M365 Blogs

Top 8 Microsoft Graph PowerShell Scripts for User Management

Managing Microsoft 365 users manually is inefficient and prone to error. Whether you're onboarding, offboarding, licensing, or auditing users, Graph PowerShell gives you the automation edge.

Below are 8 practical, ready-to-use scripts every Microsoft 365 administrator should have.

List All Microsoft 365 Users with Basic Info

Get essential user details including account status.

Get-MgUser -All -Property Id, DisplayName, UserPrincipalName, AccountEnabled |
Select-Object Id, DisplayName, UserPrincipalName, AccountEnabled

Track User Sign-in Activity

Get-MgUser -All -Property UserPrincipalName, SignInActivity |
Select-Object UserPrincipalName, @{Name="LastSignIn"; Expression={$_.SignInActivity.LastSignInDateTime}}

Bulk Disable Inactive User Accounts

# Users inactive for 30+ days
$thresholdDate = (Get-Date).AddDays(-30)

$inactiveUsers = Get-MgUser -All -Property Id, DisplayName, UserPrincipalName, SignInActivity, AccountEnabled |
Where-Object {
    $_.SignInActivity.LastSignInDateTime -lt $thresholdDate -and $_.AccountEnabled -eq $true
}

foreach ($user in $inactiveUsers) {
    Update-MgUser -UserId $user.Id -BodyParameter @{accountEnabled = $false}
    Write-Output "Disabled user: $($user.DisplayName)"
}

Reset User Password

$UserId = "alexw@yourdomain.com"
$passwordProfile = @{
    password = "TempP@ssword123!"
    forceChangePasswordNextSignIn = $true
}
Update-MgUser -UserId $UserId -BodyParameter @{PasswordProfile = $passwordProfile}

Export All Licensed Users

Get-MgUser -All -Filter "assignedLicenses/`$count ne 0 and userType eq 'Member'" `
-ConsistencyLevel eventual -CountVariable Records |
Select-Object DisplayName, UserPrincipalName |
Export-Csv "LicensedUsers.csv" -NoTypeInformation

Identify All Unlicensed Users

Get-MgUser -All -Filter "assignedLicenses/`$count eq 0 and userType eq 'Member'" `
-ConsistencyLevel eventual -CountVariable Records |
Select-Object DisplayName, UserPrincipalName

Bulk Assign Licenses to New Users (from CSV)

CSV Template:

UserPrincipalName
alexw@yourdomain.com
sarahp@yourdomain.com

$users = Import-Csv "UsersToLicense.csv"
$SkuId = "your-sku-id-guid"  # Get via Get-MgSubscribedSku

foreach ($user in $users) {
    $UserId = $user.UserPrincipalName
    Set-MgUserLicense -UserId $UserId -AddLicenses @{SkuId = $SkuId} -RemoveLicenses @{}
    Write-Output "License assigned to $UserId"
}

Get All Users Assigned to Admin Roles

$roles = Get-MgDirectoryRole
foreach ($role in $roles) {
    Write-Host "`nRole: $($role.DisplayName)"
    $members = Get-MgDirectoryRoleMember -DirectoryRoleId $role.Id
    foreach ($member in $members) {
        Write-Output " - $($member.AdditionalProperties.displayName) ($($member.AdditionalProperties.userPrincipalName))"
    }
}

Final Thoughts

These scripts go beyond simple user listing — they help automate onboarding, security, licensing, and access management with precision and ease. Use them as-is or adapt for bulk scenarios to suit your organization’s needs.

Did You Know? Managing Microsoft 365 applications is even easier with automation. Try our Graph PowerShell scripts to automate tasks like generating reports, cleaning up inactive Teams, or assigning licenses efficiently.

Ready to get the most out of Microsoft 365 tools? Explore our free Microsoft 365 administration tools to simplify your administrative tasks and boost productivity.