In this blog post, we’ll walk through a practical PowerShell script that helps you check the invitation state of multiple B2B (Business-to-Business) guest users in Azure Active Directory (Azure AD). You’ll also learn how to export this information into a structured .CSV file for further analysis. This method is particularly useful for IT administrators managing external user access.
Prerequisites
Before running the script, ensure the following:
– AzureAD PowerShell module is installed.
– You have appropriate permissions to query user data from Azure AD.
– The input file (users.csv) is available with a column named ‘UserPrincipalName’.
Script Overview
Here’s the full PowerShell script:
# Import the AzureAD module
Import-Module AzureAD
# Connect to Azure AD (authenticate as necessary)
Connect-AzureAD
# Specify the input CSV file and output CSV file
$inputFile = "C:\path\to\users.csv" # Import File
$outputFile = "C:\path\to\output.csv" # Export File
# Read the input file
$users = Import-Csv -Path $inputFile
# Initialize an array to store results
$results = @()
# Process each user
foreach ($user in $users) {
$userEmail = $user.UserPrincipalName # Edit Here
$userData = Get-AzureADUser -Filter "UserPrincipalName eq '$userEmail'" -ErrorAction SilentlyContinue
if ($userData) {
$externalUserState = $userData.ExternalUserState
$results += [PSCustomObject]@{
UserPrincipalName = $userEmail
ExternalUserState = $externalUserState
}
} else {
$results += [PSCustomObject]@{
UserPrincipalName = $userEmail
ExternalUserState = "User not found"
}
}
}
# Export the results to a CSV file
$results | Export-Csv -Path $outputFile -NoTypeInformationLine-by-Line Explanation
Import-Module AzureAD: Loads the AzureAD module, which provides cmdlets to manage Azure Active Directory.
Connect-AzureAD: Prompts you to sign in to Azure AD. This is required to query user data.
$inputFile = …: Defines the path to your input CSV file that contains user emails.
$outputFile = …: Defines where the result will be saved.
Import-Csv -Path $inputFile: Reads all user email addresses from the CSV file into the $users variable.
$results = @(): Initializes an empty array to collect the output for each user.
foreach ($user in $users): Loops through each row (user) in the input CSV.
$userEmail = $user.UserPrincipalName: Stores the email address of the current user in the loop.
Get-AzureADUser -Filter …: Tries to find the user in Azure AD using their email. If not found, it skips silently.
$userData.ExternalUserState: Captures the invitation state, e.g., ‘PendingAcceptance’ or ‘Accepted’.
Export-Csv …: Exports the final results to a CSV file for further review or reporting.
Output Example
The exported CSV file will look like this:
UserPrincipalName,ExternalUserState
john.doe@external.com,Accepted
jane.smith@external.com,PendingAcceptance
bob.jones@external.com,User not found
Summary and Use Cases
This PowerShell script is a great tool for managing external user access in Azure AD. It helps IT admins:
– Monitor guest user invitation statuses
– Identify users who haven’t accepted invites
– Ensure compliance and proper access control
You can schedule this script to run regularly and track invitation statuses over time.
