cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Michal
Kudo Collector
Kudo Collector

Office 365 group - remove disabled users

‎12-22-2021 11:09 AM

With the current set of connectors, I am able to build a flow that can list groups where I am the owner, list their members, and remove disabled user accounts from the group. If you would like to see such a flow, let me know. 

But, what I am missing is to list all Office 365 groups in the tenant and do the same as above using a service account with a "Groups administrator" role assigned in AzureAD. 

I have looked at LogicApp but the set of connectors for this purpose is quite similar. 

Can you give me a tip on how to list all Office 365 groups without being an owner of those?

 

Thx in advance

Mike

Message 1 of 9
637 Views
0 Kudos
8 REPLIES 8
ekarim2020
Super User
Super User

‎12-22-2021 03:55 PM

I've been able to follow the blog post below and list all AAD Groups:

2021-12-22_23-25-20.png

I managed to create a demo flow, based on a previous template I had, that lists all groups in my organisation:

2021-12-22_23-29-50.png

 

2021-12-23_00-36-18.png

The API can only return a maximum of 999 items. There may be a way to get more results, but my AAD has less than 999 groups. See: Handling Pagination with the MS Graph API in Logic Apps and Power Automate

if you need to get more than 999 items - but this is not something I have yet had to implement.

2021-12-22_23-30-43.png

I'm using  Azure Key Vault to keep API keys and other secrets secure. For testing you will need to paste in the secret for the HTTP action.

 

The TenantID

https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview

2021-12-22_23-49-29.png

Client ID (Application ID):

2021-12-22_23-44-24.png

Hope this helps.


Ellis
____________________________________
If I have answered your question, please mark the post as Solved.
If you like my response, please give it a Thumbs Up.

Message 2 of 9
607 Views
0 Kudos
Michal
Kudo Collector
Kudo Collector

‎12-24-2021 12:45 AM

Thank you @ekarim2020 for a very detailed response. 

This looks like a way to go. 

I can see that using Graph API I can list groups (https://graph.microsoft.com/v1.0/groups?$filter/groupTypes eq 'unified'), list their owners and members, and even remove members.

This way all I need from PowerAutomate or Logic App is to check if the user/member is enabled or not using Get user profile (V2) from Office 365 Users connector. And even the last part can be replaced with Graph API. 

Message 3 of 9
590 Views
0 Kudos
ekarim2020
Super User
Super User
In response to Michal

‎12-24-2021 02:09 AM

I prefer to use the available connectors and actions where possible. If these can't do what I need or it's going to be a lot more work and complexity that can be avoided, I'll look at using Graph API calls.

 

There is also the following Office 365 Groups action:

2021-12-24_09-59-02.png

This returns a maximum of 100 items.  Using a graph API call with HTTP action has so far provided what I need.

 

Ellis

Message 4 of 9
588 Views
metrognome
Frequent Visitor

‎02-14-2022 08:06 AM

I am actually on the lookout for a flow that will run a check on the members' mailtips and highlight those that are disabled for me ot remove/delete. 

IF you have anything like this, would be interested to read.

Message 5 of 9
541 Views
0 Kudos
ekarim2020
Super User
Super User
In response to metrognome

‎02-14-2022 10:43 AM

Sorry, I didn't understand sentence about mailtips:

@metrognome wrote:

I am actually on the lookout for a flow that will run a check on the members' mailtips and highlight those that are disabled for me ot remove/delete. 

IF you have anything like this, would be interested to read.

Ellis

Message 6 of 9
538 Views
0 Kudos
ekarim2020
Super User
Super User
In response to metrognome

‎02-14-2022 10:43 AM

Sorry, I didn't understand sentence about mailtips:

@metrognome wrote:

I am actually on the lookout for a flow that will run a check on the members' mailtips and highlight those that are disabled for me ot remove/delete. 

IF you have anything like this, would be interested to read.

Ellis

Message 7 of 9
538 Views
0 Kudos
metrognome
Frequent Visitor
In response to ekarim2020

‎02-14-2022 10:51 AM

Mailtips is basically one option of the Outlook/O365 connector and basically mailtip returns either the out of office of a user or a warning that the mailbox is no longer operational (discontinued, deleted or full).

It is a "quick and dirty" shortcut to check for an accounts's status and (especially in flows) bypass people when their out of office is active.

Message 8 of 9
533 Views
ekarim2020
Super User
Super User
In response to metrognome

‎02-14-2022 11:36 AM

See if the following post helps:

Determine users out of office status based on mailtips - Automatic Replies on or not

https://powerusers.microsoft.com/t5/Building-Flows/Determine-users-out-of-office-status-based-on-mai...

 

And the following extract from a flow:

Snag_160684f.png

 

Also, the Search for users can return the account enabled status for each account:

Snag_1632f4e.png

Ellis

Message 9 of 9
527 Views

Helpful resources

Announcements
Power Automate News & Announcements

Power Automate News & Announcements

Keep up to date with current events and community announcements in the Power Automate community.

Community Calls Conversations

Community Calls Conversations

A great place where you can stay up to date with community calls and interact with the speakers.

Power Automate Community Blog

Power Automate Community Blog

Check out the latest Community Blog from the community!

View All
Top Solution Authors
View All
Users online (6,840)