Last active
February 3, 2026 16:24
-
-
Save kris6673/bbbca0768ccce1e6960f6e51457987d0 to your computer and use it in GitHub Desktop.
Script to reenable the disabled guest users that were disabled
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Enable-DisabledUsers.ps1 | |
| [CmdletBinding()] | |
| param() | |
| # Configuration | |
| $CIPPClientID = '' # Your CIPP API Client ID | |
| $CIPPClientSecret = '' # Your CIPP API Client Secret | |
| $CIPPAPIUrl = '' # Your CIPP API URL | |
| $TenantID = '' # Your Tenant ID | |
| $LogPath = Join-Path -Path $PSScriptRoot -ChildPath "Enable-DisabledUsers_$(Get-Date -Format 'yyyyMMdd_HHmmss').log" | |
| # Test if the script is running in powershell core | |
| if ($PSVersionTable.PSEdition -ne 'Core') { | |
| Write-Host 'This script must be run in PowerShell Core (pwsh).' -ForegroundColor Red | |
| exit 1 | |
| } | |
| # Test if required parameters are set | |
| if ([string]::IsNullOrEmpty($CIPPClientID) -or [string]::IsNullOrEmpty($CIPPClientSecret) -or [string]::IsNullOrEmpty($CIPPAPIUrl) -or [string]::IsNullOrEmpty($TenantID)) { | |
| Write-Host 'Please set the CIPPClientID, CIPPClientSecret, CIPPAPIUrl, and TenantID variables in the script before running.' -ForegroundColor Red | |
| exit 1 | |
| } | |
| # Initialize counters | |
| $successCount = 0 | |
| $failureCount = 0 | |
| $skippedCount = 0 | |
| # Function to write log | |
| function Write-Log { | |
| param( | |
| [string]$Message, | |
| [string]$Level = 'INFO' | |
| ) | |
| $timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss' | |
| $logMessage = "[$timestamp] [$Level] $Message" | |
| Write-Host $logMessage | |
| Add-Content -Path $LogPath -Value $logMessage | |
| } | |
| # Check if CIPPAPIModule is available | |
| try { | |
| if (-not (Get-Module -Name CIPPAPIModule -ListAvailable)) { | |
| Write-Log 'CIPPAPIModule is not installed. Please install it first.' -Level 'ERROR' | |
| exit 1 | |
| } | |
| if (-not (Get-Module -Name CIPPAPIModule)) { | |
| Write-Log 'Importing CIPPAPIModule...' -Level 'INFO' | |
| Import-Module CIPPAPIModule -ErrorAction Stop | |
| } | |
| Write-Log 'CIPPAPIModule is loaded' -Level 'INFO' | |
| Write-Log 'Setting CIPP API details...' -Level 'INFO' | |
| Set-CIPPAPIDetails -CIPPClientID $CIPPClientID -CIPPClientSecret $CIPPClientSecret -CIPPAPIUrl $CIPPAPIUrl -TenantID $TenantID | |
| } catch { | |
| Write-Log "Failed to import CIPPAPIModule: $($_.Exception.Message)" -Level 'ERROR' | |
| exit 1 | |
| } | |
| # Start script | |
| Write-Log '=== Starting Enable-DisabledUsers Script ===' -Level 'INFO' | |
| Write-Log "Log Path: $LogPath" -Level 'INFO' | |
| # Get disabled users from logbook | |
| Write-Log 'Retrieving disabled user logs from CIPP. This could take a while...' -Level 'INFO' | |
| $csvData = (Get-CIPPLogs -DateFilter '20260128') + (Get-CIPPLogs -DateFilter '20260129') + (Get-CIPPLogs -DateFilter '20260130') | |
| # Filter for disabled users | |
| $disabledUsers = $csvData | Where-Object { $_.Message -like '*Disabled guest*' -and $_.API -eq 'Standards' } | |
| Write-Log "Found $($disabledUsers.Count) disabled user entries" -Level 'INFO' | |
| if ($disabledUsers.Count -eq 0) { | |
| Write-Log 'No disabled users found. Exiting.' -Level 'WARN' | |
| exit 0 | |
| } | |
| # Process each disabled user | |
| Write-Log 'Processing disabled users...' -Level 'INFO' | |
| $currentRow = 0 | |
| foreach ($row in $disabledUsers) { | |
| $currentRow++ | |
| Write-Progress -Activity 'Re-enabling disabled users' -Status "Processing $currentRow of $($disabledUsers.Count)" -PercentComplete (($currentRow / $disabledUsers.Count) * 100) | |
| $tenant = $row.Tenant | |
| $message = $row.Message | |
| # Extract UPN and UserID from Message | |
| # Message format: "Disabled guest <email> (<user-id>). Last sign-in: " | |
| $userUPN = 'N/A' | |
| if ($message -match 'Disabled guest (.+?) \(') { | |
| $userUPN = $matches[1] | |
| } | |
| # Extract UserID from Message using regex pattern for GUID in parentheses | |
| if ($message -match '\(([a-f0-9\-]{36})\)') { | |
| $userId = $matches[1] | |
| Write-Log "Processing: $userUPN | Tenant=$tenant, UserID=$userId" -Level 'INFO' | |
| try { | |
| # Call Set-CIPPSignInStatus to re-enable the user | |
| $null = Set-CIPPSignInStatus -CustomerTenantID $tenant -UserID $userId -Enable 'true' -ErrorAction Stop | |
| Write-Log "Successfully re-enabled user: $userUPN ($userId) in tenant: $tenant" -Level 'SUCCESS' | |
| $successCount++ | |
| } catch { | |
| Write-Log "Failed to re-enable user $userUPN ($userId) in tenant $tenant : $($_.Exception.Message)" -Level 'ERROR' | |
| $failureCount++ | |
| } | |
| } else { | |
| Write-Log "Could not extract UserID from message: $message" -Level 'WARN' | |
| $skippedCount++ | |
| } | |
| } | |
| Write-Progress -Activity 'Re-enabling disabled users' -Completed | |
| # Generate summary | |
| Write-Log '=== Processing Complete ===' -Level 'INFO' | |
| Write-Log "Total processed: $($disabledUsers.Count)" -Level 'INFO' | |
| Write-Log "Successfully re-enabled: $successCount" -Level 'INFO' | |
| Write-Log "Failed: $failureCount" -Level 'INFO' | |
| Write-Log "Skipped: $skippedCount" -Level 'INFO' | |
| Write-Log '=== Script Completed ===' -Level 'INFO' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment