Refactored get-spo-invalid-user-accounts script README.md

scripts/get-spo-invalid-user-accounts/README.md

@@ -17,75 +17,86 @@ In this script I have checked for two things:
 
 ```powershell
 
-
-
 #extract all users from a site collection and check for validity
 $SiteURL = "https://contoso.sharepoint.com/sites/workspaces"
 if(-not $conn)
 {
     $conn = Connect-PnPOnline -Url $SiteURL -Interactive -ReturnConnection
 }
 
-function Get-AllUsersFromUPA
-{
-    $allUPAusers = @()
-    $UPAusers = Submit-PnPSearchQuery -Query "*" -SourceId "b09a7990-05ea-4af9-81ef-edfab16c4e31" -SelectProperties "Title,WorkEmail" -All -Connection $conn
-    foreach($user in $UPAusers.ResultRows)
-    {
-        $allUPAusers += $user.LoginName
-    }
-    $allUPAusers
-}
+# ---------------------------
+# Function: Get all users from UPA
+# ---------------------------
+function Get-AllUsersFromUPA {
+    param([Parameter(Mandatory)] $Connection)
 
-function Get-UserFromGraph 
-{
-    $disabledusersfromgraph = @()
-    $result = Invoke-PnPGraphMethod -Url "users?`$select=displayName,mail, AccountEnabled" -Connection $conn
-
-    $result.value.Count
-    foreach($account in $result.value)
-    {
-        if($account.accountEnabled -eq $false)
-        {
-            $disabledusersfromgraph += $account.mail
-        }
-    }
-    $disabledusersfromgraph
+    $UPAusers = Submit-PnPSearchQuery `
+        -Query "*" `
+        -SourceId "b09a7990-05ea-4af9-81ef-edfab16c4e31" `
+        -SelectProperties "Title,WorkEmail" `
+        -All `
+        -Connection $Connection
+
+    return $UPAusers.ResultRows | ForEach-Object { $_.LoginName }
 }
 
-$disabledusersfromgraph = Get-UserFromGraph
-$allUPAusers = Get-AllUsersFromUPA
+# ---------------------------
+# Function: Get disabled users from Azure AD (Graph)
+# ---------------------------
+function Get-DisabledUsersFromGraph {
+    param([Parameter(Mandatory)] $Connection)
 
-$allSiteUsers = Get-PnPUser -Connection $conn
-$validUsers = @()
-$invalidUsers = @()
-foreach($user in $allSiteUsers)
-{
-    try {
-        $userObj = Get-PnPUser -Identity $user.LoginName -Connection $conn -ErrorAction Stop
-        if($userObj.Email -in $disabledusersfromgraph)
-        {
-            Write-Host "User $($userObj.LoginName) is disabled in Azure AD"
-            $invalidUsers += $user
-        }
-        else
-        {
-            $hit = $allUPAusers | Where-Object {$_ -eq $userObj.LoginName}
-            if(-not $hit)
-            {
-                Write-Host "User $($userObj.LoginName) is not in the UPA"
+    $result = Invoke-PnPGraphMethod -Url "users?`$select=displayName,mail,accountEnabled" -Connection $Connection
+    return $result.value | Where-Object { $_.accountEnabled -eq $false } | ForEach-Object { $_.mail }
+}
+
+# ---------------------------
+# Function: Validate site users
+# ---------------------------
+function Validate-SiteUsers {
+    param(
+        [Parameter(Mandatory)] $Connection,
+        [Parameter(Mandatory)] $UPAusers,
+        [Parameter(Mandatory)] $DisabledUsers
+    )
+
+    $invalidUsers = @()
+    $allSiteUsers = Get-PnPUser -Connection $Connection
+
+    foreach ($user in $allSiteUsers) {
+        try {
+            $userObj = Get-PnPUser -Identity $user.LoginName -Connection $Connection -ErrorAction Stop
+
+            if ($userObj.Email -in $DisabledUsers) {
+                Write-Host "User $($userObj.LoginName) is disabled in Azure AD" -ForegroundColor Yellow
+                $invalidUsers += $user
+            }
+            elseif (-not ($UPAusers -contains $userObj.LoginName)) {
+                Write-Host "User $($userObj.LoginName) is not in the UPA" -ForegroundColor Yellow
                 $invalidUsers += $user
             }
         }
-
-
-    }
-    catch {
-        $invalidUsers += $user
+        catch {
+            Write-Host "Error retrieving user $($user.LoginName), marking as invalid." -ForegroundColor Red
+            $invalidUsers += $user
+        }
     }
+
+    return $invalidUsers
 }
+
+# ---------------------------
+# Main Script Execution
+# ---------------------------
+$allUPAusers = Get-AllUsersFromUPA -Connection $conn
+$disabledUsersFromGraph = Get-DisabledUsersFromGraph -Connection $conn
+$invalidUsers = Validate-SiteUsers -Connection $conn -UPAusers $allUPAusers -DisabledUsers $disabledUsersFromGraph
+
+# Export invalid users to CSV
 $invalidUsers | Export-Csv -Path "C:\temp\invalidusers.csv" -Delimiter "|" -Encoding utf8 -Force
 
+Write-Host "Script completed. Invalid users exported to C:\temp\invalidusers.csv" -ForegroundColor Green
+
 ```
 [!INCLUDE [More about PnP PowerShell](../../docfx/includes/MORE-PNPPS.md)]
 ***
@@ -96,6 +107,7 @@ $invalidUsers | Export-Csv -Path "C:\temp\invalidusers.csv" -Delimiter "|" -Enco
 | Author(s) |
 |-----------|
 | Kasper Larsen |
+| ojopiyo |
 
 [!INCLUDE [DISCLAIMER](../../docfx/includes/DISCLAIMER.md)]
 <img src="https://m365-visitor-stats.azurewebsites.net/script-samples/scripts/get-spo-invalid-user-accounts" aria-hidden="true" />

scripts/get-spo-invalid-user-accounts/assets/sample.json

@@ -9,7 +9,7 @@
       ""
     ],
     "creationDateTime": "2024-01-10",
-    "updateDateTime": "2024-01-10",
+    "updateDateTime": "2025-12-11",
     "products": [
       "SharePoint",      
       "Graph"      
@@ -39,6 +39,12 @@
       }
     ],
     "authors": [
+      {
+        "gitHubAccount":"ojopiyo",
+        "company": "",
+        "pictureUrl": "https://avatars.githubusercontent.com/u/122151392?v=4",
+        "name": "ojopiyo"
+      },
       {
         "gitHubAccount": "kasperbolarsen",
         "company": "",