Find users added to a site without a permissions group in SharePoint Site using PowerShell

Question

I have been working on a SharePoint online system which involves the invitation of external users to give them access to specific site and its content. Access to the users are controlled by custom Groups which have been already configured in the system. All external users are added to these custom groups so that their permission can be managed. This system has been in place for some time and has are many sites and subsites.

I have been tasked to create a periodic code that will check each site and make sure that no users is directly given permission to the site. Note all users should have permission from Groups.

Import-Module Microsoft.Online.Sharepoint.PowerShell -DisableNameChecking
$AdminURL = "https://<domain>-admin.sharepoint.com";
$login = <email_id>;
$pwd = <password>;
$Spwd = ConvertTo-SecureString $pwd -AsPlainText -Force;
$credentials = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $login,$Spwd;
try
{
Connect-SPOService -URL $AdminURL -Credential $credentials;
$sites = Get-SPOSite
if($sites)
{ 
$groups = Get-SPOSiteGroup -Site $site 
foreach($group in $groups)
{
Write-Host "Site url:- "$site.URL " | Group name:- " $group.Title " | Group type:- " $group.Type  "; "
}
}
}
Catch
{
Write-Host "Error: $($_.Exception.Message)"
}

The current code gives me the name of all the groups present in the site, but does not provides me the users who are added to the site without a permissions group.

Can anyone suggest how to achieve this via PowerShell or any work around to implement the system.

Thank you in advance.

Answer 1

You could use the below code to get users who are not in any groups:

Get-SPOUser -Site $site | Where  {-Not $_.Groups}