SharePoint Online: Find All External Users using PowerShell
Requirement: SharePoint Online List External Users using PowerShell.
Users outside the organizations can be invited to collaborate with SharePoint Online as “External Users”. As Microsoft says:
“An external user is someone outside of your organization who can access your SharePoint Online sites and documents but does not have a license for your SharePoint Online or Microsoft Office 365 subscription. External users are not employees, contractors, or onsite agents for you or your affiliates.
SharePoint Online: How to Get External Users?
As part of governance policies, we wanted to take control over external sharing, So I had to see how many external users are added to SharePoint Online and where. The Get-SPOExternalUser cmdlet lists all external users in our Office 365 tenant. For an external user to be listed using this PowerShell cmdlet, they must have accepted the invitation to the SharePoint Online environment and logged in at least once.
Find External Users in SharePoint Online:
How can I list external users accessing my SharePoint Online site? To view external users in SharePoint Online, there was a page in the Old Office 365 admin center: External Sharing >> External User. But this page was deprecated. So, we are left with PowerShell! Open SharePoint Online Management Shell and run the below script to view external users SharePoint Online:
#Connect to SharePoint Online Tenant Admin
$AdminSiteURL="https://crescent-admin.sharepoint.com"
$Cred = Get-Credential
Connect-SPOService -URL $AdminSiteURL -Credential $Cred
#sharepoint online list external users powershell
Get-SPOExternalUser | Select DisplayName,Email,AcceptedAs,WhenCreated | Format-Table
But wait! The Get-SPOExternalUser cmdlet has a limitation of returning the first 50 users only! So, we need to amend the script a bit to get all external users in SharePoint Online.
Try {
For ($x=0;;$x+=50) {
$ExternalUsers += Get-SPOExternalUser -PageSize 50 -Position $x -ErrorAction Stop
}
}
Catch {}
$ExternalUsers
This retrieves all external users of the SharePoint Online tenant.
Get external users of a specific site collection:
If you want to find external users of your SharePoint Online site, specify the “SiteUrl” parameter. E.g.,
Get-SPOExternalUser -Position 0 -PageSize 50 -SiteUrl <Your-Site-Url>
This gets the external users on a specific SharePoint site collection.
PnP PowerShell to Get All External Users on a Site
We can get a list of external users from a SharePoint Online site using the PnP PowerShell cmdlet Get-PnPExternalUser
$SiteURL = "https://crescent.SharePoint.com/sites/retail"
#Connect to Site
Connect-PnPOnline -Url $SiteURL -Interactive
$ExternalUsers = @()
#Get All External users
Try {
For ($x=0;;$x+=50)
{
$ExternalUsers += Get-PnPExternalUser -SiteUrl $SiteUrl -Position $x -PageSize 50 -ErrorAction Stop | Select DisplayName,EMail,InvitedBy,AcceptedAs,WhenCreated
}
}
catch {}
#Get All External users
$ExternalUsers
Get All External Users in a SharePoint Online Site and Export to CSV Report
There may come a time when you need to get a list of all the external users who have access to your SharePoint Online site. Well, With just a few lines of code, you can easily get a list of all the external users who have access to your SharePoint Online site and export them to a CSV report.
#Config Parameters
$AdminSiteURL="https://crescent-admin.sharepoint.com"
$SiteURL="https://crescent.sharepoint.com/sites/le"
$ReportOutput ="C:\Temp\ExternalUsersRpt.csv"
#Connect to SharePoint Online
Connect-SPOService -URL $AdminSiteURL
#Get the Site Collection
$Site = Get-SPOSite -Identity $SiteURL
$ExternalUsers =@()
Write-host -f Yellow "Getting External users from Site Collection:"$Site.URL
Try {
For ($x=0;;$x+=50) {
$ExternalUsers += Get-SPOExternalUser -SiteUrl $Site.Url -Position $x -PageSize 50 -ErrorAction Stop | Select DisplayName,EMail,InvitedBy,AcceptedAs,WhenCreated
}
}
catch {}
#Export the Data to CSV file
$ExternalUsers | Export-Csv -Path $ReportOutput -NoTypeInformation
The above script gets all external users from the given site and exports it to CSV.
SharePoint Online Find External Users and Export to CSV:
You must loop through each collection to get the list of external users. The following PowerShell script allows you to iterate through each site collection and determine the external users. Let’s combine everything and export the list of external users to a CSV file:
#Import SharePoint Online Management Shell
Import-Module Microsoft.Online.Sharepoint.PowerShell -DisableNameChecking
#Config Parameters
$AdminSiteURL="https://crescent-admin.sharepoint.com"
$ReportOutput ="C:\Temp\ExternalUsersRpt.csv"
#Get Credentials to connect
$Cred = Get-Credential
#Connect to SharePoint Online Tenant Admin
Connect-SPOService -URL $AdminSiteURL -Credential $Cred
#Get All Site Collections
$SiteCollections = Get-SPOSite -Limit All
#Iterate through each site collection and get external users
Foreach ($Site in $SiteCollections)
{
Write-host -f Yellow "Checking Site Collection:"$Site.URL
Try {
For ($x=0;;$x+=50) {
$ExternalUsers += Get-SPOExternalUser -SiteUrl $Site.Url -Position $x -PageSize 50 -ErrorAction Stop | Select DisplayName,EMail,InvitedBy,AcceptedAs,WhenCreated,@{Name = "SiteUrl" ; Expression = {$Site.url}
}
}
}
catch {}
}
#Export the Data to CSV file
$ExternalUsers | Export-Csv -Path $ReportOutput -NoTypeInformation
This generates a SharePoint Online External user report!
Alternate Method to Get All External Users – Site Collection Wise:
Lately, I found some issues in the Get-SPOExternalUser cmdlet. In some cases, It doesn’t return all external users. So, let’s use the Get-SPOUser cmdlet to get external users by site collection.
#Import SharePoint Online Management Shell
Import-Module Microsoft.Online.Sharepoint.PowerShell -DisableNameChecking
#Config Parameters
$AdminSiteURL="https://crescent-admin.sharepoint.com"
$ReportOutput ="C:\Temp\ExternalUsersRpt.csv"
#Get Credentials to connect
$Cred = Get-Credential
#Connect to SharePoint Online Tenant Admin
Connect-SPOService -URL $AdminSiteURL -Credential $Cred
#Get all Site Collections
$SitesCollection = Get-SPOSite -Limit ALL
$ExternalUsers=@()
#Iterate through each site collection
ForEach($Site in $SitesCollection)
{
Write-host -f Yellow "Checking Site Collection:"$Site.URL
#Get All External users of the site collection
$ExtUsers = Get-SPOUser -Limit All -Site $Site.URL | Where {$_.LoginName -like "*#ext#*" -or $_.LoginName -like "*urn:spo:guest*"}
If($ExtUsers.count -gt 0)
{
Write-host -f Green "Found $($ExtUsers.count) External User(s)!"
$ExternalUsers += $ExtUsers
}
}
#Export the Data to CSV file
$ExternalUsers | Export-Csv -Path $ReportOutput -NoTypeInformation
To list external users in SharePoint Online, You can also use the following:
Get-SPOUser -Site $SiteURL -Limit All | Where-Object {$_.UserType -eq "Guest"}
Generate External Users Report for All Site collections in the tenant using PnP PowerShell
Let’s find all external users from all SharePoint Online sites in the tenant and export them to a CSV file.
#Parameter
$Domain = "crescentintranet" #Domain Name in SharePoint Online. E.g. https://Crescent.sharepoint.com
$CSVFile = "C:\Temp\ExternalSharing.csv"
#Frame Tenant URL and Tenant Admin URL
$TenantURL = "https://$Domain.SharePoint.com"
$TenantAdminURL = "https://$Domain-Admin.SharePoint.com"
#Delete the Output report file if exists
If (Test-Path $CSVFile) { Remove-Item $CSVFile }
#Connect to Admin Center
Connect-PnPOnline -Url $TenantAdminURL -Interactive
#Get All Site collections with External sharing enabled - Filter BOT and MySite Host
$Sites = Get-PnPTenantSite -Filter "Url -like '$TenantURL'" | Where {$_.SharingCapability -ne "Disabled"}
#Iterate through all site collections
$Sites | ForEach-Object {
Write-host "Getting External Users of Site:"$_.URL -f Yellow
#Connect to each site collection
Connect-PnPOnline -Url $_.URL -Interactive
$ExternalUsersData = @()
#Get all External Users of the site collection
$ExternalUsers = Get-PnPUser | Where {$_.LoginName -like "*#ext#*" -or $_.LoginName -like "*urn:spo:guest*"}
Write-host "`tFound '$($ExternalUsers.count)' External users" -f Green
#Collect Data
ForEach($User in $ExternalUsers)
{
$ExternalUsersData += New-Object PSObject -Property ([ordered]@{
SiteName = $_.Title
SiteURL = $_.URL
UserName = $User.Title
Email = $User.Email
})
}
#Export Documents Inventory to CSV
$ExternalUsersData | Export-CSV $CSVFile -NoTypeInformation -Append
}
Write-host "External Users Report Generated Successfully!" -f Magenta
PowerShell to Get External Users from Azure AD
This time, let’s directly query the Azure AD for all external users! These users may or may not have permission to access the SharePoint Online site, As a side note. Here is how to get guest accounts using PowerShell:
#Connect to AzureAD
Connect-AzureAD
#Get All External Users from AzureAD
$ExternalUsers = Get-AzureADUser -All:$True | Where {$_.UserType -eq "Guest"}
Write-host "Total Number of External User Found:"$ExternalUsers.Count
$ExternalUsers | Select DisplayName, Mail
$CSVFile = "C:\temp\AzureExternalUsers.csv"
$ExternalUsers | Select DisplayName, Mail | Export-CSV $CSVFile -NoTypeInformation
I have tested “Generate External Users Report for All Site collections in the tenant using PnP PowerShell” but the result also grab external users that were previous added to the site. I think its getting the users ID from user info list. Which causes a false report. Is there away not to grab it from the user info list and only the current external users that actually have access to the site?
Hello Salaudeen, thank you so much for your dedicated continual shares.
I have been trying to retrieve “Find All Guest Users whose Access is going to Expire in SPO site” via powershell. How can I do that? Since microsoft has left no way for the admin to set expiration links less than 30 days, monitoring and deleting access seems to be the only way. With 100’s of shared files, monitoring one by one is time conaumimg and tedious, is there a way we can retrieve a d list via powershell and set a command to delete access for users if expiry is X days?
These do not show emails have have been sent a link. I shared a document with an external email via the Share Link option, and none of these scripts returned the email in their results
Great scripts! What about MS Teams private channel SPO sites? Do the external users there get captured?
How about per subsite?
User objects are scoped at the site collection level (In other words, when you add a new user, SharePoint creates an entry in “User Information list” of the site collection).