User Management in Yammer – How to Audit Users

Nowadays every company is using Yammer to have social interactive platform. It is a feature, which comes along with Office 365 plan that is enabled by default. It unites user’s content, conversation, as well as business data in single location. It helps various co-workers working in company to stay connected with their team members. It can be accessed anywhere and anytime. The admin can check who has accessed its network of Yammer by using PowerShell 3.0 script for determining that the active users in Yammer are disable or does not exist AD DS (Active Directory Domain Services). In the following session, we will discuss the Yammer user status (user account’s state), need, and perform Yammer Audit Trail i.e how to audit users in Yammer (User management in Yammer).

Yammer User Status – Account State of Users

Before performing user management in Yammer or auditing the users, it is important to have proper understanding of various states that can be applied in Yammer as mentioned below:

  • Pending: When the user invited to join Yammer but its account is not activated yet.
  • Active: When users are able to sign in to interact with Yammer, Then, it is the active state.
  • Suspended: It is users cannot login to Yammer until their account is activated again. The deactivated account is displayed as Former member in Yammer. They can again become active users by using one of the following ways:
    1. SSO- enabled Networks: The Yammer account will be active again if the SSO identity provider grants the access to user.
    2. Non- SSO Networks: When a user tries to send an activation mail message. The mail contains a link, if it is opened then, account is activated again.
    Note: Suspended account will automatically delete after 90 days via Yammer system.
  • Deleted: If the account is deleted, then users have to create the account to access it again. Deleted account does not have any old relationships restored.
    Important: Do not delete the Yammer account instead, deactivate it. The deactivated account can be reversed but deletion is permanent.

Need of User Management in Yammer – Why to Audit Users?

Some conditions are being discussed that helps to have the proper understanding about the requirement of User management in Yammer. Yammer directory sync tool helps in maintain the Yammer network of an organization but there are some conditions as mentioned in which there is a requirement to audit users in Yammer.

Condition 1: Before updation to Enterprise level, Active users existed
There are some users, who utilize free Yammer Basic Network before their company has upgraded to Yammer Enterprise Network and begin to utilize Yammer directory sync. If all those users left their organization, then their accounts should not exist in AD DS. Then, the Yammer Directory sync cannot suspend them. When the user is blocked via SSO identity provider then, active Yammer account cannot access Yammer website. However, users still have the access via mobile app. The access of Yammer is only cancelled if user’s account is deleted or deactivated.

Condition 2: Sync does not run regularly
Yammer Directory sync runs on the regular schedule. However, if a user shuts down while sync, then the process will not run. It is possible that some of the accounts will be disabled from AD DS.

Condition 3: Specific LDAP Query
After initial installation, LDAP query includes all the users in AD DS. When the admin changes the query then, Yammer Directory Sync monitors set of various accounts of AD DS, which fall within the LDAP query filter.

Pre-requisites

Before starting the Yammer auditing process, it is important to keep the things in mind.

  • Network admin should be there to utilize bulk export feature.
  • Verified Admin should be there for usage of bulk update feature.

User Management in Yammer – How to Audit Users in Yammer

Firstly, users need to make an input file for the utilization of audit script. The input file is the .csv file, which is created while running the User Export function of Yammer. Then, run the audit script that inspects only those accounts, which are active in state column. Audit script does the following while running.

  • Get the account of a user from the input file.
  • Search for the specific account from AD DS service list. The script uses the email id of user in Yammer and queries AD DS for finding the match based upon email address of AD DS.
  • Then, it moves to another user account if it finds match in at least one enabled user account of AD DS services.
  • Write rows at output file and then the procedure starts for the next account of user if there is no match being specified.

Note: The script will take a lot of time if there are 100, 000, or more users in a network.

Script for Finding Inactive Users

Follow the following steps as mentioned below to find the inactive users.

  • Copy and paste the mentioned code in the text editor and save it as ActiveAccountAudit.ps1
    4
  • Now, find the $ADServices variable, it will list all the sample domains. Replace all these sample domains with your own domain address.
  • Now replace two websites via the accounts that should be ignored and cannot be identified.
  • Save it and close the file.
  • Click on start → programs → administrative tools → Windows PowerShell Modules.
  • Type the following at command prompt.
    10
  • The mentioned files are created in folder where .csv file is saved:
    1. Results_[datestamp].csv
    2. log_[datestamp].csv
    3. error_[datestamp].csv

Suspend User Account

The bulk updation operation can be easily executed only by verified Administrator. Now, the follow the following steps:

  • Open the results .csv file.
  • Copy and paste the list of user email id into new Excel workbook.
  • Select Admin → user management at left pane.
    5
  • Select bulk update users in the invite users page
    6
  • At bulk update users page, follow the instructions for the addition for the required headers. You can create action column for every account in list and type suspend.
    7
  • Store the file as .csv file.
  • Select browser on bulk update users page.
    8
  • Select the file, which is stored in above step and select open.
  • Select bulk update.
    9
  • Conclusion

    Auditing users account is quite common in every almost every organization as it provides a way of data security to them. In the above discussion, proper way to perform user management in Yammer or in other words, audit users in Yammer is described. It helps them, to perform and understand properly about the Yammer auditing in systematic manner.