Skip to content

Commit

Permalink
Fixed bug where the $EmailOnlyGroupsOUIgnore config setting wasn't wo…
Browse files Browse the repository at this point in the history
…rking
  • Loading branch information
chrisjantzen committed Oct 26, 2023
1 parent 37357da commit 761bd27
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 7 deletions.
9 changes: 6 additions & 3 deletions User Audit.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
# Created Date: Tuesday, August 2nd 2022, 10:36:05 am
# Author: Chris Jantzen
# -----
# Last Modified: Fri Jul 21 2023
# Last Modified: Thu Oct 26 2023
# Modified By: Chris Jantzen
# -----
# Copyright (c) 2023 Sea to Sky Network Solutions
Expand All @@ -14,6 +14,7 @@
# HISTORY:
# Date By Comments
# ---------- --- ----------------------------------------------------------
# 2023-10-26 CJ Fixed bug where the $EmailOnlyGroupsOUIgnore config setting wasn't working
# 2023-03-27 CJ Improvements to Part Time and Email Only alerts
# 2023-03-27 CJ Fixed bugs in MS Graph Beta API call to get Azure Users (they changed it to not allow pulling more than 120 users at a time)
# 2023-03-24 CJ Fixed bugs in new email-only checks.
Expand Down Expand Up @@ -995,7 +996,7 @@ if ($CheckAD) {
$ADGroups = Get-ADPrincipalGroupMembership $_.Username
if ($ADGroups -and $EmailOnlyGroupsOUIgnore) {
foreach ($IgnoreOU in $EmailOnlyGroupsOUIgnore) {
$ADGroups = $ADGroups | Where-Object { $_.distinguishedName -notlike "OU=$($IgnoreOU)," }
$ADGroups = $ADGroups | Where-Object { $_.distinguishedName -notlike "*OU=$($IgnoreOU),*" }
}
}
$_.Groups = @(($ADGroups | Select-Object Name).Name)
Expand Down Expand Up @@ -2722,6 +2723,8 @@ if ($FullMatches) {
if (($EmployeeGroups | Measure-Object).Count -eq 0) {
$EmailOnlyDetails = "Not in any employee AD groups."
$EmailOnly = $true
} else {
$EmailOnlyDetails = "In the following AD groups: $($EmployeeGroups -join ", ")"
}

# If it looks email-only from the AD groups, and this is O365, lets double check if there are any office actived devices or intune devices (if so, it's not email only)
Expand Down Expand Up @@ -3019,7 +3022,7 @@ if ($FullMatches) {
# ToEnabled
$WarnObj.type = "ToEnabled"
$WarnObj.reason = "$EmailType Account Enabled. IT Glue Contact should not be 'Terminated'."
} elseif ($ContactType -notlike "Internal / Shared Mailbox" -and $ContactType -ne 'Terminated' -and $ContactType -ne 'Employee - On Leave' -and $O365Match.RecipientTypeDetails -notlike 'UserMailbox' -and $O365Match.RecipientTypeDetails -notlike 'None' -and 'ToSharedMailbox' -notin $IgnoreWarnings) {
} elseif ($ContactType -notlike "Internal / Shared Mailbox" -and $ContactType -notlike "Shared Account" -and $ContactType -ne 'Terminated' -and $ContactType -ne 'Employee - On Leave' -and $O365Match.RecipientTypeDetails -notlike 'UserMailbox' -and $O365Match.RecipientTypeDetails -notlike 'None' -and 'ToSharedMailbox' -notin $IgnoreWarnings) {
# ToSharedMailbox
$WarnObj.type = "ToSharedMailbox"
$WarnObj.reason = "$EmailType account appears to be a shared mailbox. Consider changing the IT Glue Contact type to 'Internal / Shared Mailbox'."
Expand Down
8 changes: 5 additions & 3 deletions User_Billing_Update.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
# Created Date: Tuesday, August 2nd 2022, 10:36:05 am
# Author: Chris Jantzen
# -----
# Last Modified: Fri Jul 21 2023
# Last Modified: Thu Oct 26 2023
# Modified By: Chris Jantzen
# -----
# Copyright (c) 2023 Sea to Sky Network Solutions
Expand Down Expand Up @@ -466,7 +466,7 @@ if ($UserAudit) {
$ADGroups = Get-ADPrincipalGroupMembership $_.Username
if ($ADGroups -and $EmailOnlyGroupsOUIgnore) {
foreach ($IgnoreOU in $EmailOnlyGroupsOUIgnore) {
$ADGroups = $ADGroups | Where-Object { $_.distinguishedName -notlike "OU=$($IgnoreOU)," }
$ADGroups = $ADGroups | Where-Object { $_.distinguishedName -notlike "*OU=$($IgnoreOU),*" }
}
}
$_.Groups = @(($ADGroups | Select-Object Name).Name)
Expand Down Expand Up @@ -1211,6 +1211,8 @@ if ($UserAudit) {
if (($EmployeeGroups | Measure-Object).Count -eq 0) {
$EmailOnlyDetails = "Not in any employee AD groups."
$EmailOnly = $true
} else {
$EmailOnlyDetails = "In the following AD groups: $($EmployeeGroups -join ", ")"
}

# If it looks email-only from the AD groups, and this is O365, lets double check if there are any office actived devices or intune devices (if so, it's not email only)
Expand Down Expand Up @@ -1475,7 +1477,7 @@ if ($UserAudit) {
# ToEnabled
$WarnObj.type = "ToEnabled"
$WarnObj.reason = "$EmailType Account Enabled. IT Glue Contact should not be 'Terminated'."
} elseif ($ContactType -notlike "Internal / Shared Mailbox" -and $ContactType -ne 'Terminated' -and $ContactType -ne 'Employee - On Leave' -and $O365Match.RecipientTypeDetails -notlike 'UserMailbox' -and $O365Match.RecipientTypeDetails -notlike 'None' -and 'ToSharedMailbox' -notin $IgnoreWarnings) {
} elseif ($ContactType -notlike "Internal / Shared Mailbox" -and $ContactType -notlike "Shared Account" -and $ContactType -ne 'Terminated' -and $ContactType -ne 'Employee - On Leave' -and $O365Match.RecipientTypeDetails -notlike 'UserMailbox' -and $O365Match.RecipientTypeDetails -notlike 'None' -and 'ToSharedMailbox' -notin $IgnoreWarnings) {
# ToSharedMailbox
$WarnObj.type = "ToSharedMailbox"
$WarnObj.reason = "$EmailType account appears to be a shared mailbox. Consider changing the IT Glue Contact type to 'Internal / Shared Mailbox'."
Expand Down
2 changes: 1 addition & 1 deletion currentversion.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2.18.2
2.18.3

0 comments on commit 761bd27

Please sign in to comment.