Box PowerShell command to get inactive users

Answered

New post

August 12, 2022 07:45

I needed to give my operations team a way of getting the inactive users in Box. Using the reports was complicated and I had to join 2 reports to get what I needed. So I tried using the CLI and PowerShell and got to this command that extracts users into a CSV file sorted by the modified date for users who have not interacted with box for the last 120 days. I also exclude the customer's accounts as I don't want to remove customers even if they are not using the system at the moment.

As always (for me at least) getting the correct mix of brackets ((){}[]) for PowerShell took time but I like how concise it is. abc_inc is the company name I am excluding. Just thought I would share this as it took me a few hours to perfect.

(box users -a --json | ConvertFrom-Json) | Select-Object -Property id,name,login, created_at,modified_at,space_used,status, @{Name='CreatedDateTime';Expression={([Datetime] $_.created_at)}}, @{Name='ModifiedDateTime';Expression={([Datetime] $_.modified_at)}} |Sort-Object -property ModifiedDateTime | where ModifiedDateTime -lt (Get-Date).AddDays(-120) |where login -notmatch "abc_inc" | Export-Csv .\boxusers.csv -NoTypeInformation

Comments

14 comments

Official comment
Mike Grytsai

August 23, 2022 19:44
Thanks for sharing your solution.

Also, recently our team put together some CLI sample script and Report to get inactive users is there.

You can follow user guide or jump straight to the script.
Comment actions Permalink
Vince

February 22, 2023 17:55
Is there a way to get the last login? Or is the modifieddatetime the same thing?
0

Comment actions Permalink
Mike Grytsai

February 23, 2023 08:56

Edited
You can use Events API to get LOGIN event details. You can do it with CLI:
```
box events --enterprise --limit=500 --event-types=LOGIN 
```
0

Comment actions Permalink
Vince

February 23, 2023 14:29
Thanks Mike. I am using the Powershell "inactive users report" sample and with just "Login" it doesn't return any login information. In the web portal, I'm able to report and get "last login".

https://github.com/box/boxcli/blob/main/examples/Inactive%20Users%20Report/Inactive_Users_Report.ps1

Even if I mod the script to just use "$eventType = "LOGIN"" there's no login info.
0

Comment actions Permalink
Mike Grytsai

February 23, 2023 15:08
The way inactive user report works is that it returns you a list of inactive users. So you won't get a list of events as an output of your script run. If there was a login event or any other event type you specify, it will treat that user as active and won't add to the `InactiveUsers.csv` (result of script run)

If you want to get list of events, can you run below command just to ensure you see those Login events.
```
box events --enterprise --limit=500 --event-types=LOGIN
```
0

Comment actions Permalink
Vince

February 23, 2023 15:52
Hi Mike. Thanks again for the reply. I don't see a last login though. Output below (I've removed some of the info so you mostly see the fields. Looking for date of last login.

Source:
Type: user
ID: ''
Name: Vince
Login: Vince..
Created By:
Type: user
ID: ''
Name: Vince
Login: Vince.
Action By: null
Created At: '2023-02-23T'
Event ID: 24cd489b-4536
Event Type: LOGIN
IP Address:
Type: event
Session ID: null
Additional Details: null
0

Comment actions Permalink
Mike Grytsai

February 23, 2023 17:14
Understand. I'm not sure there is an endpoint to return just last login date. You can use enterprise event to figure out the latest login date (by filtering and sorting the API response)
1

Comment actions Permalink
Vince

February 23, 2023 17:57
cool! I'll look further into it
0

Comment actions Permalink
Jayesh Kamdar

March 10, 2023 16:57
Thanks Mike, this looks promising for what I need to do, that is...
- List all the inactive users
- List what has been shared with these users (collaboration report)
- Then Delete these users
So, this would be a good start. Looking at your link to the "user guide", for WIndows it says "Install the latest version of dotnet core." and then for Mac/Linux, "Install PowerShell. Run the pwsh command to test the installation." So, for Windows, I still need to install Powershell on Windows too, right?
0

Comment actions Permalink
Mike Grytsai

March 13, 2023 08:01
Hi Jayesh,

On Windows, Powershell should be already installed. you can verify it by running `pwsh`.
0

Comment actions Permalink
Jayesh Kamdar

March 15, 2023 14:28
Thanks Mike, I tried the script (ended up doing on my Mac) but I get the partial results and ends with an error(?):

PS /Users/<username>/box/scripts> ./inactive-users.ps1

Enter the number of days to look back for inactive users: 180

Looking for users inactive for more than 180 days.

Found 5180 users.

Could not get event list
0

Comment actions Permalink
Mike Grytsai

March 15, 2023 15:14
It could be due to event limit.

Currently our documentation for this script state:

Due to scale issue, CLI can't handle more than 1M events per run and as a run the Inactive Users Report will fail.

Can you please try with a shorter time range to see if that works?
0

Comment actions Permalink
Jayesh Kamdar

March 15, 2023 20:37
You were right Mike, tried 10 days and here is the result (below). Used 10 days as input. (My ultimate goal is to find inactive user who hasn't logged on in last 6 months and using 0 storage, then delete them)

Found 5202 users.

Found 99648 events in last 10 days

Enterprise has: 5 App users, 5197 regular users. With 11 admin roles, 5191 user roles.

Need to check 5186 users (regular user, with user role) for inactive.

Found 4115 users inactive for more than 10 days.

Report is available at InactiveUsers.csv
0

Comment actions Permalink
Mike Grytsai

March 16, 2023 10:14
To solve this limitation you can possibly do the following:
- Define let events
- Select shorter period
0

Comment actions Permalink

Please sign in to leave a comment.