Get All External Users in SharePoint Online Using PowerShell

The primary function of SharePoint sites is to share business documents internally and externally. The external users can access SharePoint site resources through various sources like M365 Groups, Teams, OneDrive, etc.

External users can view and access site content such as Document Library, Calendar, Task List, etc. So, SharePoint administrators need to track external sharing and external users to ensure safe and productive files collaboration.

Using UI: In the SharePoint sites’ home page, you can see all the site members’ (both internal and guest users). To know all the external users in the SharePoint Online, you need to repeat this for each site and segregate external users alone. Because you cannot view external users as a separate list in the UI.

Using PowerShell: You can use the ‘Get-SPOExternalUser’ or ‘Get-SPOUser’ to get the external users. With ‘Get-SPOExternalUser’, you can get only 50 external users by default. ‘Get-SPOUser’ will list all the external users invited to SharePoint sites. But you need to run this cmdlet with each site URL to get the complete list.

To handle these difficult situations in UI and PowerShell, we have created an All-in-One script, ‘SPOExternalUsersReport.ps1’. We can discuss the script’s functionality in detail now.

Script Highlights:

1. Generates 3 different SharePoint Online external user reports.
2. Automatically installs the SharePoint Management Shell module upon your confirmation when it is not available in your system.
3. Shows list of all external users in SharePoint Online in the tenant.
4. You can get SharePoint sites’ external users separately.
5. Allows retrieving external user accounts added recently.
6. Supports both MFA and Non-MFA accounts.
7. Exports the report in CSV format.
8. Scheduler-friendly. You can automate the report generation upon passing credentials as parameters.

Download Script: SPOExternalUsersReport.ps1

An administrator must meet certain other pre-requisites to retrieve the external users’ list using cmdlets ‘Get-SPOExternalUser’ and ‘Get-SPOUser’. Otherwise, the execution will terminate due to a run-time error. At the end of this article, we have described the error and how to fix it. Let us begin the script execution.

The external users of the SharePoint sites are added via the Office 365 admin center, Azure AD, Teams, OneDrive, etc. With various methods to add external users, the administrator needs to collect all the external users in the organization. Using the simple execution formation below, you can get all the SharePoint Online external users.

Specify the domain name prefix in the ‘HostName’ param. For example, if your domain is ‘contoso.com’, mention ‘contoso’ as the host name. The report data helps the administrator to get an aggregated record of the external users in the tenant.

Sample Output:

Data security is a critical practice in any organization. As SharePoint sites invite most external users, the administrators need to closely monitor the external users and their sites’ access. Using the ‘SiteWiseGuests’ switch param, you can easily get the external users along with the SharePoint sites they access.

The report helps the administrator get the external users list and details of the sites. Based on the external sharing configuration, sites allow external users to access the site resources. You can modify the settings to restrict external users at various levels. It prevents unallowed external access to the SharePoint sites with sensitive contents.

Sample Output:

We all know that there are additional site owners to each site. They frequently add new external users to the site. Knowing the record of recently added external users is difficult as there are many site administrators. To track recently created guest users, you can use the switch param ‘GuestCreatedWithin_Days’.

Using the report data, the administrator understands their guest dependency on the site content. It also fine-tunes the allowed and blocked domains’ settings.

Sample Output:

Every day, a large number of external users are added to the organization for various business purposes. The administrator needs to monitor SharePoint Online’s external user accounts often. To monitor the daily or periodic status of the external users, you can schedule the PowerShell script.

To use the non-MFA admin accounts, try the format below.

If the admin account has MFA, then they cannot use it directly for scheduling. Instead, you have to disable MFA based on the Conditional Access Policy to make it work.

1.Error in PowerShell Cmdlet Get-SPOExternalUser:

The PowerShell cmdlet ‘Get-SPOExternalUser’ has outstanding bugs in Microsoft.

1. Error: It will not list all the external users in your organization.

Situation: When you run the Get-SPOExternalUser cmdlet with -SiteURL, it will not return the external users who have logged in via SharePoint share links.

Solution: You need to use Get-SPOUser cmdlet along with the SiteURL to get the external users who have logged in via shared links.

Simple Solution: Run our script with ‘SiteWiseGuest’ param to get those external users also.

2. In the result, ‘InvitedBy’ attribute will be empty as shown in the image below.

2.How to Fix: Get-SPOUser Access Denied Error:

As a site administrator, you need to be either Global administrator or a SharePoint administrator to execute ‘Get-SPOExternalUser’ and ‘Get-SPOUser’. If you don’t have the proper administrative roles, you cannot view the external user data in SharePoint Online. Due to this, you may face the PowerShell run-time error shown below.

Get-SPOUser : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) + CategoryInfo: NotSpecified: (:) [Get-SPOUser], ServerUnauthorizedAccessException + FullyQualifiedErrorId: Microsoft.SharePoint.Client.ServerUnauthorizedAccessException,Microsoft.Online.SharePoint.PowerShell.GetSPOUser

You can fix the above error by claiming the required administrative roles.

Though PowerShell scripts help to retrieve the required data, isn’t it difficult to remember various cmdlets? If you are on the list, don’t worry! Here is an ideal solution you have been looking for.

AdminDroid gives separate reports for ‘External user sharing invites’ and ‘Guest users’ to retrieve every bit of details about SharePoint Online external users in your Microsoft 365 environment. Also, by utilizing the AdminDroid SharePoint Online reporting tool, you can identify inactive external users and avoid suspicious external user/guest user access to your SharePoint Online resources.

In addition to that, monitor every detail of external users and their activities in your organization by utilizing the below-mentioned reports.

External Users Info

• Microsoft 365 external users
• Microsoft 365 internal guest users
• External user creations
• External user deletions
• External user license/plans assignment

External User Sign-in Activity

• External user sign-ins
• Guest user sign-ins
• Guest user logins using credentials
• External user sign-ins to MS Teams

Sharing & Access Details

• Mailbox accesses by guest users
• Site invitations shared to external users
• Files shared to external users
• Files shared by external users
• External user file accesses
• Files shared via 1:1 chat to external users, and more.

External User Collaboration

• External users’ group membership
• Office 365 Groups with external users
• External members added /removed from groups
• Teams with external users
• Teams’ channels with external users
• External members / guest access to private channels

Now, let’s see

• Provides reports on Microsoft 365 external users with in-depth details and cutting-edge graphs.
• Alerts you on suspicious activities such as file access by external users, sensitive file sharing, mailbox access by guest users, etc., to secure your resources.
• Let you schedule any external user report you need to monitor at your preferred time.
• Aids you to monitor data without multiple navigations by providing a report bundle purpose-built for external user management.

Streamline your external user management and wave goodbye to overwhelming data. So why wait? Get started with AdminDroid External user monitoring tool today!

We hope this blog helps you know and manage the external users in your organization better. Let us know your questions and suggestions.