@12Knocksinna - Sorry if this isn't where I should be asking a question.... but

In your Teamsgroupactivityreport - the one that uses Graph, where do I get the function that you use
Get-graphdata

I can't find that function anywhere.

Thanks for all your explanations on all o365 apps and PowerShell possibilities with them. Learned a lot and trying to help you a bit.
Access token are valid for 60 minutes so if the loop is taking longer than that this on line 239 will fail:
$TeamDetails = Get-GraphData -AccessToken $Token -Uri $Uri

Solution I found was:

#Around line 121
   $Version = "V5.1"
   $TimeToRefreshToken = "50" #refresh token if the token is older than 50 minutes

#Around line 149
 #Unpack Access Token
   $token = ($tokenRequest.Content | ConvertFrom-Json).access_token
   $TokenExpiredDate = (Get-date).AddMinutes($TimeToRefreshToken)

#Around line 258
   #### Check if token is older than 50 minutes and request a refresh token ##############
        $TimeRightNow = (Get-date)
        if($TimeRightNow  -ge $TokenExpiredDate){
            $body = @{
                client_id     = $AppId
                scope         = "https://graph.microsoft.com/.default"
                client_secret = $AppSecret
                grant_type    = "client_credentials"
            }
            
            $Params = @{
                'Uri' = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"
                'Method' = 'Post'
                'Body' = $Body
                'ContentType' = 'application/x-www-form-urlencoded'
            }
            
        # Get OAuth 2.0 Token
        try{
            $Refreshtoken = Invoke-RestMethod @Params
        }
        catch{
            Write-Host "An error occurred:"
            Write-Host $_ -ForegroundColor Red
            Write-ErrorLog 'An error occurred: {Error}' -PropertyValues $_
        }
        # Unpack Access Token
        
        if ($null -ne $Refreshtoken) {
            $Token = $Refreshtoken.access_token
            Write-Host "Token Refreshed at $TimeRightNow" -ForegroundColor Red
        }
        else {Write-Host "Not refreshed Token is empty" -ForegroundColor Red}

        }
        Write-Host "Token Not Refreshed at $TimeRightNow" -ForegroundColor Green
    #### END of Check if token is older than 50 minutes and request a refresh token #######

Not sure this will help but that resolved my issues... Hope I did not mess anything. I can try to submit a merge request.

I am trying to run your script TeamsGroupsActivityReport.ps1 on a huge Teams tenant - more then 11000 teams. It will run for hours and hours, however I am having various issues and errors. Is this capable to run on a huge tenant? Thanks a lot.

I ran this and out of 10,900 plus groups that are teams enabled its reporting 3742 as not having any owners. I am not done checking but I believe over 75% of those 3742 groups do have at least 1 owner. Member and External Guest counts appear to be accurate.

Hi guys. Awesome script guys, TeamsGroupsActivityReport.ps1 works very well for our compliance policy of purging dormant and abandoned Teams. Much appreciated!

We found that the script doesn't search Private Channels for activity and can flag a Team as inactive although it's in active use.. I've read somewhere that private conversations are stored in the User mailbox so not found in compliance searches. Is it similar with chats in Private Channels, or is it simply permissions on the Channel itself ?

Wondering if this possible enhancement could be considered.

Thanks again guys!

Launching TeamsGroupsActivityReport.ps1, it can only detect the activity of teams with standard channels.
These commands can't analyze the activity of private channels.
For teams with all private channels and General channel the output isn't reliable.
Are there any commands suitable for teams with private channels?

@12Knocksinna @Swampen please give me a feedback
Regards
Alessandra

The NumberWarnings only counts warnings based on the Inbox and the SPO Document library. It should also increment based on warnings for Teams conversations.

I'm sure I'm missing something obvious, because I've not used MS Graph in PowerShell anymore, and instructions for doing that with TeamsGroupActivityREportV5.PS1 are light.

I'm getting a permissions error starting at line 164, which is the Invoke-RestMethod for the 90 day SharePoint site usage detail as well as for all the other calls after that.

I've created the Azure app. I've given it Group.Read.All, Reports.Read.All, User.Read.All, and GroupMember.Read.All, as well as admin consent for those in the tenant. I'm assuming there is some other obvious step in the app setup that I have missed.

I've updated lines 133 - 134 with the appropriate AppID, TenantID and AppSecret. If I change the app secret to be invalid, I get an error on line 147 which is the grabbing of the token.

First error with the correct data in lines 133 - 134

Checking Microsoft 365 Groups and Teams in the tenant: contoso.onmicrosoft.com
Invoke-RestMethod : The remote server returned an error: (403) Forbidden.
At C:\changed\TeamsGroupsActivityReportV5.PS1:164 char:17

• ... SPOUsage = (Invoke-RestMethod -Uri $SPOUsageReportsURI -Headers $Head ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
  • FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

First error if the AppSecret is wrong:

Checking Microsoft 365 Groups and Teams in the tenant: contoso.onmicrosoft.com
Invoke-WebRequest : {"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret is provided.\r\nTrace ID: 7e4df9ab-aad3-4239-b36a-d64aad72f900\r\nCorrelation ID: e388d8ed-e34f-480a-a8f5-8085b82c65da\r\nTimestamp: 2021-05-11
18:46:33Z","error_codes":[7000215],"timestamp":"2021-05-11 18:46:33Z","trace_id":"7e4df9ab-aad3-4239-b36a-d64aad72f900","correlation_id":"e388d8ed-e34f-480a-a8f5-8085b82c65da","error_uri":"https://login.microsoftonline.com/error?code=7000215"}
At C:\changed\TeamsGroupsActivityReportV5.PS1:147 char:17

• ... enRequest = Invoke-WebRequest -Method Post -Uri $uri -ContentType "ap ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
  • FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

When gathering sign-in data the script is choking on gathering the extra data:

Exception calling "Add" with "2" argument(s): "Item has already been added. Key in dictionary: '[email protected]'
Key being added: '[email protected]'"
At Office365UsageReport.ps1:84 char:11

•       $UserSignIns.Add([String]$U.UserPrincipalName, $LastSignInD ...
  

•       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [], MethodInvocationException
  • FullyQualifiedErrorId : ArgumentException

The variable $Mailbox is being assigned on line 14, but is never used anywhere else in the script.

Hi,
I don't get "Last SPO Activity" (-> empty), "SPO Storage Used (GB)" (-> N/A) and "Numer SPO Files" (-> 0) from any group.
I don't get any errors running the script. Already checked Graph permissions and library localization. Everything else seems to be there and correct. What could be wrong? Thanks in advance.

First of all! I love this script! it's awesome!

I've recently tried to perform an inventory of 8.000+ Groups & Teams. Just ~200 objects to scan before completion (running for almost 36 hours), my system crashed and I lost all data.

The issues is, that the scan generate the CSV-output after all scans have been completed, hence the loss of data during my scan.
It would be better to append the data of each scanned object to a csv-file before moving to the next.

Exception calling "Add" with "2" argument(s): "Item has already been added. Key in dictionary: '' Key being added: ''"
At line:51 char:34

• ... portSkus) { $SkuHashTable.Add([string]$Line.SkuId, [string]$Line.Disp ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [], MethodInvocationException
  • FullyQualifiedErrorId : ArgumentException

any idea why or is this script no longer working/supported ?

thanks!

Any ideas?

I have defined required delegated permissions and try to run the script, but getting errors:
Get-GraphData : System.Net.WebException: The remote server returned an error: (403) Forbidden.
Get-GraphData : System.Net.WebException: The remote server returned an error: (400) Bad Request.

Seems that permissions are not enough to read the API. I can access Groups through API, but not Access Reviews. I have tried to give Application Permissions but also tried with Delegated (AccessReview.ReadWrite.All and Group.Read.All).

If i understood correctly, if I use Application Permissions, I do not to give User Administrator to App? and with Delegated it also should have that role?

I am using your Graph version of removing services to try to remove Microsoft Bookings from all of our users. The script runs fine without any errors and says it removed 748 licenses but when I look at a user in 365 Admin center Bookings is still checked. Am I doing something wrong? Thanks

Hi,

As soon as this script is executed, it display the following errors:

Attempted to divide by zero.
At C:\temp\test.ps1:85 char:1

• $PercentInactive = (($Guests.Count - $Active)/$Guests.Count).toString ...

•   + CategoryInfo          : NotSpecified: (:) [], RuntimeException
    + FullyQualifiedErrorId : RuntimeException
  
  
  

Statistics

Guest Accounts 0
Active Guests 0
Audit Record found 0
Active on Email 0
InActive Guests 0
Percent inactive guests
Cannot index into a null array.
At C:\Temp\test.ps1:95 char:1

• Write-Host ("Domain with most guests {0} ({1})" -f $DomainsCount[0]. ...

•   + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : NullArray
  
  

Guests from domains

The output file containing detailed results is in c:\temp\GuestActivity.csv

This is what fixed it.
Switch ($Methods) { 'Fido2' { $MFAStatus = "Enabled"; break } 'PhoneAuthentication' { $MFAStatus = "Enabled"; break } 'AuthenticatorApp' { $MFAStatus = "Enabled"; break } 'Passwordless' { $MFAStatus = "Enabled"; break } Default { $MFAStatus = "check!"; break } } # End Switch

The script is not working for me. I think maybe the issue is here:

$Teams = $Teams | Sort DisplayName
sort: No such file or directory

I can confirm that Teams do get pulled back before the sort.

Thank you for your work
I point out that the column that should show the "Display Name" actually shows numbers.
Thanks

Hello Tony,
Careful with the usertype -eq "member" because it can be null in old tenants

Hi
I notice an "issue" here.
if the subject being searched for contains a $xx in it, the content search leaves it out and only takes all the other text around it.

This is the subject of an email I was using:
[External Email] Free and $10 Udemy coupons by Learn Viral

when the contentsearch is view, it can be seen that the subject being searched for is:
[External Email] Free and Udemy coupons by Learn Viral

This causes in accurate or new result at the end. what could be the issue here?

One thing I was missing in this awesome script, was the file count as this also indicates activity for a team or group.
I added this getting the list ItemCount and LastItemUserModifiedDate properties from the default document library using PnP.
To support different languages (and therewith different names for the default document library), I used the following to retrieve the list:

$list = Get-PnPList | Where-Object {$_.RootFolder.ServerRelativeUrl -like "$($team.SharePointDocumentsUrl.Split('/')[5])"}

It does add another module to the script and impacts performance, but the output is worth it :-)

I am curious why you don't use Set-TeamArchivedState - https://learn.microsoft.com/en-us/powershell/module/teams/set-teamarchivedstate?view=teams-ps in this script?

Think we're missing a bit of the code is all (last line).

Hi, I have the following error

All the permission in MSGRaph seems to be correct.
Regards.

Quote closing is missing. Row 168.

[datetime]$DateOldTeams = "1-Jun-2021 # After this date, Microsoft should have moved the old Teams data to the new location

Hi,

Please consider using "-format s" in all date outputs.
Doing so will make the relevant columns instantly sortable even if some rows contain No items found/No Chats

Hi @12Knocksinna ,

Thanks ! Awesome work !

I’m trying to took over your script to replace a process that was based on EWS and to cover the below needs:
– Org contacts based on a DL
– Create contacts on a specific contacts folder (not the default one)
– Create Specific contacts folder for new joiners

Things revamped: (to avoid Invoke-WebRequest)
– Using MSAL.PS to generate the Token based on a app (service principle)
– Using module Microsoft.Graph.Authentication to connect Graph
– Using module Microsoft.Graph.PersonalContacts to manage contacts and contacts folders

The issue that I’m facing is with permissions to be granted to make this all work.
Despite having granted the permissions “Contacts.ReadWrite”,”Contacts.Read” (Graph API) to the App registered and the Token seems to embed the right scopes (e.g. “Contacts.ReadWrite”,”Contacts.Read”), I’m getting Access denied while trying to manage contacts.

Here are the commands for which I’m getting the error message: “Access is denied. Check credentials and try again.”
– Get-MgUserContactFolder
– New-MgUserContactFolder
– Get-MgUserContactFolderContact
– New-MgUserContactFolderContact

I even tried the below command but it does not seems to work with service principles:
– Add-MailboxFolderPermission

Do you have an idea of what permission is missing to the app reg ?

Thanks in advance.
Cheers,
Patrick
script.txt

Hello,

When i'm running TeamsGroupsActivityReportV5.PS1 I don't have any data in last SPO Activity column. Not sure if it's expected.

Data from a test O365 Tenant.

Thank you !

Hi,

I was just looking at the "FindOldGuestUsers.ps1" script and can see that this uses the "Get-AzureADAuditSignInLogs" which is part of AzureADPreview module. The issue is that the AuditLog is limited to 30 days, so I was wondering how this script is suppose to work?

Also when you run the script you very quickly seem to get hit by MS throttling

I see the concept but in reality, this doesn't work passed 30 days, which is a little irrelevant.

when using the -14 parameter when adjusting the initial date, it brings only the report of the current date.

Good day, and thanks for the script.
I think I am running into an issue where the Token isn't refreshing a second time - it's on a tenant with 50k+ teams

After about an hour I can see it saying it refreshed the token, and then after another hour it starts returning "The remote server returned an error: (401) Unauthorized."

By limiting the number of groups it loops through to 10 I did get a successful run, so i don't think its graph permissions

Does the script handle multiple refreshes of the token in all the loops that take a long time?

Invoke-WebRequest : {"error":"unauthorized_client","error_description":"AADSTS700016:
Application with identifier '60198040-e87c-4cb9-9e52-ce651d859704' was not found in the
directory 'My Tenant ID'. This can happen if the application has not
been installed by the administrator of the tenant or consented to by any user in the tenant. You
may have sent your authentication request to the wrong tenant.\r\nTrace ID:
ef74e440-ce52-4830-8c9a-5d5a42013f00\r\nCorrelation ID:
091b1b89-9ae1-4b1c-9242-39899e611fc4\r\nTimestamp: 2021-03-12
20:10:09Z","error_codes":[700016],"timestamp":"2021-03-12 20:10:09Z","trace_id":"ef74e440-ce52-48
30-8c9a-5d5a42013f00","correlation_id":"091b1b89-9ae1-4b1c-9242-39899e611fc4","error_uri":"https:
//login.microsoftonline.com/error?code=700016"}
At C:\Users\Hanafi\Desktop\GetGraphUserStatisticsReport.PS1:27 char:17

• ... enRequest = Invoke-WebRequest -Method Post -Uri $uri -ContentType "ap ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invo
    ke-WebRequest], WebException
  • FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.Invoke
    WebRequestCommand
    ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null.
    At C:\Users\Hanafi\Desktop\GetGraphUserStatisticsReport.PS1:30 char:35
• $token = ($tokenRequest.Content | ConvertFrom-Json).access_token

•                               ~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationExc
    eption
  • FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShel
    l.Commands.ConvertFromJsonCommand

Error:
PS C:\Users..........\Office365itpros> .\ReportMFAStatusAdmins.PS1
Welcome To Microsoft Graph!
Select-MgProfile: C:\Users\tyrre\LocalRepos\PowerShellRepos\Office365itpros\ReportMFAStatusAdmins.PS1:8:18
Line |
8 | Select-MgProfile -Beta
| ~~~~~
| A parameter cannot be found that matches parameter name 'Beta'.

This is due to a typo in line 8 that should read 'Select-MgProfile Beta'

Is there a reason the $AppSecret line has single instead of double quotes?

I had an issue running the script on a machine that didn't have a folder C:\Temp.
The script ran perfectly except for saving the .csv and .html files.
Can you please add these lines to create the folder if it doesn't exist?

$path = "C:\Temp"
If(!(test-path $path))
{
New-Item -ItemType Directory -Force -Path $path | Out-Null
}

Great script at all. But I realized when a group does not have any member, the reporting line repeat all member information from previous. Therefore I needed to adjust the if-clause as follows:

If (!($Members)) { $CountOfMembers = 0 [array]$TenantMembers = @() [array]$GroupMembers = @() [array]$GuestMembers = @() [array]$OtherMembers = @() $MemberNames = "" }

$LastConversationDate is never made/populated with data, and as such will always result in "No items found"

adding $LastConversationDate = $data.NewestItemReceivedDate before Line 110 should fix this.

Thanks.

The script runs and states a file is saved to C:\Inactiveguests.csv but actually goes to C:\temp\InactiveGuests.csv

Hi. In the row 200 instead of
$SearchFilter = $SearchFilter + " AND '" + $SearchQuery + "'" }
is better to write
$SearchFilter = $SearchFilter + " AND " + $SearchQuery + "" }

I have no results with original row.

I tweaked the date and subject attributes, but when I run it I receive "No matching users found". I dig in and see "Customattribute12" but it doesn't point to anything. Am I missing something? Sorry, not an advanced script writer, so not sure if I need to add something on my end. I'm just hoping to find a script I can run to remove a calendar entry from all users calenders in my organization.

Hello,
can you help me please with this error?
I don´t know how can I fix it.
Thanks!!

I noticed that this script was only returning a handful of users, closer inspection noted that it was only the cloud-only teams users. Noted line 9 is filtering on InterpretedUserType and since out tenants were migrated from OnPrem Skype for Business, the users were Hybrid InterpretedUserType's.
So i hashed # out line 9 and added the following at line 47
"InterpretedUserType" = $user.InterpretedUserType

1. Missing AuditLog.Read.All in the scope of Connect-MgGraph
2. Missing a closing bracket in statement "ForEach ($U in $Users) {..."

I have 10K teams, i want to get report of just 100 teams. How I can achieve it?

I am able to run the report without any problems. I would like to get a unique ID (i.e. GroupID) to make sure we can use the list for a Teams bulk operation (delete / archive) . Is it possible to add this to the script?