Get-AzureADStaleUsers
1.0
If you are utilizing external, guest, or B2B users in your Office 365 or Azure environments,
you may need a way to determine which objects haven't been logged in or used in a while. Azure
AD doesn't provide an easy way to view this information (really only having the refresh token
time avaiable). This script uses the RefreshTokensValidFromDateTime property from t
you may need a way to determine which objects haven't been logged in or used in a while. Azure
AD doesn't provide an easy way to view this information (really only having the refresh token
time avaiable). This script uses the RefreshTokensValidFromDateTime property from t
If you are utilizing external, guest, or B2B users in your Office 365 or Azure environments,
you may need a way to determine which objects haven't been logged in or used in a while. Azure
AD doesn't provide an easy way to view this information (really only having the refresh token
time avaiable). This script uses the RefreshTokensValidFromDateTime property from the user in
conjunction with one of the following:
- default token refresh lifetime in Azure AD (90 days)
- the actual token refresh lifetime if a policy has been configured and is able to be read
- a user-specified value
The additional value, specified in the the StaleAgeInDays parameter, is added to the one of
the three previous tenant token times. If the user's refresh token is older than that value,
the user is "stale."
This will help you idenify when users last logged on and determine if you need to perform
further actions on them. You can see some more on this script at
https://www.undocumented-features.com/2018/06/22/how-to-find-staleish-azure-b2b-guest-accounts/.
Show more
you may need a way to determine which objects haven't been logged in or used in a while. Azure
AD doesn't provide an easy way to view this information (really only having the refresh token
time avaiable). This script uses the RefreshTokensValidFromDateTime property from the user in
conjunction with one of the following:
- default token refresh lifetime in Azure AD (90 days)
- the actual token refresh lifetime if a policy has been configured and is able to be read
- a user-specified value
The additional value, specified in the the StaleAgeInDays parameter, is added to the one of
the three previous tenant token times. If the user's refresh token is older than that value,
the user is "stale."
This will help you idenify when users last logged on and determine if you need to perform
further actions on them. You can see some more on this script at
https://www.undocumented-features.com/2018/06/22/how-to-find-staleish-azure-b2b-guest-accounts/.
Installation Options
Owners
Copyright
2020
Package Details
Author(s)
- Aaron Guilmette
Tags
Functions
Dependencies
This script has no dependencies.
FileList
- Get-AzureADStaleUsers.nuspec
- Get-AzureADStaleUsers.ps1
Version History
| Version | Downloads | Last updated |
|---|---|---|
| 1.0 (current version) | 534 | 4/19/2020 |