Find Guest Users in Microsoft 365 Groups using PowerShell

by

Organizations can use Microsoft Teams to collaborate with people outside the organization. Microsoft Teams use the Microsoft 365 Groups (aka Office 365 Groups) as a membership service. Once you have added an external user as a guest member to a team or group, the user can join group/team conversations, access files, calendar events, and other team resources.

Before start, install the Azure AD V2 PowerShell module and run the following command to connect the module.

Connect-AzureAD

You can use the Get-AzureADUser cmdlet to get a list of all guest users in your Office 365 tenant.

Get-AzureADUser -All $true | Where-Object {$_.UserType -eq 'Guest'}

The above command gets a list of all the guest users, but it will not provide group membership of the users. You can use the Get-AzureADGroupMember cmdlet to get members of a group. This command retrieves the group members and basic user details such as userprincipalname, user type (guest or normal member), applied licenses, and more.

Run the below command to get all members of a group.

$Group = Get-AzureADGroup -SearchString '<GroupName>'
Get-AzureADGroupMember -ObjectId $Group.ObjectId -All $true | Select DisplayName, UserPrincipalName, UserType

We can filter the members by their UserType to list only the guest users.

$Group = Get-AzureADGroup -SearchString '<GroupName>'
Get-AzureADGroupMember -ObjectId $Group.ObjectId -All $true | Where-Object { $_.UserType -eq 'Guest'}

Export Guest Users of all the Groups

Run the below commands to export all groups with guest members.

$Result = @()
#Get all M365 groups
$AllGroups = Get-AzureADMSGroup -Filter "groupTypes/any(c:c eq 'Unified')" -All $true
$TotalGroups = $AllGroups.Count
$i = 1 
ForEach ($Group in $AllGroups) {
Write-Progress -Activity "Processing $($Group.DisplayName)" -Status "$i out of $TotalGroups groups completed"
#Fetch guest group members
$GuestMembers = Get-AzureADGroupMember -ObjectId $Group.Id -All $true | Where-Object { $_.UserType -eq ‘Guest’}

ForEach ($User in $GuestMembers) {
$Result += New-Object PSObject -property $([ordered]@{ 
GroupName = $Group.DisplayName
GroupMail = $Group.Mail
UserName = $User.DisplayName
UserPrincipalName  = $User.UserPrincipalName
})
}
$i++
}
$Result | Export-CSV "C:\AllGuestGroupMembers.CSV" -NoTypeInformation -Encoding UTF8

Find list of Office 365 Groups with guest users

The above script exports all groups along with their guest members. If a group has multiple guest users, then we will get multiple group name entry for the same group. Run the following command to get only the list of groups which has guest members.

$Result | Select GroupName, GroupMail -Unique

Add guest user and team member from Azure AD portal »

Enable guest access and add guest user in Microsoft Teams »

Related Posts

Advertisement