Exporting Inactive Users in SharePoint: What You Need to Know

Leave a Comment / Migration, Office 365, Other, PowerShell, SharePoint, Site Design / By

Managing users in SharePoint is a critical aspect of governance and security. Over time, user accounts may become inactive due to role changes, employee departures, or simply a lack of engagement. Exporting inactive users allows administrators to audit user activity, improve security, and optimize licensing costs. By identifying and addressing inactive accounts, organizations can maintain an efficient SharePoint environment, ensuring that only active and relevant users have access. But how do you efficiently export inactive users, and what are the best approaches? Let’s break it down.

What is Exporting Inactive Users in SharePoint?

Exporting inactive users in SharePoint refers to the process of identifying users who have not accessed SharePoint for a specified period and extracting their details for review or further action. This can be achieved using different tools, including PowerShell scripts, Microsoft 365 Admin Center, or third-party applications. The process helps IT administrators and security teams to keep track of user activity, remove redundant accounts, and optimize SharePoint’s performance and security. Regularly performing this task ensures that outdated or abandoned accounts do not pose security risks or waste valuable resources.

Why Do We Need It?
  • Security & Compliance – Security threats often come from abandoned or unused accounts that still have access to company resources. An inactive account could be compromised by malicious actors, leading to unauthorized access to sensitive data. Compliance regulations in industries such as healthcare, finance, and government require strict user management policies. Regularly identifying and removing inactive users helps ensure compliance with data security policies and prevents security vulnerabilities.
  • License Optimization – SharePoint and Microsoft 365 licenses are often billed based on active users. If an organization has numerous inactive users taking up licenses, it leads to unnecessary costs. By exporting and analyzing inactive user data, businesses can determine which licenses can be revoked or reassigned, optimizing costs and ensuring that only active users consume resources.
  • User Management & Cleanup – Over time, SharePoint environments can become cluttered with obsolete user accounts. This can lead to confusion when assigning permissions or managing access control lists. By regularly exporting inactive users, IT teams can keep the system clean and well-organized, ensuring only relevant accounts remain active and reducing administrative overhead.
  • Audit & Reporting – Organizations often need to conduct audits to monitor user activities and access patterns. Exporting inactive users provides valuable insights into usage trends, enabling IT teams to make informed decisions regarding system access and data management. This practice is particularly useful for businesses that need to meet compliance standards, such as GDPR, HIPAA, or ISO certifications.
Who Uses It?
  • SharePoint Administrators – They are responsible for managing user permissions, ensuring site security, and optimizing system performance. Regularly exporting inactive users helps them maintain an organized and efficient SharePoint environment.
  • IT Security Teams – Security teams need to identify inactive accounts to mitigate risks associated with account hijacking, unauthorized access, and data breaches. By monitoring user activity, they can proactively secure SharePoint resources.
  • HR & Compliance Officers – HR departments may need access to inactive user data for offboarding purposes, ensuring that former employees no longer have access to company systems. Compliance officers, on the other hand, must ensure that SharePoint access aligns with regulatory requirements and company policies.
  • Business Owners & License Managers – Companies that operate on a budget must monitor software and license usage to avoid unnecessary expenses. Business owners and financial teams can analyze exported data to optimize license allocation and eliminate wastage.
Applications That Use It
  • Microsoft 365 Admin Center – This platform provides built-in tools to track user activity, generate reports, and export inactive users for review. It offers an easy-to-use graphical interface for IT administrators.
  • SharePoint Online & On-Premises – Both versions of SharePoint allow administrators to check user activity logs and export inactive users manually or via automated scripts.
  • PowerShell Scripts – A powerful and flexible approach for extracting inactive user data with custom filtering and automation. PowerShell enables admins to generate detailed reports and automate periodic user audits.
  • Third-Party Audit Tools – Various enterprise solutions, such as Quest, ManageEngine, and AvePoint, offer advanced tracking and reporting capabilities for SharePoint and Microsoft 365 environments. These tools provide additional insights, real-time monitoring, and compliance management features.
Best Practices for Exporting Inactive Users
  1. Define “Inactive” Clearly – Organizations must establish a clear definition of inactivity before exporting user data. This could be based on login activity, file interactions, or last password changes. Typically, companies consider a user inactive if they haven’t logged in for 90, 180, or 365 days, depending on business policies and security requirements.
  2. Use PowerShell for Automation – Running a PowerShell script on a scheduled basis helps automate the process, reducing manual efforts and ensuring consistency in user audits. Automation also minimizes human errors and enables IT teams to generate reports on demand.
  3. Cross-Verify with Microsoft 365 Reports – Before taking any action on inactive users, it is essential to cross-check the data with Microsoft 365 usage reports or SharePoint audit logs. This ensures that users are truly inactive and not just accessing SharePoint through alternative methods, such as mobile devices or API connections.
  4. Ensure Data Privacy – When exporting user data, organizations must adhere to data protection policies. Personal information should be anonymized or protected where necessary, and access to exported reports should be restricted to authorized personnel.
  5. Take Action on Inactive Users – After identifying inactive users, businesses must decide on the next steps. This could include disabling accounts, removing access, downgrading licenses, or sending automated notifications to users requesting confirmation of their activity status.
Approaches to Exporting Inactive Users
1. Using PowerShell (Recommended for Admins)

PowerShell is a powerful tool for exporting inactive users in SharePoint. The following script retrieves users who haven’t logged in for a specified period and exports their details to a CSV file:

# Connect to SharePoint Online
Connect-MsolService

# Define inactivity period (e.g., users inactive for 90 days)
$daysInactive = 90
$cutoffDate = (Get-Date).AddDays(-$daysInactive)

# Get inactive users from Microsoft 365 Audit Logs
$inactiveUsers = Get-MsolUser | Where-Object {
    ($_.LastPasswordChangeTimestamp -lt $cutoffDate) -or ($_.LastLogonTime -lt $cutoffDate)
}

# Export to CSV
$inactiveUsers | Select-Object DisplayName, UserPrincipalName, LastLogonTime | Export-Csv -Path "InactiveUsers.csv" -NoTypeInformation

Write-Host "Export completed! Check InactiveUsers.csv"
2. Using Microsoft 365 Admin Center (For GUI-based Approach)

For administrators who prefer a graphical interface, Microsoft 365 Admin Center provides a user-friendly way to identify and export inactive users. Simply navigate to Reports > Usage, select Active Users Report, and apply filters based on login activity.

3. Using Third-Party Tools (For Advanced Automation)

Enterprise-grade tools like Quest, ManageEngine, and AvePoint provide additional functionalities such as automated user tracking, real-time alerts, and compliance auditing.

Exporting inactive users in SharePoint is an essential practice for maintaining security, compliance, and cost efficiency. Whether using PowerShell, Microsoft 365 Admin Center, or third-party tools, organizations must adopt a structured approach to ensure optimal user management. By automating this process and following best practices, businesses can enhance security, reduce costs, and improve SharePoint administration.

Useful References

Audits Connect Content Type CopyFiles CSS Flows GetAllItems Graph GULP Hillbilly Tabs Javascript jQuery Myths Node NodeJs O365 OneDrive Permissions PnP PnPJS PowerAutomate Power Automate PowerShell Pwermissions React ReactJs Recycle Rest API Rest Endpoint Send an HTTP Request to SharePoint SharePoint SharePoint List Extension SharePoint Lists SharePoint Modern SharePoint Online SharePoint Tabs ShellScript SPFX SPO Sync Tags Taxonomy Termstore Versioning VueJS

Leave a Comment

Your email address will not be published. Required fields are marked *