Get All External Users in SharePoint Online Using PowerShell

The primary function of SharePoint sites is to share business documents internally and externally. The external users can access SharePoint site resources through various sources like M365 Groups, Teams, OneDrive, etc.

External users can view and access site content such as Document Library, Calendar, Task List, etc. So, SharePoint administrators need to track external sharing and external users to ensure safe and productive files collaboration.

 

How to View All External Users in SharePoint Online? 

Using UI: In the SharePoint sites’ home page, you can see all the site members’ (both internal and guest users). To know all the external users in the SharePoint Online, you need to repeat this for each site and segregate external users alone. Because you cannot view external users as a separate list in the UI.

Using PowerShell: You can use the ‘Get-SPOExternalUser’ or ‘Get-SPOUser’ to get the external users. With ‘Get-SPOExternalUser’, you can get only 50 external users by default. ‘Get-SPOUser’ will list all the external users invited to SharePoint sites. But you need to run this cmdlet with each site URL to get the complete list.

To handle these difficult situations in UI and PowerShell, we have created an All-in-One script, ‘SPOExternalUsersReport.ps1’. We can discuss the script’s functionality in detail now.

 

Script Highlights:   
  1. Generates 3 different SharePoint Online external user reports. 
  2. Automatically installs the SharePoint Management Shell module upon your confirmation when it is not available in your system.  
  3. Shows list of all external users in SharePoint Online in the tenant.   
  4. You can get SharePoint sites’ external users separately. 
  5. Allows retrieving external user accounts added recently. 
  6. Supports both MFA and Non-MFA accounts.     
  7. Exports the report in CSV format.   
  8. Scheduler-friendly. You can automate the report generation upon passing credentials as parameters. 

 

Download Script: SPOExternalUsersReport.ps1

 

Get SharePoint Online External Users Report – Script Overview

An administrator must meet certain other pre-requisites to retrieve the external users’ list using cmdlets ‘Get-SPOExternalUser’ and ‘Get-SPOUser’. Otherwise, the execution will terminate due to a run-time error. At the end of this article, we have described the error and how to fix it. Let us begin the script execution.

 

Find All External Users in SharePoint Online:

The external users of the SharePoint sites are added via the Office 365 admin center, Azure AD, Teams, OneDrive, etc. With various methods to add external users, the administrator needs to collect all the external users in the organization. Using the simple execution formation below, you can get all the SharePoint Online external users.

Specify the domain name prefix in the ‘HostName’ param. For example, if your domain is ‘contoso.com’, mention ‘contoso’ as the host name. The report data helps the administrator to get an aggregated record of the external users in the tenant.

Sample Output: 

Find all external users in SharePoint Online

 

List All External Users in SharePoint Online Sites: 

Data security is a critical practice in any organization. As SharePoint sites invite most external users, the administrators need to closely monitor the external users and their sites’ access. Using the ‘SiteWiseGuests’ switch param, you can easily get the external users along with the SharePoint sites they access. 

The report helps the administrator get the external users list and details of the sites. Based on the external sharing configuration, sites allow external users to access the site resources. You can modify the settings to restrict external users at various levels. It prevents unallowed external access to the SharePoint sites with sensitive contents. 

Sample Output: 

List all external users in SharePoint Online sites

 

Get All Recent Guest Users in SharePoint Online 

We all know that there are additional site owners to each site. They frequently add new external users to the site. Knowing the record of recently added external users is difficult as there are many site administrators. To track recently created guest users, you can use the switch param ‘GuestCreatedWithin_Days’.

Using the report data, the administrator understands their guest dependency on the site content. It also fine-tunes the allowed and blocked domains settings.

Sample Output: 

Find all recently added guest users in SharePoint Online

 

Schedule For External Users in SharePoint Online Report

Every day, a large number of external users are added to the organization for various business purposes. The administrator needs to monitor SharePoint Online’s external user accounts often. To monitor the daily or periodic status of the external users, you can schedule the PowerShell script.

To use the non-MFA admin accounts, try the format below. 

If the admin account has MFA, then they cannot use it directly for scheduling. Instead, you have to disable MFA based on the Conditional Access Policy to make it work.

 

PowerShell Cmdlets Errors and Discussions: 

1.Error in PowerShell Cmdlet Get-SPOExternalUser: 

The PowerShell cmdlet ‘Get-SPOExternalUser’ has outstanding bugs in Microsoft.

  1. Error: It will not list all the external users in your organization.

Situation: When you run the Get-SPOExternalUser cmdlet with -SiteURL, it will not return the external users who have logged in via SharePoint share links.

Solution: You need to use Get-SPOUser cmdlet along with the SiteURL to get the external users who have logged in via shared links.

Simple Solution: Run our script with ‘SiteWiseGuest’ param to get those external users also.

      2. In the result, ‘InvitedBy’ attribute will be empty as shown in the image below.

GetSPOExternalUser Null value in Invitedby

2.How to Fix: Get-SPOUser Access Denied Error: 

As a site administrator, you need to be either Global administrator or a SharePoint administrator to execute ‘Get-SPOExternalUser’ and ‘Get-SPOUser’. If you don’t have the proper administrative roles, you cannot view the external user data in SharePoint Online. Due to this, you may face the PowerShell run-time error shown below.

Get-SPOUser : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))  + CategoryInfo: NotSpecified: (:) [Get-SPOUser], ServerUnauthorizedAccessException  + FullyQualifiedErrorId: Microsoft.SharePoint.Client.ServerUnauthorizedAccessException,Microsoft.Online.SharePoint.PowerShell.GetSPOUser

You can fix the above error by claiming the required administrative roles. 

 

We hope this blog helps you know the external users in your organization better. Let us know your questions and suggestions.