-
Notifications
You must be signed in to change notification settings - Fork 61
/
Copy pathFinding_User_with_AzureAD_Admin_Roles.ps1
52 lines (40 loc) · 1.48 KB
/
Finding_User_with_AzureAD_Admin_Roles.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
Set-Location c:\
Clear-Host
#We need the cmdlets
Install-Module -Name AzureAD -AllowClobber -Force -Verbose
#Sometimes the module must be imported
Import-Module AzureAD
#Let's connect
Connect-AzureAD
#To explore the available cmdlets in the Azure AD module
Get-Command -Module AzureAD | Measure-Object
#Fetch list of all directory roles with object ID
Get-AzureADDirectoryRole
#Fetch a specific directory role by ID
$role = Get-AzureADDirectoryRole -ObjectId "6fd5c3ac-2e62-4fca-84fe-9e32ae5282f2"
#Fetch role membership for a role
Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId | Get-AzureADUser
#Lets create some variables
$roleUsers = @()
$roles=Get-AzureADDirectoryRole
#We use a loop
ForEach($role in $roles) {
$users=Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId
ForEach($user in $users) {
write-host $role.DisplayName,$user.DisplayName,$user.UsageLocation
$obj = New-Object PSCustomObject
$obj | Add-Member -type NoteProperty -name RoleName -value ""
$obj | Add-Member -type NoteProperty -name UserDisplayName -value ""
$obj | Add-Member -type NoteProperty -name UsageLocation -value ""
$obj.RoleName=$role.DisplayName
$obj.UserDisplayName=$user.DisplayName
$obj.UsageLocation=$user.UsageLocation
$roleUsers+=$obj
}
}
#We have a result
$roleUsers
#A bit more readable
$roleUsers | Sort-Object Userdisplayname | select Userdisplayname, RoleName
#Remove the session
Disconnect-AzureAD