Powershell query to find users with emails containing .one attachments - azure

I'm trying to compile a powershell query which will return to me a list/file of all users who have received a .one attachment in their emails within the last 30 days, and if possible including the subject heading or date and time of the pertinent emails?
I've been trying a variety of commandlets such as Search-mailbox, New-ComplianceSearch, New-MailboxSearch, Get-Mailbox e.t.c. along with their associated parameters, but as some parameters aren't usable with other cmdlets, I'm not getting the results I need?
I'm hoping someone has an idea of how to achieve the above?
Thanks in advance.

I tried to check the scenario in powershell.
I have sent a mail attached with .one format to users in my azure ad with user type : member
Check the below commands:
#install exchange online if not already present and connect
Install-Module ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
Update-Module ExchangeOnlineManagement
Connect-ExchangeOnline
$date = (Get-Date).AddDays(-2)
$log=Search-UnifiedAuditLog -StartDate $date -EndDate (Get-Date) -RecordType ExchangeItem -Operations Receive -ObjectIds "*.one" | Select-Object AuditData
$UsersWithOneAttachments = $log | Where-Object {$_.UserType -eq "Member"} | select * | Get-Unique
# Output the list of users
$UsersWithOneAttachments | Out-File -FilePath C:\Temp\UsersWithOnenoteAttached.csv

Related

Azure - get deleted users - Using Get-AzureADUser

I'm hoping to use the updated graph powershell commands to be able to pull more information on deleted users.
I'm trying to use:
Get-AzureADUser -Filter "aad.IsDeleted eq 'True'"
but it returns the error:
The child type 'aaad.IsDeleted' in a cast was not an entitity type.
Ho do I filter for deleted accounts, if possible, so that I can also do a select to include additional parameters / attributes?
I'm hoping to be able to know when an account was deleted, a description, etc.
Moving some users to cloud only so we need to move them in AD to a container that is excluded from AD Connect. Then need to use a script to undelete them and validate licenses are still in use.
I know with
get-MsolUser -ReturnDeletedUsers
works, however I haven't been able to figure out how to return additional values / parameters / attributes.
It doesn't appear that Get-AzureADUser or Get-AzADUser have a way of filtering or returning deleted users. You can't even use -Filter as the property is not returned from the API call.
You can however workaround this slightly and call the API directly.
$result = Invoke-AzRestMethod -Uri 'https://graph.microsoft.com/beta/directory/deleteditems/microsoft.graph.user'
$jsonOutput = $result.content | ConvertFrom-Json
$jsonOutput.value | Select-Object id, displayName, mail, deletedDateTime
There are a couple of examples on github where people have written functions to assist with making those calls:
https://github.com/Azure/GuardrailsSolutionAccelerator/blob/0f3f4994c03d8e47d7d67bd790ba3b290f37560a/src/GUARDRAIL%202%20MANAGEMENT%20OF%20ADMINISTRATIVE%20PRIVILEGES/Audit/Check-DeletedAndDisabledUsers.psm1
and
https://github.com/Panzerbjrn/AzureGraphApiHelper/blob/4cd2dcd1067bdabd349b044f1760bb958d54179d/AzureGraphApiHelper/Functions/Get-AGDeletedUsers.ps1
• You can surely get all the details of the deleted Azure AD user accounts from your tenant through the below command. Also, you can use filter and attributes as shown below along with this command for sorting out specific details for a particular deleted user account: -
Command: -
Get-MsolUser -ReturnDeletedUsers -MaxResults 50 -EnabledFilter All | Export-Csv -Path C:\Users\v-kartikb\Downloads\Reatapp\delete4.csv ’
Output: -
Similarly, if you want to get any information regarding a specific user or search a user ID based on the search string, then please refer to the below commands: -
Get-MsolUser -ReturnDeletedUsers | FL UserPrincipalName,ObjectID
Get-MsolUser –ReturnDeletedUsers –SearchString <User UPN>| FLUserPrincipalName,ObjectID
Also, do ensure that you will have to sign into Microsoft Office 365 service for executing the above commands successfully by executing the below command successfully: -
Connect-MsolService
Also, you can get the details of any deleted user if you have the object ID with you by executing the below Azure AD command through powershell: -
Connect-AzureAD
Get-AzureADMSDeletedDirectoryObject -Id <ObjectID>
Output: -
Please find the below link for more details regarding the above commands: -
http://ajaxtechinc.com/question/manage-delete-users-office-365-recycle-bin/
This can be accomplished using the graph api and the Azure CLI for auth
$deletedUsers = az rest `
--method "GET" `
--url "https://graph.microsoft.com/v1.0/directory/deletedItems/microsoft.graph.user" `
--headers "Content-Type=application/json" | ConvertFrom-Json

Why does this powershell command display all mailboxes instead of some?

I have a list shared mailboxes in SharedMailboxes.csv that I would like to see their account status in Azure. However, when I run the following, I get a list of ALL users in Azure.
What am I missing?
Import-Csv C:\Temp\SharedMailboxes.csv | ForEach-Object {Get-AzureADUser -SearchString $_.SearchString | select UserPrincipalName,AccountEnabled}
Thanks mklement0, -SearchString $_.name is the code working good to fetch specific users.
I tried to repro the same issue and worked with the code -SearchString $_.name
Below command will help you in importing the users list to csv file from azure active directory
Get-AzADUser -First 10 | export-csv -Path "C:\Users\hari\source\repos\users.csv"
After this, use the below command
Import-Csv "C:\Users\hari\source\repos\users.csv" | ForEach-Object {Get-AzADUser -SearchString $_.Name | select UserPrincipalName,AccountEnabled}
To get more information on Get-AzADUser -SearchString retrieve data commands, refer this

How to retrieve Azure AD users with an alternate email address?

How do I retrieve Azure AD users with an alternate email address tin a CSV file?
I tried this but the CSV AlternateEmailAddresses column is empty.
Get-AzADUser | select AlternateEmailAddresses | export-csv azureadusers.csv
I have tested in my environment.
Please use Get-AzureADUser instead of Get-AzADUser as there continues to be a lack of properties returned when comparing "Get-AzureADUser" vs. "Get-AzADUser"
Please use the below command to export Azure AD users with alternate email address to csv file.
Get-AzureADUser |select UserPrincipalName , #{n='OtherMails'; e={$_.OtherMails -join ' '}} | export-csv azureadusers.csv
Reference : https://github.com/Azure/azure-powershell/issues/10497
AzureAD is deprecated and the command "Get-AzureADUser" should not be used when not required. It also use Azure Active Directory Scope and is also deprecated and every scopes should use Graph API.
The way you need to do your query with Az Powershell is like this :
#Get users with alternate emails:
$users = Get-AzADUser -Select "otherMails", "Mail","Id","DisplayName", "UserPrincipalName"
#Selecting users other mails:
$users | Select OtherMail
As you can see, there is alot here not making sense. Why Fetching "otherMails" when it is mapped to "OtherMail" property? MS is not even respecting his own standard...

Get all users for the Azure AD group in Azure CLI - 100 limit issue

I'm looking for a way to retrieve information about all users that belong to a particular group and store the results in CSV.
So, I use the following Azure AD command for the purpose:
Get-AzureADGroupMember -ObjectId "xxx" | get-azureaduser | Export-Csv -nti users.csv
However, the command only returns 100 users maximum.
Is there a way to return all the users that belong to a group from the CLI?
Try Get-AzureADGroupMember -ObjectId "xxx" -all $true | ...
Look at https://learn.microsoft.com/en-us/powershell/module/azuread/get-azureadgroupmember?view=azureadps-2.0 for reference
Using PowerShell, you can add the parameter -top xxx (-top 500 for example), or -all for all group members.
You can use Get-AzADUser instead!

Office365: Follow in inbox powershell

Is there a way to write PowerShell command to "Follow in inbox" to a group?
or maybe Microsoft Graph API?
I am trying through the code to implement this feature, but can't see any documentation.
In office 365 every user that joins a group can use the dropdown to select Follow in inbox or Stop following in inbox:
here an image example of follow in inbox
I dont know a possiblity to do that via Powershell. You can set it in the AdminCenter gui of Office365 in the group settings.
See here: https://learn.microsoft.com/en-us/office365/admin/create-groups/create-groups?view=o365-worldwide#how-following-group-email-works
Update:
It seems that you can do it with the Graph API: https://learn.microsoft.com/en-us/graph/api/group-update?view=graph-rest-1.0
Function "UpdateGroup" and the Setting "autoSubscribeNewMembers".
Note: This will only take effect for new members not for existing ones!
Thank you, Hannes
This is a PowerShell I wrote:
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
<#Get all Office 365 Groups that AutoSubscribeNewMembers disabled#>
$O365Groups = Get-UnifiedGroup | Where-Object{$_.AutoSubscribeNewMembers -eq $false}
<#Iterate through the Groups, enabling the AutoSubscribeNewMember#>
foreach ($group in $O365Groups)
{
Set-UnifiedGroup $group.Identity -AutoSubscribeNewMembers:$true
}
<#Close the Session#>
Remove-PSSession $Session
Works fine only for new member in the group
I was searching for the opposite command, to unsubscribe a user manually from powershell due to an external user receiving the emails for a group that were unnecessary to send externally.
Here are the powershell commands, connected to Exhange Online Powershell version 2:
View subscribers:
Get-UnifiedGroupLinks -Identity <email address> -LinkType Subscribers
Add subscribers:
Add-UnifiedGroupLinks -Identity <email address> -LinkType Subscribers -Links <comma separated list of email addresses>
Remove subscribers:
Remove-UnifiedGroupLinks -Identity <email address> -LinkType Subscribers -Links <comma separated list of email addresses>
Documentation
I have been working on some sample commands for this exact topic: Unsubscribe-FollowInInbox.ps1 (for full list of code samples)
Some samples:
#Check subscription status for ALL unified groups
Get-UnifiedGroup | Format-Table Name,*subscribe* -AutoSize
Here is PowerShell to make all "members" in to "subscribers" (aka Follow In Inbox)
##########################################
# Loop 1 - SUBSCRIBE all group members #
##########################################
#Store the team name in a variable. Change this to match your team.
#To find this for your team, use (Get-UnifiedGroup *test-team*).PrimarySmtpAddress
$teamname = "test-team#example.com"
#Find all the members of the Unified Group "test-team" and store their UserMailbox objects in a variable called "members"
$members = Get-UnifiedGroup $teamname | Get-UnifiedGroupLinks -LinkType Member
#Create a variable to keep track of how many members we have subscribed or unsubscribed
$membercount = ($members.Count)
#Loop through the list of members and add a subscriber link for each one
foreach ($member in $members)
{
#Decrement the member count
$membercount--
#Write progress to the PowerShell window
Write-Host "Adding subscriber link for user $($member.PrimarySmtpAddress), $membercount users remaining"
#Add the UnifiedGroupLink to make each user a subscriber
Add-UnifiedGroupLinks -Identity $teamname -Links $($member.PrimarySmtpAddress) -LinkType Subscriber -Confirm:$false
}

Resources