Managing Guest Users in PowerShell with Microsoft Graph API

In today’s collaborative work environments, inviting guest users to access organizational resources has become a common practice. PowerShell, combined with Microsoft Graph API (mggraph), provides a powerful way to manage these guest users. This blog post explores how to use PowerShell and mggraph to manage guest users, with practical examples to illustrate key concepts. Let’s dive in.

Introduction to Guest Users and Microsoft Graph API

Guest users are external users who are granted access to your organization’s resources. Microsoft Graph API, a unified endpoint for accessing data across Microsoft services, enables administrators to automate the management of these guest users through PowerShell scripts.

Installing Graph API and connecting to the Cloud

Before diving into the examples, we still have some work to do, namely we need to connect to the cloud.

# Micrsoft Graph Module
Install-Module Microsoft.Graph -AllowClobber -Force

# Connect to Cloud
Connect-MgGraph -Scopes 'User.ReadWrite.All'  
Get-MgContext | Select-Object -ExpandProperty Scopes

Inviting | Retrieving | Removing Guest Users

Here are some examples of how to invite guest users, retrieve (display) guest users and finally remove guest users.

# Invite Guest User
New-MgInvitation -InvitedUserDisplayName "Hans Womanizer" -InvitedUserEmailAddress pewa2303@gmail.com `
-InviteRedirectUrl "https://myapplications.microsoft.com" -SendInvitationMessage:$true

# Retrieve Guest Users
Get-MgUser -Filter "userType eq 'Guest'" -All 
Get-MgUser -Filter "userType eq 'Guest' and externalUserState eq 'PendingAcceptance'" -All 

# Remove Guest User
Remove-MgUser -UserId pewa2303_gmail.com#EXT#@sid500.onmicrosoft.com

Disconnect

Last but not least, we disconnect from the ms graph API.

Disconnect-MgGraph

Hope this was helpful.