Home > database >  Finding users missing licenses
Finding users missing licenses

Time:03-03

While looking into my allocated licenses I found a discrepancy. All of my users that have the license with the SKU "M365EDU_A3_FACULTY" should also have the license "IDENTITY_THREAT_PROTECTION_FACULTY" but i'm seeing a difference of 19 in these licenses.

In order to find these differences without sorting through the 1300 accounts manually I created the following command with some help of online resources.

get-msoluser -all | where {$_.isLicensed -eq "M365EDU_A3_FACULTY"} | ?{get-msoluser -all | where {$_.isLicensed -eq "IDENTITY_THREAT_PROTECTION_FACULTY"} -NotContains $_}

So far this command has taken up a rather large portion of my time in its execution and the results im getting are users that are not supposed to have either of those licenses.

After some digging i found that the command functions better as follows

Get-MsolUser -all | Where-Object {($_.licenses).AccountSkuId -match "M365EDU_A3_FACULTY"} | ?{Get-MsolUser -all | Where-Object {($_.licenses).AccountSkuId -match "IDENTITY_THREAT_PROTECTION_FACULTY"} -NotContains $_}

The problem is it's still taking forever to run. is there any way to simplify this?

CodePudding user response:

Your script is quite slow because you're querying all users as many times as users exist with a IDENTITY_THREAT_PROTECTION_FACULTY license.

All users returned from this expression:

Get-MsolUser -All | Where-Object { $_.Licenses.AccountSkuId -match ... } | ...

Are being piped to a new Where-Object, and, for each object from pipeline, you're querying all users over and over:

... | Where-Object { Get-MsolUser -All | Where-Object ... }

Below code could be improved if Get-MsolUser had a built-in filter, unfortunately, that's not the case. Try this one out, it should return those users which have the M365EDU_A3_FACULTY license but do not have the IDENTITY_THREAT_PROTECTION_FACULTY license.

$license1 = "M365EDU_A3_FACULTY"
$license2 = "IDENTITY_THREAT_PROTECTION_FACULTY"

$result = foreach($user in Get-MsolUser -All) {
    $licenses = $user.Licenses.AccountSkuId
    if($licenses -contains $license1 -and $licenses -notcontains $license2) {
        $user
    }
}

$result | Format-Table
  • Related