Share via

Unable to fetch disabled users across subscriptions

Mahadev, Rakesh [HAEA] 160 Reputation points
2024-10-18T06:54:27.2733333+00:00

Hello Team,

I'm trying to get list of disabled users across all subscriptions under our tenant. But when I run the below script it is not fetching the data instead loading VS code. If I run Get-disabled users command it is giving the list of disabled users but unable to fetch the users across subscriptions. Please advice.

Install Azure AD PowerShell module if not already installed

Install-Module AzureAD -Force

Connect to your Azure AD tenant

Connect-AzureAD

Get all subscriptions

$subscriptions = Get-AzureSubscription

Iterate through each subscription and get disabled users

foreach ($subscription in $subscriptions) {

# Set current subscription

Set-AzureSubscription -SubscriptionId $subscription.SubscriptionId

# Get disabled users

$disabledUsers = Get-AzureADUser -Filter "accountEnabled eq false"

# Export disabled users to CSV (adjust file path as needed)

$disabledUsers | Export-Csv -Path "C:\Users\VMadministrator\Downloads.csv" -NoTypeInformation

}

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,261 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,561 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,608 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,172 questions
0 comments
Accepted answer
  1. Sandeep G-MSFT 19,761 Reputation points Microsoft Employee
    2024-10-18T09:05:17.49+00:00

    @Mahadev, Rakesh [HAEA]

    Thank you for posting this in Microsoft Q&A.

    As I understand you are looking for a list of disabled users who are assigned a role in all subscriptions.

    I have worked in my lab and got the below script which is working fine.

    Try running below PowerShell script and make necessary changes as per your requirement to get desired output#connect to Azure Account Connect-AzAccount -Tenant "1bb2ed63-8284-48dd-a9ad-de118aee32b6"

     

    #connect to AzureAD Connect-AzureAD
 
$disabledUsers = Get-AzureADUser -Filter "accountEnabled eq false" | Select-Object DisplayName, UserPrincipalName, ObjectId
 
$subscriptionlist = Get-AzSubscription
 
$result = @()
 
foreach ($subscription in $subscriptionlist) {     Set-AzContext -Subscription $subscription.SubscriptionId     Write-Host "Currently running with this subscriptionId:" $subscription.SubscriptionId
 
    $roleAssignments = Get-AzRoleAssignment | Where-Object ObjectType -Match User
 
    foreach ($assignment in $roleAssignments) {                 if ($disabledUsers.ObjectId -contains $assignment.ObjectId) {             $result += $assignment | Select-Object DisplayName, SignInName         }     } }
 
Write-Output $result|Format-Table

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.