go and remove any orphaned group then what are the minimum dependency check that I will have to perform?

 

Thanks in advance,

K Senthilrajan

0 Likes
Reply
best response confirmed by Senthilrajan Kaliyaperumal (Brass Contributor)
Tony Redmond

‎Jun 26 2018 08:42 AM

‎Jun 26 2018 08:42 AM

Solution

Re: Office 365 Group history

If you want to retain Office 365 Audit Data for more than 3 months, buy an ISV reporting product like Radar Reporting, It keeps data for at least a year or longer if you need to.

 

To find remove actions, search the audit log for "Remove owner from group."

 

Search-UnifiedAuditLog -Operations "Remove owner from group" -StartDate 1-Jun-2018 -EndDate 26-Jun-2018

 

You can also find out what workload created an Office 365 group by searching the audit log. I even have details of how to do this in chapter 20 of Office 365 for IT Pros...

But you don't need to remove orphaned groups. Just give them a new owner and all is well.

 

 

3 Likes
Reply
Senthilrajan Kaliyaperumal

‎Jun 26 2018 11:31 PM

‎Jun 26 2018 11:31 PM

Re: Office 365 Group history

Many thanks Tony,

 

I am able to trace last one year data using the query you suggested for "Remove owner from group"  This will resolve some of my orphaned groups. 

 

All is well in Office 365 ;)

0 Likes
Reply
Robert Luck

‎Jun 29 2018 02:54 AM

‎Jun 29 2018 02:54 AM

Re: Office 365 Group history

Hello Senthilrajan Kaliyaperumal,

 

It's not possible to trace last one year data using 'Search-UnifiedAuditLog' cmdlet. The RemoveOwner event might be happened in past 90 days so that you traced it. 

 

Can you please confirm it? else people who read this post in future will get confused.

 

As Tony suggested it's good to deploy a script or have an ISV tool to preserve the audit trail for a longer period. You may take a look at AdminDroid Office 365 Auditing to preserve audit log over past 90 days.

0 Likes
Reply
Senthilrajan Kaliyaperumal

‎Aug 23 2018 12:00 AM

‎Aug 23 2018 12:00 AM

Re: Office 365 Group history

Yes, That is true. The log fetched only for last 90 days. Find the PS script below.

 

$Username = "sk@kmsys.onmicrosoft.com"
$Password = ConvertTo-SecureString '<password>' -AsPlainText -Force
$UserCredential = New-Object System.Management.Automation.PSCredential $Username, $Password

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $session

Connect-MsolService -Credential $UserCredential

$OutputFile = "C:\Appl\output\Usage-log4.txt"

Search-UnifiedAuditLog -EndDate $((Get-Date)) -StartDate $((Get-Date).AddDays(-90)) -Operations "Remove owner from group"| Export-Csv $OutputFile -NoTypeInformation -Append

Remove-PSSession $session

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Senthilrajan Kaliyaperumal (Brass Contributor)
Tony Redmond

‎Jun 26 2018 08:42 AM

‎Jun 26 2018 08:42 AM

Solution

Re: Office 365 Group history

If you want to retain Office 365 Audit Data for more than 3 months, buy an ISV reporting product like Radar Reporting, It keeps data for at least a year or longer if you need to.

 

To find remove actions, search the audit log for "Remove owner from group."

 

Search-UnifiedAuditLog -Operations "Remove owner from group" -StartDate 1-Jun-2018 -EndDate 26-Jun-2018

 

You can also find out what workload created an Office 365 group by searching the audit log. I even have details of how to do this in chapter 20 of Office 365 for IT Pros...

But you don't need to remove orphaned groups. Just give them a new owner and all is well.

 

 

View solution in original post

3 Likes
Reply