Bug in Get-SPOExternalUser PowerShell : Not all external users are returned

Bug in Get-SPOExternalUser PowerShell : Not all external users are returned

While working on some reporting with PowerShell and Office 365, I have discovered something that might be important if you use the Get-SPOExternalUser PowerShell cmdlet to create reports on your SharePoint Online external users.

Get-SPOExternalUser PowerShell

At the end of 2017, Microsoft has released a new , simpler, and nicer way to share SharePoint Online content with your external partners, allowing them to log in with a simple pin / e-mail validation , without them needing to have a Microsoft account anymore. Users loved it, but it seems the PowerShell module hasn’t yet been updated to show those new users yet. Microsoft is already aware of this problem and they have an issue open on the GitHub site for the SharePoint Online PowerShell Module.

This is valid as of the February 2018 version of the SharePoint Online PowerShell Module and I will update this blog with the version when Microsoft fixes it or gives an official workaround . You can also check live updates directly on the issue on GitHub!

The Bug

To show you the bug, I will first invite an external user to a document in a modern SharePoint Online site called Modern Share Test, you can see the screenshot of the invite below.

Get-SPOExternalUser PowerShell

I will then navigate to outlook for this example, accept the invite and then log in to view the document shared with me. As you see in the screenshots below, I am first asked to validate by e-mail, Microsoft Sends me a PIN number, I enter it in the box, and it all works nicely. Off topic, but good job to the Microsoft people who worked on this feature as the end-user experience is amazing.

Get-SPOExternalUser PowerShell

Get-SPOExternalUser PowerShell

Now I will go to PowerShell and run a Get-SPOExternalUser on that Site Collection, and as you see below, it only returns a user, and it’s not the one we just invited!

Get-SPOExternalUser PowerShell

However, if I run an Get-SPOUser cmdlet against the same site, we can see that users added with this modern sharing option have a different login name vs our old external users. The Old naming convention was using #ext# while the new one is urn:spo:guest . In the screenshot below, you can see the accounts in a red box that use modern sharing, and the new naming convention, and the account in the green box that uses the older, Microsoft account method (or Azure B2B).

Get-SPOExternalUser PowerShell

Luckily, even if the Get-SPOExternalUser PowerShell cmdlet is not perfect anymore and only works with accounts that log in with a Microsoft account, we can still create reports using the existing cmdlets.

The Workaround

Here is a small script that I have done that uses the Get-SPOUser cmdlet to return the external users per site collection and exports them to a CSV file at the end and includes the URl so you can also do some nice filtering. There are a ton of ways to do PowerShell, and probably a ton of ways to do this, but here is a way that I have tested, and it works!

 

And here is a screenshot of the CSV, with a Filter on the URL we have talked about before!

Leave a comment and don’t forget to like the Absolute SharePoint Blog Page   on Facebook and to follow me on Twitter here  for the latest news and technical articles on SharePoint.  I am also a Pluralsight author, and you can view all the courses I created on my author page.

Follow me on Social Media and Share this article with your friends!

5/5 (5)

Please rate this

 
Comments

Hi Vlad, do you know when the feature is rolling out to all tenants? When we share a file, the external partner still needs a Microsoft Account. This is only SharePoint Online, OneDrive for Business works with the new way. Thanks.

Leave a Reply