Query Inactive User through Graph API

Chris Tang 1 Reputation point

We are currently trying to get inactive user information via Microsoft Graph API. We have a situation where a user leaves a company and has their user account is then removed from O365. The mailbox becomes inactive due to our retention policy. We are extracting teams chat information and we need to lookup user metadata based off of the aadUser id as shown in the example below:

"from": {
"application": null,
"device": null,
"user": {
"id": "3e3fe82c-654b-11ed-9022-0242ac120002",
"displayName": "Example, User",
"userIdentityType": "aadUser",
"tenantId": "4a978ec2-654b-11ed-9022-0242ac120002"

Normally we would use https://graph.microsoft.com/v1.0/users/3e3fe82c-654b-11ed-9022-0242ac120002 but since the user is now inactive, it will return with the error "resource '3e3fe82c-654b-11ed-9022-0242ac120002' does not exist or one of its queried reference-property objects are not present.

  1. Is this expected behavior where inactive mailboxes are not present via https://graph.microsoft.com/v1.0/users?
  2. Is there an alternative way for us to look up email addresses and other metadata for inactive users by querying their aadUser id as reference?

Thank you.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,371 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Shivam Dhiman 5,951 Reputation points

    Hi @Chris Tang

    To detect inactive accounts you can use lastSignInDateTime property.

    If you are searching for a specific user by name, which enables you to evaluate the lastSignInDateTime, you can use-


    If you are looking for list of users with a lastSignInDateTime before a specified date, you can use-

    https://graph.microsoft.com/beta/users?filter=signInActivity/lastSignInDateTime le 2019-06-01T00:00:00Z  

    Documentation reference- https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-manage-inactive-user-accounts#how-to-detect-inactive-user-accounts

    Please note that APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

  2. Scotty de Zoete 0 Reputation points

    Hello there,

    I tried this

    https://graph.microsoft.com/beta/users?filter=signInActivity/lastSignInDateTime le 2021-10-20T00:00:00Z - however I receive the following:

        "error": {
            "code": "Authentication_MSGraphPermissionMissing",
            "message": "Calling principal does not have required MSGraph permissions AuditLog.Read.All",
            "innerError": {
                "date": "2023-01-19T23:59:51",
                "request-id": "31c3d656-3b50-4571-944f-df5efa59bfc0",
                "client-request-id": "31c3d656-3b50-4571-944f-df5efa59bfc0"
    However - the application has the following permissions assigned:
    Microsoft Graph (7)
    AuditLog.Read.All		Delegated	Read audit log data			    Yes	Granted for ****
    AuditLog.Read.All		Application	Read all audit log data			Yes	Granted for ****
    Directory.Read.All	    Delegated	Read directory data			    Yes	Granted for ****
    Directory.Read.All	    Application	Read directory data			    Yes	Granted for ****
    User.Read			    Delegated	Sign in and read user profile	No	Granted for ****
    User.Read.All		    Delegated	Read all users' full profiles	Yes	Granted for ****
    User.ReadBasic.All	    Delegated	Read all users' basic profiles	No	Granted for ****
    The Following work without issue:
    as does:
    0 comments No comments