cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Help in running script to get inactive users

%3CLINGO-SUB%20id%3D%22lingo-sub-904673%22%20slang%3D%22en-US%22%3EHelp%20in%20running%20script%20to%20get%20inactive%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-904673%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Friends%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20want%20to%20get%20a%20list%20of%20inactive%20users%20for%20last%2030%20days%20as%20recommended%20in%20Secure%20Score.%20Secure%20score%20tells%20me%20to%20run%20this%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FOfficeDev%2FO365-InvestigationTooling%2Fblob%2Fmaster%2FInactiveUsersLast90Days.ps1%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Escript%3C%2FA%3E.%20however%20when%20I%20run%20it%20i%20get%20errors.%20can%20someone%20tell%20me%20what%20part%20of%20the%20scripts%20needs%20to%20updated%20to%20run%20properly%3F%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-904741%22%20slang%3D%22en-US%22%3ERe%3A%20Help%20in%20running%20script%20to%20get%20inactive%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-904741%22%20slang%3D%22en-US%22%3E%3CP%3EMight%20help%20if%20you%20tell%20us%20the%20errors%20you%20are%20running%20into.%20The%20script%20needs%20two%20modules%2C%20the%20MSOnline%20one%2C%20and%20the%20MFA-enabled%20Exchange%20module.%20Make%20sure%20those%20are%20installed%20before%20running%20it.%20And%20you%20also%20need%20to%20run%20it%20with%20account%20with%20sufficient%20permissions%20to%20query%20the%20audit%20logs.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-904810%22%20slang%3D%22en-US%22%3ERe%3A%20Help%20in%20running%20script%20to%20get%20inactive%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-904810%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3Eam%20running%20the%20commands%20one%20by%20one%20to%20see%20which%20commands%20fail%2C%3C%2FP%3E%3CP%3Eso%20the%20command%20below%20fails%20and%20gives%20error%20as%20shown%20in%20screenshot%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3E%3CEM%3EImport-Module%20%24((Get-ChildItem%20-Path%20%24(%24env%3ALOCALAPPDATA%20%2B%20%22%5CApps%5C2.0%5C%22)%20-Filter%20Microsoft.Exchange.Management.ExoPowershellModule.dll%20-Recurse).FullName%20%7C%20%3F%3C%2FEM%3E%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%222%22%3E%3CEM%3E%7B%20%24_%20-notmatch%20%22_none_%22%20%7D%20%7C%20select%20-First%201)%3C%2FEM%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-904841%22%20slang%3D%22en-US%22%3ERe%3A%20Help%20in%20running%20script%20to%20get%20inactive%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-904841%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3EAlso%20is%20it%20possible%20to%20get%20a%20script%20that%20will%20run%20with%20a%20normal%20account%20as%20the%20account%20am%20trying%20does%20not%20need%20MFA%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-906110%22%20slang%3D%22en-US%22%3ERe%3A%20Help%20in%20running%20script%20to%20get%20inactive%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-906110%22%20slang%3D%22en-US%22%3E%3CP%3EYeah%2C%20that's%20the%20line%20trying%20to%20load%20the%20MFA-enabled%20module.%20The%20cmdlets%20are%20available%20via%20the%20non-MFA%20ExO%20PowerShell%20as%20well%2C%20just%20remove%20this%20line%20and%20connect%20manually.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-907604%22%20slang%3D%22en-US%22%3ERe%3A%20Help%20in%20running%20script%20to%20get%20inactive%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-907604%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%20Thanks%20for%20your%20help%20mate.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERemoved%20the%20command%20for%20MFA%20and%20tried%20again%2C%20i%20get%20the%20error%20now%20when%20running%20command%22%24EXOSession%20%3D%20New-ExoPSSession%20-UserPrincipalName%20%24UPN%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Echeck%20attachment%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%20for%20%23Set%20admin%20UPN%20this%20will%20be%20my%20admin%20account%20used%20to%20run%20this%20command%20right%3F%3CBR%20%2F%3E%24UPN%20%3D%20'test%40something.com'%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-907956%22%20slang%3D%22en-US%22%3ERe%3A%20Help%20in%20running%20script%20to%20get%20inactive%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-907956%22%20slang%3D%22en-US%22%3E%3CP%3EWell%20don't%20run%20it%2C%20that%20again%20requires%20the%20MFA-enabled%20module.%20Remove%20all%20%22connectivity%22%20cmdlets%20and%20connect%20manually%2C%20then%20run%20the%20rest.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-907966%22%20slang%3D%22en-US%22%3ERe%3A%20Help%20in%20running%20script%20to%20get%20inactive%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-907966%22%20slang%3D%22en-US%22%3E%3CP%3Ejust%20tried%20your%20suggestion%2C%20the%20script%20ran%20successfully%20but%20I%20got%20all%20the%20users%20in%20the%20output%20instead%20of%20just%20the%20ones%20that%20had%20not%20logged%20in%20the%20last%2090%20days.%20Am%20I%20still%20missing%20something%3F%3C%2FP%3E%3CP%3EIf%20you%20dont%20mind%20can%20you%20please%20edit%20the%20script%20with%20the%20relevant%20commands%20to%20run%20it%20including%20commands%20to%20connecting%20manually%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20zero%20knowledge%20of%20powershell%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-909130%22%20slang%3D%22en-US%22%3ERe%3A%20Help%20in%20running%20script%20to%20get%20inactive%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-909130%22%20slang%3D%22en-US%22%3E%3CP%3EIt's%20basically%20two%20simple%20cmdlets%2C%20there's%20not%20much%20to%20modify.%20But%20make%20sure%20you%20are%20connected%20to%20Exchange%20Online%20in%20order%20to%20get%20the%20list%20of%20active%20users%20via%20the%20Search-UnifiedAuditLog%20cmdlet.%20Here%20are%20the%20steps%20to%20connect%20just%20in%20case%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fexchange%2Fexchange-online%2Fconnect-to-exchange-online-powershell%2Fconnect-to-exchange-online-powershell%3Fview%3Dexchange-ps%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fexchange%2Fexchange-online%2Fconnect-to-exchange-online-powershell%2Fconnect-to-exchange-online-powershell%3Fview%3Dexchange-ps%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-918553%22%20slang%3D%22en-US%22%3ERe%3A%20Help%20in%20running%20script%20to%20get%20inactive%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-918553%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20support%20just%20confirmed%20that%20the%20script%20does%20give%20proper%20output.%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Ravi-MTC
Occasional Contributor

‎10-09-2019 11:49 PM

‎10-09-2019 11:49 PM

Help in running script to get inactive users

Hi Friends,

 

I want to get a list of inactive users for last 30 days as recommended in Secure Score. Secure score tells me to run this script. however when I run it i get errors. can someone tell me what part of the scripts needs to updated to run properly?

 
447 Views
0 Likes
9 Replies
Reply
9 Replies
Vasil Michev

‎10-10-2019 12:19 AM

‎10-10-2019 12:19 AM

Re: Help in running script to get inactive users

Might help if you tell us the errors you are running into. The script needs two modules, the MSOnline one, and the MFA-enabled Exchange module. Make sure those are installed before running it. And you also need to run it with account with sufficient permissions to query the audit logs.

1 Like
Reply
Ravi-MTC

‎10-10-2019 01:19 AM

‎10-10-2019 01:19 AM

Re: Help in running script to get inactive users

@Vasil Michevam running the commands one by one to see which commands fail,

so the command below fails and gives error as shown in screenshot

Import-Module $((Get-ChildItem -Path $($env:LOCALAPPDATA + "\Apps\2.0\") -Filter Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse).FullName | ?
{ $_ -notmatch "_none_" } | select -First 1)

 

 

Preview file
40 KB
0 Likes
Reply
Ravi-MTC

‎10-10-2019 01:36 AM

‎10-10-2019 01:36 AM

Re: Help in running script to get inactive users

@Vasil MichevAlso is it possible to get a script that will run with a normal account as the account am trying does not need MFA?

0 Likes
Reply
Vasil Michev

‎10-10-2019 09:56 AM

‎10-10-2019 09:56 AM

Re: Help in running script to get inactive users

Yeah, that's the line trying to load the MFA-enabled module. The cmdlets are available via the non-MFA ExO PowerShell as well, just remove this line and connect manually.

0 Likes
Reply
Ravi-MTC

‎10-10-2019 06:36 PM

‎10-10-2019 06:36 PM

Re: Help in running script to get inactive users

@Vasil Michev  Thanks for your help mate.

 

Removed the command for MFA and tried again, i get the error now when running command"$EXOSession = New-ExoPSSession -UserPrincipalName $UPN"

 

check attachment

 

Also for #Set admin UPN this will be my admin account used to run this command right?
$UPN = 'test@something.com'

 

Preview file
43 KB
0 Likes
Reply
Vasil Michev

‎10-11-2019 12:36 AM

‎10-11-2019 12:36 AM

Re: Help in running script to get inactive users

Well don't run it, that again requires the MFA-enabled module. Remove all "connectivity" cmdlets and connect manually, then run the rest.

0 Likes
Reply
Ravi-MTC

‎10-11-2019 12:44 AM

‎10-11-2019 12:44 AM

Re: Help in running script to get inactive users

just tried your suggestion, the script ran successfully but I got all the users in the output instead of just the ones that had not logged in the last 90 days. Am I still missing something?

If you dont mind can you please edit the script with the relevant commands to run it including commands to connecting manually?

 

I have zero knowledge of powershell :)

 

@Vasil Michev 

0 Likes
Reply
Vasil Michev

‎10-11-2019 08:49 AM

‎10-11-2019 08:49 AM

Re: Help in running script to get inactive users

It's basically two simple cmdlets, there's not much to modify. But make sure you are connected to Exchange Online in order to get the list of active users via the Search-UnifiedAuditLog cmdlet. Here are the steps to connect just in case: https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powe...

0 Likes
Reply
Ravi-MTC

‎10-17-2019 11:58 PM

‎10-17-2019 11:58 PM

Re: Help in running script to get inactive users

Microsoft support just confirmed that the script does give proper output. @Vasil Michev 

0 Likes
Reply