M365 PowerShell

Listing Guest Users in a Microsoft Team using Graph PowerShell

Managing team members effectively is crucial in ensuring the security and efficiency of your Microsoft Teams. One common administrative task is identifying guest users within a team. This article provides a PowerShell script to filter and list guest users from a Microsoft Team using Microsoft Graph PowerShell. We will cover the script's functionality, enhancements, possible errors, solutions, and conclude with key takeaways.

Script to Filter Guest Users

Below is the PowerShell script to filter guest users from a specified Microsoft Team:

$teamId = "1cbe8c31-589d-453a-a1e5-045f7f00c967"

# Get all members of the Team
$members = Get-MgGroupMember -GroupId $teamId -All -ConsistencyLevel eventual

# Initialize an array to hold guest users
$guestMembers = @()

# Loop through each member and get the user details to check the UserType
foreach ($member in $members) {
    Write-Host "Processing member: $($member.Id)"
    try {
        # Get the user details
        $user = Get-MgUser -UserId $member.Id -ErrorAction Stop
        Write-Host "Retrieved details for user: $($user.DisplayName)"
        if ($user.UserType -eq 'Guest') {
            Write-Host "User is a guest: $($user.DisplayName)"
            $guestMembers += $user
        } else {
            Write-Host "User is not a guest: $($user.DisplayName)"
        }
    }
    catch {
        Write-Host "Failed to retrieve details for user with ID: $($member.Id)"
    }
}

# Display the guest members
if ($guestMembers.Count -eq 0) {
    Write-Host "No guest members found."
} else {
    $guestMembers | Select-Object DisplayName UserPrincipalName Id

Script Output:

How the Script Works

Initialize Team ID: The script starts by setting the $teamId variable to the ID of the Microsoft Team you want to inspect.
Retrieve Team Members: Using the Get-MgGroupMember cmdlet, it retrieves all members of the specified team. The -All and -ConsistencyLevel eventual parameters ensure that all members are fetched.
Initialize Guest User Array: An empty array $guestMembers is initialized to hold the guest user details.
Loop Through Members: The script loops through each member and retrieves their details using the Get-MgUser cmdlet.
Check User Type: For each user, it checks the UserType property. If the UserType is 'Guest', the user is added to the $guestMembers array.
Error Handling: The script includes error handling to manage any issues that occur when retrieving user details.
Display Guest Users: Finally, the script displays the guest users' DisplayName, UserPrincipalName, and Id.

Enhancing the Script

The script can be further enhanced to improve functionality and usability:

Export Results to CSV: Export the list of guest users to a CSV file for easier analysis and reporting.

$guestMembers | Select-Object DisplayName UserPrincipalName Id | Export-Csv -Path "GuestUsers.csv" -NoTypeInformation

Add More User Details: Retrieve and display additional user properties such as Mail, JobTitle, and Department.

$guestMembers | Select-Object DisplayName UserPrincipalName Id Mail JobTitle Department

Logging: Implement logging to capture script execution details and errors for auditing purposes.

$logFile = "ScriptLog.txt"
Write-Output "Script executed on: $(Get-Date)" | Out-File -FilePath $logFile -Append

Possible Errors & Solutions

Insufficient Permissions:

Cause: Ensure that the user running the script has the necessary permissions to access Microsoft Graph and retrieve user details.

Solution: Grant the required permissions or use a user account with the appropriate permissions.

Network Issues:

Cause: Network connectivity issues can cause the script to fail when accessing Microsoft Graph.

Solution: Check the network connection and ensure it is stable before running the script.

User Not Found:

Cause: If a user ID is incorrect or the user does not exist, the script might fail to retrieve details.

Solution: Validate the user IDs and ensure they exist in the directory.

Conclusion

This script provides an effective way to filter guest users from a Microsoft Team using Graph PowerShell. By understanding the script's functionality, potential enhancements, and common errors, administrators can efficiently manage team memberships and ensure the security of their Microsoft Teams environment.

Feel free to customize the script to meet your specific needs and integrate it into your regular administrative tasks.

Using Get-MgDirectoryRole in Graph PowerShell
Using Get-MgUserLicenseDetail in Graph PowerShell
Using Find-GraphMgCommand in Graph PowerShell
Connect to Microsoft 365 Using PowerShell
How to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Using Powershell Graph Filter Query
Using Where-Object In Graph PowerShell
Using Expand Property In Graph PowerShell
Using Select Object In Graph PowerShell
Using -Contains Operator In Graph PowerShell
Add User to Multiple Microsoft 365 Groups Using Graph PowerShell
Get Microsoft 365 User Location Using Graph PowerShell
Import Microsoft 365 Groups from CSV File Using Graph PowerShell
Microsoft 365 Group User Import Using Graph PowerShell