Administration of Azure AD users utilizing the Microsoft Graph PowerShell SDK - getting all disabled users with a license still assigned

I started learning PowerShell nearly a year ago now, just a few months after beginning my career in IT, and it has truly transformed my professional life. From not understanding what a string was, to creating fairly hefty scripts to tackle tasks asked of me, over time my PowerShell knowledge has grown tremendously - however, I'm still learning all the time.

Like most companies, my company utilizes hybrid identity. That's to say - we use traditional on-premises Active Directory, and those identity objects are then synced up to Azure AD using Azure AD Connect. While this is an excellent way for a traditional company to move towards modern identities, administrating an environment of this setup can be... interesting.

I've written many scripts at this point based on the premise of user administration, whether that is for on-prem AD objects or Azure AD user objects. Like most administrators, I'm in the process of transforming my scripts to utilize the MS Graph PowerShell SDK and moving away from the soon-deprecated MS Online and Azure AD modules.

Today, I just want to share a quick snippet that I use in one of my scripts - using MS Graph to gather all disabled Azure AD user objects that still have a license assigned.

To properly run this, you'll have needed to install the MS Graph Module using "Install-Module Microsoft.Graph" and connected to your tenant using "Connect-MgGraph" with the proper scopes you deem fit. If you you just want to pull data to read, you can use "Connect-MgGraph -Scopes 'Directory.Read.All'" I recommend using the beta profile as well, by running "Select-MgProfile -Name 'beta'".

Now that you're connected - here is how you can return all users with a disabled account that is still licensed.

Get-MgUser -Filter 'accountEnabled eq false' -All | Where-Object {$_.AssignedLicenses -ne $null}

When you run this, you should get a nice table showing you some basic information such as the user's name. You can then take the proper action you see fit for each account.

Keeping license costs in check can help your company save some money. It's always a great idea to do. As always, there may be multiple ways to do this, but this is the way I do it. Thanks for reading!