Wednesday, April 13, 2022

Resolve “Everyone except external users” group using PnP.PowerShell

In my previous posts I showed several ways to resolve special group in Sharepoint Online "Everyone except external users" which represents all users in organization except external users:

In this post I will show how to do that with PnP.PowerShell. Simplest way which will work on most tenants is the following:

$authRealm = Get-PnPAuthenticationRealm
$everyOneExceptExternals = Get-PnPUser -Id "c:0-.f|rolemanager|spo-grid-all-users/$authRealm"

But on some tenants (e.g. old tenants) it may not work because this special group was created with different naming convention there (see link above). For such tenants we may use the following additional step:

if (!$everyOneExceptExternals) {
	$everyOneExceptExternals = Get-PnPUser | Where-Object { $_.LoginName.StartsWith("c:0-.f|rolemanager|spo-grid-all-users/") }
}

Here we try to find user which login name starts with special "c:0-.f|rolemanager|spo-grid-all-users/" prefix. This prefix is used in login name of "Everyone except external users" group. With this approach you may resolve this special group both on new and old tenants. Hope it will help someone.

No comments:

Post a Comment