Home WindowsPowerShell How to Find SharePoint Online External Users using PowerShell
PowerShellSharepoint

How to Find SharePoint Online External Users using PowerShell

written by June Castillote

SharePoint Online is a powerful collaboration platform that allows organizations to share and manage documents, resources, and information. One of the key features is SharePoint Online external sharing, allowing users in your organization to collaborate with external users, such as partners, vendors, and clients.

Users sharing SharePoint site with external users and giving them SharePoint guest access to files and libraries, are just a couple of scenarios that can lead to an access audit nightmare. Keeping track of these external users and managing SharePoint guest access can be challenging, especially as your user base grows.

In this blog post, we’ll explore how you can efficiently use PowerShell to find external users in SharePoint Online.

Prerequisites

In this post, we’ll cover two options to find external users in SharePoint Online via PowerShell. But first, the general requirements are:

  • A SharePoint Online administrator account.
  • A computer with Windows PowerShell 5.1 or the latest PowerShell 7.

Step 1: Install SharePoint Online Management Shell

If you haven’t installed the latest version of the SharePoint Online Management Shell, open PowerShell and run the following command.

# Install to the current user profile only 
Install-Module Microsoft.Online.SharePoint.PowerShell -Scope CurrentUser 

# Install for all users (requires elevation/run as admin) 
Install-Module Microsoft.Online.SharePoint.PowerShell -Scope AllUsers

Step 2: Connect to SharePoint Online Management Shell

Import the module and connect to SharePoint Online. Note that when using PowerShell Core, you must append the -UseWindowsPowerShell switch to the command.

sharepoint external sharing report

# Import SPO Management Shell in Windows PowerShell 
Import-Module Microsoft.Online.SharePoint.PowerShell 

# Import SPO Management Shell in PowerShell Core 
Import-Module Microsoft.Online.SharePoint.PowerShell -UseWindowsPowerShell 

# Connect to SPO Management Shell. Replace "tenant" with your tenant name. 
Connect-SPOService -URL https://lazyexch-admin.sharepoint.com

Step 3a: Get SharePoint Online External Users on Individual Sites

SharePoint sharing with external users can happen per site or item. Either way, you can get the SharePoint Online external users on a site by running the Get-SPOExternalUser cmdlet.

But note that this cmdlet can only return a maximum of 50 external users simultaneously. So if there are more than 50 users, we’ll have to be more creative with handling it using paging. Copy the code below and save it to your computer as Get_SPO_External_Users.ps1.

You can also download this script from this Gist → Get All External Users on Individual SPO Sites.

# Specify the SharePoint Online site URL. 
$siteUrl = 'https://lazyexch.sharepoint.com/sites/CustomerSupportPortal' 

# Initialize the results placeholder ArrayList 
$externalUsers = [System.Collections.ArrayList]@() 

# Set the initial position index to 0 (zero-based index). 
$positionIndex = 0 

# Execute the do-while loop to get all external SharePoint users exceeding 50. 
do { 
# Get the SharePoint Online external users from $positionIndex, maximum of 50. 
$temp = @(Get-SPOExternalUser -SiteUrl $siteUrl -PageSize 50 -Position $positionIndex) 
# If the last retrieved external users count is not 0, add it to the $externalUsers collection. 
if ($temp.Count -gt 0 ) { 
$null = $externalUsers.AddRange($temp) 
} 
# Increment the position index by 50, the maximum page size 
$positionIndex += 50 
} 
while ( 
# Continue the loop if the last retrieved external users count is 50 
$temp.Count -eq 50 
# Otherwise, exit the loop. 
) 

# Display the results 
$externalUsers | Select-Object DisplayName, Email, AcceptedAs

Let’s break down the code step by step:

  1. $siteUrl = ‘https://lazyexch.sharepoint.com/sites/CustomerSupportPortal’: This line specifies the URL of the SharePoint Online site from which you want to retrieve external user information. In this case, the site URL is provided as ‘https://lazyexch.sharepoint.com/sites/CustomerSupportPortal’.
  2. $externalUsers = [System.Collections.ArrayList]@(): This line initializes an empty ArrayList named $externalUsers to store the information of external users.
  3. $positionIndex = 0: This line initializes a variable $positionIndex to keep track of the position index of the external users being retrieved. It starts at 0.
  4. do { … } while (…): This construct defines a do-while loop that iteratively retrieves external user information from the SharePoint site in chunks of 50 users until all external users have been retrieved.
    • Inside the loop:
      • $temp = @(Get-SPOExternalUser -SiteUrl $siteUrl -PageSize 50 -Position $positionIndex): This line retrieves external user information using the Get-SPOExternalUser cmdlet. It fetches a maximum of 50 external users from the specified SharePoint site URL ($siteUrl) starting from the position index specified by $positionIndex.
      • if ($temp.Count -gt 0 ) { … }: This condition checks if any external users were retrieved in the current iteration. If there are users (count greater than 0), it adds them to the $externalUsers ArrayList using the AddRange method.
      • $positionIndex += 50: This line increments the $positionIndex by 50, effectively moving to the next batch of external users in the next iteration.
    • The loop continues iterating while the condition specified in the while part is true:
      • $temp.Count -eq 50: This condition checks if the number of external users retrieved in the last iteration was precisely 50. If it was, the loop continues, indicating that there might be more external users to retrieve. If it wasn’t, the loop exits.
  5. $externalUsers | Select-Object DisplayName, Email, AcceptedAs: Finally, this line displays the retrieved external user information stored in the $externalUsers ArrayList. It selects and displays each user’s DisplayName, Email, and AcceptedAs properties.

Run the script in PowerShell, and you should get a similar result to the screenshot below.

sharepoint online external sharing report

Step 3b: Get SharePoint Online External Users on All Sites

What if you need to get all external users on all sites? Don’t worry. We got you covered. In this example, we’ll modify the previous script to account for all sites.

Copy the code below and save it to your computer as Get_SPO_External_Users_All.ps1.

You can also download this script from this Gist → Get All External Users on All SPO Sites.

#Get_SPO_External_Users_All.ps1 

# Get SharePoint Online Sites 
$site = Get-SPOSite -Limit All 

# Initialize the results placeholder ArrayList 
$externalUsers = [System.Collections.ArrayList]@() 

for ($i = 0; $i -lt ($site.Count); $i++) { 
# Set the initial position index to 0 (zero-based index). 
$positionIndex = 0 

# Execute the do-while loop to get all external SharePoint users exceeding 50. 
do { 
# Get the SharePoint Online external users from $positionIndex, a maximum of 50. 
$temp = @(Get-SPOExternalUser -SiteUrl $site[$i].Url -PageSize 50 -Position $positionIndex) 
# If the last retrieved external users count is not 0, add it to the $externalUsers collection. 
if ($temp.Count -gt 0 ) { 
$externalUsers.AddRange( 
@( 
$temp | Select-Object ` 
@{n = 'UniqueId'; e = { $_.UniqueId } }, 
@{n = 'Name'; e = { $_.DisplayName } }, 
@{n = 'Email'; e = { $_.Email } }, 
@{n = 'AcceptedAs'; e = { $_.AcceptedAs } }, 
@{n = 'Created'; e = { $_.WhenCreated } }, 
@{n = 'SiteName'; e = { $site[$i].Title } }, 
@{n = 'SiteURL'; e = { $site[$i].Url } } 
) 
) 
} 
# Increment the position index by 50, the maximum page size 
$positionIndex += 50 
} 
while ( 
# Continue the loop if the last retrieved external users count is 50 
$temp.Count -eq 50 
# Otherwise, exit the loop. 
) 
} 

# Display the results 
return $externalUsers

This script is designed to retrieve and display information about all external users across multiple SharePoint Online sites.

  1. $site = Get-SPOSite -Limit All: This line retrieves a list of all SharePoint Online sites using the Get-SPOSite cmdlet with the Limit All parameter. It stores the site information in the variable $site.
  2. $externalUsers = [System.Collections.ArrayList]@(): This line initializes an empty ArrayList named $externalUsers to store the information of external users.
  3. for ($i = 0; $i -lt ($site.Count); $i++) { … }: This loop iterates through each SharePoint site in the $site array.
    • Inside the loop:
      • $positionIndex = 0: This line initializes the position index for retrieving external users for the current site.
      • do { … } while (…): This construct defines a do-while loop that retrieves external user information in batches of 50 users from the current SharePoint site.
        • Inside the loop:
          • $temp = @(Get-SPOExternalUser -SiteUrl $site[$i].Url -PageSize 50 -Position $positionIndex): This line fetches external user information from the current site’s URL, starting from the specified position index.
          • if ($temp.Count -gt 0 ) { … }: If external users are retrieved in the current iteration, their information is added to the $externalUsers ArrayList. The Select-Object cmdlet creates custom objects with specific properties like UniqueId, Name, Email, etc.
          • $positionIndex += 50: The position index is incremented to fetch the next batch of users in the next iteration.
        • The loop continues as long as the condition specified in the while part is true. It keeps iterating if the number of external users retrieved in the last iteration was precisely 50.
  4. Finally, the script returns the $externalUsers ArrayList, which contains information about all the retrieved external users.

Now, run the script. This example exports the results to a CSV file.

.\Get_SPO_External_Users_All.ps1 | Export-Csv -Path .\SharePointOnlineExternalUsers.csv -NoTypeInformation

sharepoint external users

Conclusion

Managing external users in SharePoint Online is crucial for maintaining smooth collaboration with partners, vendors, and clients. PowerShell offers a powerful and flexible approach to retrieving information about external users across various SharePoint sites, enhancing your ability to oversee access and ensure data security.

This blog post delved into the process of finding external users using PowerShell, providing step-by-step instructions and scripts to assist administrators in this task. Following the outlined steps, you can gain valuable insights into your organization’s external user landscape, including user details such as display names, email addresses, and acceptance status.

Furthermore, the script modifications demonstrated how to extend this functionality to cover multiple SharePoint sites, enabling you to manage external user access throughout your SharePoint Online environment comprehensively.

june castillote

June started in IT back in 2002. Since then, he has worked as a programmer, technical support specialist, and systems administrator. He is currently a technology consultant working with Microsoft 365, Azure, and various Messaging and Collaboration systems. June is always on the lookout for automation opportunities and prefers to write code in PowerShell whenever possible.

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.