Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Help in running script to get inactive users

Copper Contributor

Hi Friends,


I want to get a list of inactive users for last 30 days as recommended in Secure Score. Secure score tells me to run this script. however when I run it i get errors. can someone tell me what part of the scripts needs to updated to run properly?

9 Replies

Might help if you tell us the errors you are running into. The script needs two modules, the MSOnline one, and the MFA-enabled Exchange module. Make sure those are installed before running it. And you also need to run it with account with sufficient permissions to query the audit logs.

@VasilMichevam running the commands one by one to see which commands fail,

so the command below fails and gives error as shown in screenshot

Import-Module $((Get-ChildItem -Path $($env:LOCALAPPDATA + "\Apps\2.0\") -Filter Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse).FullName | ?
{ $_ -notmatch "_none_" } | select -First 1)



@VasilMichevAlso is it possible to get a script that will run with a normal account as the account am trying does not need MFA?

Yeah, that's the line trying to load the MFA-enabled module. The cmdlets are available via the non-MFA ExO PowerShell as well, just remove this line and connect manually.

@VasilMichev  Thanks for your help mate.


Removed the command for MFA and tried again, i get the error now when running command"$EXOSession = New-ExoPSSession -UserPrincipalName $UPN"


check attachment


Also for #Set admin UPN this will be my admin account used to run this command right?
$UPN = ''


Well don't run it, that again requires the MFA-enabled module. Remove all "connectivity" cmdlets and connect manually, then run the rest.

just tried your suggestion, the script ran successfully but I got all the users in the output instead of just the ones that had not logged in the last 90 days. Am I still missing something?

If you dont mind can you please edit the script with the relevant commands to run it including commands to connecting manually?


I have zero knowledge of powershell :)



It's basically two simple cmdlets, there's not much to modify. But make sure you are connected to Exchange Online in order to get the list of active users via the Search-UnifiedAuditLog cmdlet. Here are the steps to connect just in case:

Microsoft support just confirmed that the script does give proper output. @VasilMichev