Find Disabled Users in Azure AD Still Licensed Using PowerShell

Managing user licenses in Azure Active Directory (Azure AD) is a crucial aspect of maintaining an efficient and cost-effective cloud environment. However, organizations often encounter challenges when it comes to identifying disabled users who are still licensed. Disabled users with active licenses can result in unnecessary expenses and mismanagement of resources. In this article, we will explore effective methods to find disabled users in Azure AD who are still licensed, helping you optimize your license allocation and improve overall system efficiency.

Manually reviewing each user in the Azure AD Portal to identify disabled users with active licenses can be a time-consuming task, especially in larger organizations with numerous users. This process requires filtering the user list based on the “Account status” column and then manually examining each user to determine if they still possess licenses. This approach is not only time-consuming but also prone to human error.

PowerShell provides a powerful automation toolset that can significantly expedite the process of identifying disabled users with active licenses in Azure AD. Here’s how we can find disabled users with active licenses in Azure AD with a few simple commands.

Install the Azure AD PowerShell module if you haven’t already. Use the following command to install the module:

Install-Module AzureAD

Connect to your Azure AD tenant using the following command: Please make sure you have appropriate permission to get the information. In this case, the User administrator role will be sufficient to get the list of disabled users with assigned licenses.

Connect-AzureAD

Run the following commands.

Get-MgUser -Filter 'accountEnabled eq false and assignedLicenses/$count ne 0' -ConsistencyLevel eventual -CountVariable licensedUserCount -All -Select UserPrincipalName,DisplayName,AssignedLicenses | Format-Table -Property UserPrincipalName,DisplayName,AssignedLicenses
Write-Host "Found $licensedUserCount licensed and disabled users."

Identifying disabled users with active licenses in Azure AD is crucial for efficient license management and cost optimization. By leveraging PowerShell automation, you can quickly identify disabled users with active licenses, saving time and ensuring accurate license management in your Azure AD environment.