SharePoint Online: Find All External Users using PowerShell

Requirement: SharePoint Online List External Users using PowerShell
Find All External Users in SharePoint Online using PowerShell

Users outside of the organizations can be invited to collaborate to SharePoint Online as "External Users". As Microsoft says:
"An external user is someone outside of your organization who can access your SharePoint Online sites and documents but does not have a license for your SharePoint Online or Microsoft Office 365 subscription. External users are not employees, contractors, or onsite agents for you or your affiliates.

SharePoint Online: How to Get External Users?
As part of governance policies, we wanted to take control over external sharing, So I had to see how many external users are added to SharePoint Online and where. The Get-SPOExternalUser cmdlet displays a list of all external users in our Office 365 tenant. For an external user to be listed using this PowerShell cmdlet, they need to have accepted the invitation to the SharePoint Online environment, and have logged in at least once.

Find External Users in SharePoint Online:
How can I list external users that have access to my SharePoint Online site? To view external users in SharePoint Online, there was a page in Old Office 365 admin center: External Sharing >> External User. But this page was deprecated. So, we are left with PowerShell! Open SharePoint Online Management Shell and run the below script to view external users SharePoint Online:
#Connect to SharePoint Online Tenant Admin
$AdminSiteURL="https://crescent-admin.sharepoint.com"

$Cred = Get-Credential
Connect-SPOService -URL $AdminSiteURL -Credential $Cred

#sharepoint online list external users powershell
Get-SPOExternalUser | Select DisplayName,Email,AcceptedAs,WhenCreated | Format-Table
But wait! The Get-SPOExternalUser cmdlet has a limitation of returning first 50 users only! So, we need to amend the script a bit to get all external users in SharePoint Online.
Try {
    For ($x=0;;$x+=50) {
        $ExternalUsers += Get-SPOExternalUser -PageSize 50 -Position $x -ErrorAction Stop
    }
}
Catch {}
$ExternalUsers
This retrieves all external users of the SharePoint Online tenant.

Get external users of a specific site collection:
Specify the "SiteUrl" parameter to retrieve external users of the specific site collection. E.g.
Get-SPOExternalUser -Position 0 -PageSize 50 -SiteUrl <Your-Site-Url>
This gets the external users on a specific SharePoint site collection.

SharePoint Online Find External Users and Export to CSV:
You have to loop through each collection to get the list of external users. The following PowerShell script allows you to iterate through each site collection and figure out the external users. Lets combine everything and export list of external users to a CSV file:
#Import SharePoint Online Management Shell
Import-Module Microsoft.Online.Sharepoint.PowerShell -DisableNameChecking

#Config Parameters
$AdminSiteURL="https://crescent-admin.sharepoint.com"
$ReportOutput ="C:\Temp\ExternalUsersRpt.csv"

#Get Credentials to connect
$Cred = Get-Credential

#Connect to SharePoint Online Tenant Admin
Connect-SPOService -URL $AdminSiteURL -Credential $Cred

#Get All Site Collections
$SiteCollections  = Get-SPOSite -Limit All

#Iterate through each site collection and get external users
Foreach ($Site in $SiteCollections)
{
    Write-host -f Yellow "Checking Site Collection:"$Site.URL
    Try {
        For ($x=0;;$x+=50) {
            $ExternalUsers += Get-SPOExternalUser -SiteUrl $Site.Url -Position $x -PageSize 50 -ErrorAction Stop | Select DisplayName,EMail,InvitedBy,AcceptedAs,WhenCreated,@{Name = "SiteUrl" ; Expression = {$Site.url} 
        }
    }
}
catch {}
}

#Export the Data to CSV file
$ExternalUsers | Export-Csv -Path $ReportOutput -NoTypeInformation
This generates SharePoint Online External user report!

Alternate Method to Get All External Users - Site Collection Wise:
Lately, I found some issues in Get-SPOExternalUser cmdlet. In some cases, It doesn't return all external users. So, Lets use Get-SPOUser cmdlet to get external users by site collection.
#Import SharePoint Online Management Shell
Import-Module Microsoft.Online.Sharepoint.PowerShell -DisableNameChecking

#Config Parameters
$AdminSiteURL="https://crescent-admin.sharepoint.com"
$ReportOutput ="C:\Temp\ExternalUsersRpt.csv"

#Get Credentials to connect
$Cred = Get-Credential

#Connect to SharePoint Online Tenant Admin
Connect-SPOService -URL $AdminSiteURL -Credential $Cred

#Get all Site Collections
$SitesCollection = Get-SPOSite -Limit ALL

[email protected]()
#Iterate through each site collection
ForEach($Site in $SitesCollection)
{
    Write-host -f Yellow "Checking Site Collection:"$Site.URL

    #Get All External users of the site collection
    $ExtUsers = Get-SPOUser -Limit All –Site $Site.URL | Where {$_.LoginName -like "*#ext#*" -or $_.LoginName -like "*urn:spo:guest*"}
    If($ExtUsers.count -gt 0)
    {
        Write-host -f Green "Found $($ExtUsers.count) External User(s)!"
        $ExternalUsers += $ExtUsers
    }
}

#Export the Data to CSV file
$ExternalUsers | Export-Csv -Path $ReportOutput -NoTypeInformation
To list external users in SharePoint Online, You can also use:
Get-SPOUser -Site $SiteURL -Limit All | Where-Object {$_.UserType -eq "Guest"}

Generate External Users Report for All Site collections in the tenant using PnP PowerShell
#Parameter
$Domain =  "crescentintranet" #Domain Name in SharePoint Online. E.g. https://CrescentIntranet.SharePoint.com
$CSVFile = "C:\Temp\ExternalSharing.csv"

#Frame Tenant URL and Tenant Admin URL
$TenantURL = "https://$Domain.SharePoint.com"
$TenantAdminURL = "https://$Domain-Admin.SharePoint.com"

#Delete the Output report file if exists 
If (Test-Path $CSVFile) { Remove-Item $CSVFile }

#Connect to Admin Center
Connect-PnPOnline -Url $TenantAdminURL -UseWebLogin
   
#Get All Site collections with External sharing enabled - Filter BOT and MySite Host
$Sites = Get-PnPTenantSite -Filter "Url -like '$TenantURL'" | Where {$_.SharingCapability -ne "Disabled"}
  
#Iterate through all site collections
$Sites | ForEach-Object {
    Write-host "Getting External Users of Site:"$_.URL -f Yellow
    #Connect to each site collection
    $SiteConn = Connect-PnPOnline -Url $_.URL -UseWebLogin -ReturnConnection
    $ExternalUsersData = @()

    #Get all External Users of the site collection
    $ExternalUsers = Get-PnPUser -Connection $SiteConn| Where {$_.LoginName -like "*#ext#*" -or $_.LoginName -like "*urn:spo:guest*"}    
    Write-host "`tFound '$($ExternalUsers.count)' External users" -f Green
    
    #Collect Data
    ForEach($User in $ExternalUsers)
    { 
        $ExternalUsersData += New-Object PSObject -Property ([ordered]@{
            SiteName = $_.Title
            SiteURL  = $_.URL
            UserName = $User.Title
            Email = $User.Email
        })
    }

    #Export Documents Inventory to CSV
    $ExternalUsersData | Export-CSV $CSVFile -NoTypeInformation -Append

    Disconnect-PnPOnline -Connection $SiteConn
}

Write-host "External Users Report Generated Successfully!" -f Magenta

PowerShell to Get External Users from Azure AD
#Connect to AzureAD
Connect-AzureAD
 
#Get All External Users from AzureAD
$ExternalUsers = Get-AzureADUser -All:$True | Where {$_.UserType -eq "Guest"} 

Write-host "Total Number of External User Found:"$ExternalUsers.Count
$ExternalUsers | Select DisplayName, Mail

$CSVFile = "C:\temp\AzureExternalUsers.csv"
$ExternalUsers | Select DisplayName, Mail | Export-CSV $CSVFile -NoTypeInformation

No comments:

Please Login and comment to get your questions answered!

Powered by Blogger.