Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Help in running script to get inactive users

Copper Contributor

Hi Friends,

 

I want to get a list of inactive users for last 30 days as recommended in Secure Score. Secure score tells me to run this script. however when I run it i get errors. can someone tell me what part of the scripts needs to updated to run properly?

 
9 Replies

Might help if you tell us the errors you are running into. The script needs two modules, the MSOnline one, and the MFA-enabled Exchange module. Make sure those are installed before running it. And you also need to run it with account with sufficient permissions to query the audit logs.

@Vasil Michevam running the commands one by one to see which commands fail,

so the command below fails and gives error as shown in screenshot

Import-Module $((Get-ChildItem -Path $($env:LOCALAPPDATA + "\Apps\2.0\") -Filter Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse).FullName | ?
{ $_ -notmatch "_none_" } | select -First 1)

 

 

@Vasil MichevAlso is it possible to get a script that will run with a normal account as the account am trying does not need MFA?

Yeah, that's the line trying to load the MFA-enabled module. The cmdlets are available via the non-MFA ExO PowerShell as well, just remove this line and connect manually.

@Vasil Michev  Thanks for your help mate.

 

Removed the command for MFA and tried again, i get the error now when running command"$EXOSession = New-ExoPSSession -UserPrincipalName $UPN"

 

check attachment

 

Also for #Set admin UPN this will be my admin account used to run this command right?
$UPN = 'test@something.com'

 

Well don't run it, that again requires the MFA-enabled module. Remove all "connectivity" cmdlets and connect manually, then run the rest.

just tried your suggestion, the script ran successfully but I got all the users in the output instead of just the ones that had not logged in the last 90 days. Am I still missing something?

If you dont mind can you please edit the script with the relevant commands to run it including commands to connecting manually?

 

I have zero knowledge of powershell :)

 

@Vasil Michev 

It's basically two simple cmdlets, there's not much to modify. But make sure you are connected to Exchange Online in order to get the list of active users via the Search-UnifiedAuditLog cmdlet. Here are the steps to connect just in case: https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powe...

Microsoft support just confirmed that the script does give proper output. @Vasil Michev