Documentation
Powered by

# User-Management-External.ps1

Management of guest accounts within Entra is, IMHO, a pain in the behind.

If your guest accounts are fully cloud, and you're not a big organisations who can make its ITSM do the heavy lifting for you - Entra lacks:

  • fields for recording when accounts should expire,
  • native method of automatically following up with the sponsor if the account is still needed, and
  • a method that disables the account when they expire.

This script seeks to close these gaps.

  • Purpose
  • Dependencies
  • Function
  • Usage
  • Inputs
  • Variables
  • Command Line Flags
  • Outputs
  • Notes

# Purpose

Audits and manages external (guest) users in Entra ID (Azure AD). Gathers details on all active guest accounts, their sponsors, and writes results to CSV for further action or reporting.

# Dependencies

# Function

  1. Connects to Microsoft Graph with required permissions.
  2. Retrieves all enabled guest users and their key properties (display name, UPN, company, created date, etc.).
  3. For each guest, retrieves sponsor details and compiles a full report.
  4. (Planned) Checks for accounts within 14, 7 and 1 day(s) of expiry, notifies sponsors to take action, and disables expired accounts. Note: If a sponser contacts the service desk to extend the accountm, then you should go into the Guest record and update the field being used for expiry date.
  5. Exports results to a dated CSV file for audit and reporting.
  6. Disconnects from Microsoft Graph at completion.

# Usage 

./User-Management-External.ps1

The script is interactive and does not require command-line parameters for standard use. All actions are performed in sequence.

# Inputs

None for standard use. (All required information is gathered interactively or from Entra ID.)

# Variables

  • $guestUsers: List of enabled guest users
  • $results: Array of audit results for export
  • $sponsors: Sponsor user objects

# Command Line Flags

None for standard use.

# Outputs

  • Exports a CSV report of all active guest users and their sponsors
  • Provides console feedback for each step

# Notes

  • Requires the Microsoft Graph module
  • Script can be extended to automate notifications and account disabling as described in the comments