Share via

How to mange #EXT# external users in O365?

Anonymous
2016-06-28T19:19:12+00:00

We have a large user base and number of external users (#EXT#) i.e. username_domain#EXT# is increasing in our portal. As I understand it, it happens because of external sharing done with OneDrive/SharePointonline, my question is about managing these.

  1. Do these external users automatically go away once the sharing is disabled for those particular files?
  2. If sharing is not disabled, these users will stay in our O365 as long as files are shared with them or will they go away after sometime?
  3. Does deleting these external users break their access to shared files?
  4. What is MSFT recommended approach to clean up portal of this increasing number of external users?
  5. Is it possible to see what particular documents are shared with these external users?
  6. Is it possible to run a power shell script to find out external user creation date/time stamp so that we can quarterly cleanup?
  7. Once I delete this external user, I am unable to delete them from recycle bin using powershell which throws an "object not found" error in recycle bin, which I can see is still in recycle bin, any ideas how to accomplish that?

Thank you very much!

Microsoft 365 and Office | Subscription, account, billing | For home | Windows

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

Anonymous
2016-06-29T06:59:40+00:00

Hi Zak_cal,

  1. The external users will still show in the Active Users list and the User Profiles list ( SharePoint admin center > user profiles) after we stop sharing the particular file.

We can also check the external users in People and Groups

https://domain.sharepoint.com/_layouts/15/people.aspx?MembershipGroupId=0

  1. If sharing is not disabled, these users will stay in our Office tenant unless we delete them manually.
  2. Yes.
  3. If you don't want these external users to access the data in your tenant, it's recommended to delete them from both active users list and the user profiles list.
  4. There is no out of box option to achieve this.

Connect-SPOService -Url https://domain-admin.sharepoint.com -credential $credential

Get-SPOExternalUser -PageSize 50 | ft

  1. Please try deleting the external user using the following commands:

$user=Get-SPOExternalUser -Filter user_externaldomainname.onmicrosoft.com

Remove-SPOExternalUser -UniqueIDs @($user.UniqueId)

Thanks,

James

Was this answer helpful?

9 people found this answer helpful.
0 comments

Answer accepted by question author

Anonymous
2016-07-06T10:28:05+00:00

Hi Zak_cal,

  1. We should use the command like this:

Remove-MsolUser -UserPrincipalName ******@outlook.com -Force -removefromrecyclebin

user_outlook.com#EXT#@domain.onmicrosoft.com is not a valid UPN and can't be recognized in PowerShell.

  1. We can't list more than 50 items with the -pagesize parameter, the maximum value we can set is 50.

As a workaround, we can use the command below:

Get-msoluser -all | Where-Object {$_.UserPrincipalName -like "*#ext#*"} | ft -auto > d:\test\externalusers.csv

Thanks,

James

Was this answer helpful?

2 people found this answer helpful.
0 comments

4 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2016-07-07T18:35:58+00:00

    James! you are the man with all the right answers! Thank you

    Note: when using Remove-MsolUser -UserprincipalName on active users, in my case it didn't work with simplified UPN i.e. ******@domain.com, i had to plug-in full #EXT# UPN to get it to work for Active external User, however, inversely when trying to delete external user from recyclebin, full #EXT# format UPN didn't work (user not found error) and using simplified UPN ******@domain.com did work. I tried this test with at least two different external accounts. So it is a little bit confusing but gets the work done. 

    Alternatively, executing Get-MsolUser –ReturnDeletedUsers | Remove-MsolUser –RemoveFromRecycleBin –Forcewill delete all users in recyclebin including external users without any special formatting needed.

    Thanks,

    Zak

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments
  2. Anonymous
    2016-07-05T17:59:27+00:00

    Hello James, 

                        This is great, you answered all of my questions except for one.

    1. using provided method only deletes user from Active Users, but doesn't delete them from Deleted Users. When I run Get-Msoluser -returndeletedusers it lists that external user with #EXT# under deleted users. When I use Remove-MsolUser -UserPrincipalName user_outlook.com#EXT#@domain.onmicrosoft.com -Force -removefromrecyclebinit throws  this error message

    "Remove-MsolUser : User Not Found in the Microsoft Online directory Deleted Users container.  User:

    user_outlook.com#EXT#@domain.onmicrosoft.com.

    At line:1 char:1

    • Remove-MsolUser -UserPrincipalName user_outlook.com#EXT#@domain.onmicrosoft.com ... 
    •

        + CategoryInfo          : OperationStopped: (:) [Remove-MsolUser], MicrosoftOnlineException

        + FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.UserNotFoundException,Microsoft.Online.Administration.Automation

       .RemoveUser"

    However, when i try to delete an internal user from recycle bin with this exact format, it works fine. Only in case of #EXT# it throws error

    7a) I am a Global Admin

    7b) I launch respective powershell console as an Admin

    Lastly, is there a way to list more than 50 external users using this? i.e. Get-SPOExternalUser -PageSize 50 | ft because we definitely have external users in 100s, I would like to export them to CSV file.

    Thanks

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments
  3. Anonymous
    2016-07-01T10:24:41+00:00

    Hi Zak_cal,

    Does the information above answer your question?

    Regards,

    James

    Was this answer helpful?

    0 comments