I have a list shared mailboxes in SharedMailboxes.csv that I would like to see their account status in Azure. However, when I run the following, I get a list of ALL users in Azure.
What am I missing?
Import-Csv C:\Temp\SharedMailboxes.csv | ForEach-Object {Get-AzureADUser -SearchString $_.SearchString | select UserPrincipalName,AccountEnabled}
Thanks mklement0, -SearchString $_.name is the code working good to fetch specific users.
I tried to repro the same issue and worked with the code -SearchString $_.name
Below command will help you in importing the users list to csv file from azure active directory
Get-AzADUser -First 10 | export-csv -Path "C:\Users\hari\source\repos\users.csv"
After this, use the below command
Import-Csv "C:\Users\hari\source\repos\users.csv" | ForEach-Object {Get-AzADUser -SearchString $_.Name | select UserPrincipalName,AccountEnabled}
To get more information on Get-AzADUser -SearchString retrieve data commands, refer this
Related
I'm trying to compile a powershell query which will return to me a list/file of all users who have received a .one attachment in their emails within the last 30 days, and if possible including the subject heading or date and time of the pertinent emails?
I've been trying a variety of commandlets such as Search-mailbox, New-ComplianceSearch, New-MailboxSearch, Get-Mailbox e.t.c. along with their associated parameters, but as some parameters aren't usable with other cmdlets, I'm not getting the results I need?
I'm hoping someone has an idea of how to achieve the above?
Thanks in advance.
I tried to check the scenario in powershell.
I have sent a mail attached with .one format to users in my azure ad with user type : member
Check the below commands:
#install exchange online if not already present and connect
Install-Module ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
Update-Module ExchangeOnlineManagement
Connect-ExchangeOnline
$date = (Get-Date).AddDays(-2)
$log=Search-UnifiedAuditLog -StartDate $date -EndDate (Get-Date) -RecordType ExchangeItem -Operations Receive -ObjectIds "*.one" | Select-Object AuditData
$UsersWithOneAttachments = $log | Where-Object {$_.UserType -eq "Member"} | select * | Get-Unique
# Output the list of users
$UsersWithOneAttachments | Out-File -FilePath C:\Temp\UsersWithOnenoteAttached.csv
I am looking for some guidance on combining a PowerShell script that combines the following scripts:
Connect-AzureAD
Revoke-AzureADUserAllRefreshToken -ObjectId johndoe#contoso.com
Get-AzureADUserRegisteredDevice -ObjectId johndoe#contoso.com | Set-AzureADDevice -AccountEnabled $false
What I am hoping to achieve is to combine all three cmdlets to a single script that my staff can run, where it will prompt for the user name that we wish to run the script upon. Assuming I need to add $ObjectID = Read-Host -Promptsomewhere in this script.
Thank you in advance for any advice or guidance on how to do this.
Assuming I understood your question and you just wanted a way to assemble all that together in the correct order, here it is.
# Use one or the other depending on if you want to use the username or objectID
$Username = Read-Host -Prompt
#$ObjectId = Read-Host -Prompt
Connect-AzureAD
# Use one or the other depending on if you want to use the username or objectID
$User = Get-AzureADUser -SearchString $Username
#$User = Get-AzureADUser -ObjectId $ObjectId
if ($null -ne $User) {
Revoke-AzureADUserAllRefreshToken -ObjectId $User.ObjectId
Get-AzureADUserRegisteredDevice -ObjectId $User.ObjectId | Set-AzureADDevice -AccountEnabled $false
} else {
Write-Warning "No user found with the specified criteria"
}
I am preparing the report which contains all the users access level tenant wise from the azure.
is there any one command or script to get all the users access level from Azure tenant ?
That is a little be trick: The PS library for Azure is different from the PS library for the AD. You must cross informations.
You must get all users from you AD using the command above and save as variable
$allUsers = Get-ADUsers -Filter *
Now you can navigate to all subscriptions into your tenant, all resource groups and resources and for each and every one get the IAM (who came with the objectId of the user) and cross with the variable $allUsers to identify everyone.
The sample is not the best but maybe can help you:
Connect-AzAccount
$listIAM = New-Object System.Collections.ArrayList
$listSubscriptions = Get-AzSubscription
foreach($subscription in $listSubscriptions){
Set-AzContext -SubscriptionId $subscription.SubscriptionId
# Now you have all roleAssignements for this subscription
$subscriptionIAM = Get-AzRoleAssignment -Scope /subscriptions/$subscription.SubscriptionId
$listIAM.Add($subscriptionIAM) | Out-Null
# Navigate into resource groups
$listResourceGroups = Get-AzResourceGroup
foreach($resourceGroup in $listResourceGroups){
$rgIAM = Get-AzRoleAssignment -ResourceGroupName $resourceGroup.ResourceGroupName
$listIAM.Add($rgIAM) | Out-Null
# Navigate into resources
$listResources = Get-AzResource -ResourceGroupName $resourceGroup
foreach($resource in $listResources){
$rIAM = Get-AzRoleAssignment -Scope $resouce.ResourceId
$listIAM.Add($rIAM) | Out-Null
}
}
}
You can do this in either PowerShell or the Graph API. Both methods are in preview (the graph API calls are under the beta branch).
#Get the user
$userId = (Get-AzureADUser -Filter "userPrincipalName eq 'alice#contoso.com'").ObjectId
#Get direct role assignments to the user
$directRoles = (Get-AzureADMSRoleAssignment -Filter "principalId eq '$userId'").RoleDefinitionId
Prerequisites
AzureADPreview module when using PowerShell
Microsoft.Graph module when using PowerShell
Admin consent when using Graph Explorer for Microsoft Graph API
https://learn.microsoft.com/en-us/azure/active-directory/roles/list-role-assignments-users
I'm looking for a way to retrieve information about all users that belong to a particular group and store the results in CSV.
So, I use the following Azure AD command for the purpose:
Get-AzureADGroupMember -ObjectId "xxx" | get-azureaduser | Export-Csv -nti users.csv
However, the command only returns 100 users maximum.
Is there a way to return all the users that belong to a group from the CLI?
Try Get-AzureADGroupMember -ObjectId "xxx" -all $true | ...
Look at https://learn.microsoft.com/en-us/powershell/module/azuread/get-azureadgroupmember?view=azureadps-2.0 for reference
Using PowerShell, you can add the parameter -top xxx (-top 500 for example), or -all for all group members.
You can use Get-AzADUser instead!
Im trying to list all azure ad groups where the displayname ends with "Reader"
Get-AzureRmADGroup -SearchString "Reader"
And the Microsoft example says
Example 2: Get groups by search string
This command gets all Active Directory groups that **include** Patti in the display name.
Windows PowerShell
PS C:\> Get-AzureRmADGroup -SearchString "Patti"
But my result is blank when i try to do this, what I'm i missing?
Try the command below.
Get-AzureRmADGroup | Where-Object {$_.DisplayName -like "*Reader"}
Test Result(In order to speed up the operation, use a -First 5, you can ignore it):