Inactive Guest users in Azure Active Directory Organizational relationships


Need a Power Shell script that would provide a list of stale guest accounts with the last log in date for users who don't have a mailbox? Additionally that haven't signed in for 90 days.  

These are users that show up in the following blade: Organizational relationships | Users from other organizations, and have External Azure Active Directory guest access

7 Replies

@Vasil Michev 

Thanks, but how would one use this please? Not familiar with coding. Was looking for a powershell script please.

@Chad Rodriguez With a bit of back end work you can actually put that code chunk into a Powershell script if I recall correctly... 

best response confirmed by Chad Rodriguez (Contributor)

I have a sample script here:


But it still requires you to fiddle with it a bit if you only want the Guest users data, and setting it up might also be challenging if you haven't done such things before. Your only other option is to get the Sign-in logs from the Azure AD blade, then filter them out in a external tool.

@Vasil Michev 


Is that basically the same approach you would give PowerBI rights to do the same type of User queries? 


As I read things there is no Powershell cmdlet, at least in the MS supplied module, for this type of query.


would be nice, thanks for checking as I wasn't finding anything either. 

Hi Chad,
The problem you are trying to solve could be solved by the "Access Review" feature in Azure AD Premium P2.
"As people move teams or leave the company, how do you ensure their old access is removed, especially when it involves guests?"
To learn more: