PowerShell script to delete Azure guest accounts with "UserState" in "pendingAcceptance" for over 6 months

Hi Everyone,

I need help to develop a script that would delete Guest accounts in my organization’s azure portal that has “UserState” property data as “PendingAcceptance” for longer than 6 months.

I would in addition need to have the following fields presented by the script in a single .CSV output file:

UserPrincipalName
UserState
UserType
CreationDate
Mail.

Using the “Get-AzureADUser” command, I was able to obtain all the above fields except the “CreationDate”. I later discovered that the “CreationDate” property is only available in “Get-AzureADUserExtension” commandlet.

My problem is; I don’t know how to combine these 2 commands (if that’s what is needed) to produce all the fields listed above in a single .csv output file.

I will be extremely grateful if someone would help with a script that would help deliver what is required of me by my employer.

Thank you.
Victor.

Victor,
Welcome to the forum.

Instead of descibing your code you should share it.

You use a loop and create inside a [PSCustomObject] combining properties from both (or even more if you like) queries in it.

In “pseudo” code it would look like this:

foreach ($element in $listOfElements) {
    $Query1 = Get-Something -Parameter $element
    $Query2 = Get-SomethingElse -Parameter $element

    [PSCustomObject]@{
        Property01 = $Query1.Property01
        Property02 = $Query1.Property02
        Property03 = $Query2.Property01
        Property04 = $Query2.Property02
    }
}

And BTW:
When you post code, sample data, console output or error messages please format it as code using the preformatted text button ( </> ). Simply place your cursor on an empty line, click the button and paste your code.

Thanks in advance

How to format code in PowerShell.org 1 <---- Click

( !! Sometimes the preformatted text button hides behind the settings gear symbol. )

Thank you Olaf!

Below is my code:

Get-AzureAdUser -All $true -Filter "usertype eq 'guest'" | Select UserPrincipalName, UserState, UserType, CreationType, Mail | Where{$_.Userstate -eq 'PendingAcceptance'} | export-csv -Path C:\Temp\DeletedGUsers6.csv

I have formatted my “code” as you asked me to. It does look a bit different from the example given.

Once thank you. It would however be more helpful to me if you can use my code in your template.

Thank you,
Victor.

I don’t have access to an Azure Tenant at the moment … so it is untested …

Get-AzureAdUser -All $true -Filter "usertype eq 'guest'" | 
Where-Object -Property Userstate -EQ -Value 'PendingAcceptance' | 
ForEach-Object {
    $ADUserExtension = Get-AzureADUserExtension -ObjectId $_.ObjectId

    [PSCustomObject]@{
        UserPrincipalName = $_.UserPrincipalName
        UserState         = $_.UserState
        UserType          = $_.UserType
        CreationType      = $_.CreationType
        Mail              = $_.Mail
        CreationDate      = $ADUserExtension.CreationDate
    }
} | 
Export-Csv -Path C:\Temp\DeletedGUsers6.csv -NoTypeInformation

Azure AD PowerShell is being deprecated and although Microsoft recently announced another extension (to March 30th 2024) you should consider writing new scripts using Microsoft Graph PowerShell.

Using the Graph PowerShell SDK, you can get all of those properties with one command:

$properties = @(
    'UserPrincipalName' 
    'ExternalUserState'
    'UserType'
    'CreatedDateTime'
    'Mail'
)

Get-MgUser -UserId 'PattiF@xxxxxx.onmicrosoft.com' -Property $properties

Thank you folks. Very much appreciated. My first time in the forum… Impressive support and kindness.
Thank you all.

I am going to try these out.

Hi Matt,

I started learning PowerShell last month, mostly watching tutorials on YouTube. I have come across Graph PowerShell. I looked it up, looks like a query tool. Still confused by it though. Do you have a suggestion on how to go about learning it quickest?

Thank you.

Hi Olaf,

I ran your script. I noticed that the “CreationDate” field is empty for all returned objects.
With regards to Graph PowerShell, I took a look at installing it, but part of that process is the uninstallation of the existing AzureAd module, I plan to do that at a later date.

Hi Matt,

I ran the following:

Get-MgUser -All -Filter “UserType eq ‘guest’”
$properties = @(
‘UserPrincipalName’
‘ExternalUserState’
‘UserType’
‘CreatedDateTime’
‘Mail’
)

I recieved as outputs only the following fields:
Id
DisplayName
Mail
UserPrincipalName

I need:
UserPrincipalName
UserType
CreatedDate
Mail
Id
UserState
CreationType

I was getting all these except the “CreatedDate”. This is only available in the Get-AzureAdUserExtentions not in the Get-AzureAdUser

I still need help, I am sorry. I have tried to solve this by myself but haven’t succeeded yet.

Thank you.

When posting code in the forum, please can you use the preformatted text </> button. It really helps us with readability, and copying and pasting your code (we don’t have to faff about replacing curly quote marks to get things working). If you can’t see the </> in your toolbar, you will find it under the gear icon.

How to format code on PowerShell.org

You received the default output. You should pipe to Select-Object to return the properties you want. You can reuse the array of properties that’s already been specified:

$properties = @(
    'UserPrincipalName' 
    'ExternalUserState'
    'UserType'
    'CreatedDateTime'
    'Mail'
)

Get-MgUser -UserId 'PattiF@xxxxxx.onmicrosoft.com' -Property $properties | Select-Object $properties

When specifying properties with Get-MgUser you only get back the properties that you specify so you will need to add Id and any other properties you want to the array. Note that the property names are not always the same as those returned by the Azure AD commands, for example CreatedDate is CreatedDateTime. You can use Get-Member to discover the property names.

Thanks Matt.

I was already informed about formatting yesterday by Olaf. I am sorry. Won’t do that again.

The Microsoft Graph API is a REST API that is used to manage Microsoft cloud resources.

Older APIs such as Azure AD Graph, and older PowerShell modules that depend on Azure AD Graph are being deprecated and it’s recommended that scripts that use the older modules (or call the older APIs directly) are migrated to Microsoft Graph.

To use the Microsoft Graph API with PowerShell, it’s recommended to use the Microsoft Graph PowerShell Software Developer Kit (SDK). However, although the SDK continues to improve, it does not yet have feature parity with the older modules, which is one of the reasons Microsoft keep extending the retirement date.

Some resources for you:

Hi,

Whatever I do, the “CreatedDateTime” field is empty in the CSV file.

Please post your code.

Hi Olaf,

I know that Azure AD Powershell is deprecated, but it works still. I am in a rather desperate situation now. Can you please see if you can get the “CreationDate” to work. Everything in your script is working except that the “CreationDate” field is empty. If you can get this to work, my issues will be resolved.

Hi Matt,

The problem was that the “createdDateTime” was case sensitive!
I had identical problem with Microsoft Graph and Azure AD powershell and ran Olaf’s code - after I had uninstalled MSGraph (sorry) and installed AzureAD PS module again, but I still had the same problem. Then I noticed “createdDateTime” was written in a funny way.

$AzureUsers = Get-AzureAdUser -All $true -Filter "usertype eq 'guest'" | Where-Object -Property Userstate -EQ -Value 'PendingAcceptance'
$Report = $AzureUsers | ForEach-Object {
    $ADUserExtension = (Get-AzureADUserExtension -ObjectId $_.ObjectId).Get_Item("createdDateTime")

    [PSCustomObject]@{
        UserPrincipalName = $_.UserPrincipalName
        Objectid          = $_.Objectid 
        UserState         = $_.UserState
        UserType          = $_.UserType
        Mail              = $_.Mail
        CreatedDateTime   = $ADUserExtension
    }
}  
$Report | Export-Csv -Path C:\Temp\DeletedGUsers18.csv -NoTypeInformation