Get a list of all groups in Azure for al members with a specific company - azure-active-directory

I need just a list of all groups (just the group names and desciption, not the users) that anyone who part of Company A (field in AD) is part of the company. This is what I have, but can't get it to work right. Any help?
$UserList = #()
$FinalGroupList = #()
$UserList = Get-Recipient -Filter {Company -eq "Company"} | where-object {$_.RecipientType -eq "UserMailbox"}
foreach ($user in $UserList) {
$CurrentUserGroups = Get-AzureADUser -User $user.PrimarySmtpAddress | Get-AzureADUserMembership
foreach ($group in $CurrentUserGroups) {
if ($FinalGroupList.displayname -notcontains $group.displayname) {
$FinalGroupList = $FinalGroupList + $group
}
}
}
foreach ($FinalListItem in $FinalGroupList) {
$CSVData = New-Object psobject
$CSVData | Add-Member -MemberType NoteProperty -name DisplayName -Value $FinalListItem.DisplayName
$CSVData | Add-Member -MemberType NoteProperty -name Description -Value $FinalListItem.Description
$CSVData | export-csv c:\temp\Groups.csv -Append -NoTypeInformation
}


I have tried in my environment with below powershell commands to get the group and its description whose users are present in specific company and could successfully get the same.
#Get-AzureADUser -All $true | Select-Object -Property CompanyName, UserPrincipalName
#$companyUsers =Get-AzureADUser | ?{ $_.CompanyName -eq '<that specific company name>' }
$companyname=”SamComp” //this the specific company name I am looking for
$companyUsers =Get-AzureADUser | ?{ $_.CompanyName -eq 'SamComp' }
foreach ($user in $companyUsers) {
Get-AzureADUserMembership -ObjectId $user.ObjectId
$groups = $user | Get-AzureADUserMembership
$list | Sort-Object DisplayName -Unique | fl -GroupBy DisplayName -Property Description
$list
}
OUTPUT:
Reference: Get-AzureADUserMembership (AzureAD) | Microsoft Docs

Related

How to create an array of objects with different values for each

I'm new to programming.
I want to create an array of 4 objects with different values for each object, without overwriting the previous one.
This is my code:
$WKey = "hkcu:\Software\Microsoft\Windows\CurrentVersion\Uninstall\"
$keys = get-childitem -path hkcu:\Software\Microsoft\Windows\CurrentVersion\Uninstall\
$IN = #{}
foreach ($key in $keys.pschildname){
$name = Get-ItemPropertyValue -Path $WKey$key -name displayname
if ($name -like '*injaz*'){
$HM = #{}
$HM.Name = Get-ItemPropertyValue -Path $WKey$key -name displayname
$HM.Version = Get-ItemPropertyValue -Path $WKey$key -name displayVersion
$HM.Uninstaller = Get-ItemPropertyValue -Path $WKey$key -name UninstallString
$HM.Keyname = $key
$Objectname = New-Object PSobject -Property $HM
$IN.add($Objectname.Name,$Objectname.Version,$Objectname.Uninstaller,$Objectname.keyname)
$Objectname
$IN
}
}

You need to create a pscustom object and add the properties to it.
$WKey = "hkcu:\Software\Microsoft\Windows\CurrentVersion\Uninstall\"
$keys = get-childitem -path hkcu:\Software\Microsoft\Windows\CurrentVersion\Uninstall\
$IN = [System.Collections.ArrayList]#{}
foreach ($key in $keys.pschildname){
$name = Get-ItemPropertyValue -Path $WKey$key -name displayname
if ($name -like '*injaz*'){
#Create object
$HM = New-Object -TypeName psobject
#Add properties to object
$HM | Add-Member -MemberType NoteProperty -Name "Name" -Value $(Get-ItemPropertyValue -Path $WKey$key -name displayname)
$HM | Add-Member -MemberType NoteProperty -Name "Version" -Value $(Get-ItemPropertyValue -Path $WKey$key -name displayVersion)
#Continue with the other values
#Add object to array
$IN.Add($HM) | Out-Null
}
}

Certificate Information Exported to CSV is Empty using Different Credential

I have an array that I write certificate information into using a credential called $array_otheruser but when I try to Export-Csv, the file becomes empty.
However, it writes fine if my export line is within the $ScriptBlock. However, I want to export it out of scriptblock, is this possible?
The code below writes an empty file:
[string][ValidateNotNullOrEmpty()]$passwd = "password"
$secpasswd = ConvertTo-SecureString -String $passwd -AsPlainText -Force
$mycreds = New-Object Management.Automation.PSCredential ("username", $secpasswd)
$array_otheruser = #()
$CSVFile = "c:\temp\temp9.csv"
$Certs = Get-ChildItem Cert: -Recurse
[ScriptBlock]$ScriptBlock = {
$Certs | where {
$_.PsIsContainer -eq $false
} | ForEach-Object ({
$obj | Add-Member -MemberType NoteProperty -Name "NotAfter" -Value $_.NotAfter
$obj | Add-Member -MemberType NoteProperty -Name "NotBefore" -Value $_.NotBefore
$array_otheruser += $obj
$obj = $null
})
}
$otheruser = Invoke-Command -ScriptBlock $ScriptBlock -ComputerName $env:computername -Credential $mycreds | Wait-Job
$otheruser | Receive-Job
$array_otheruser | Export-Csv -Path $CSVFile -NoTypeInformation
The code below writes into the file (where I've put the Export-Csv inside the scriptblock):
[ScriptBlock]$ScriptBlock = {
...
$array_otheruser += $obj
$obj = $null
})
##########This is the key difference, the export line is inside the ScriptBlock
$array_otheruser | Export-Csv -Path "c:\temp\temp9.csv" -NoTypeInformation
########
}
$otheruser = Invoke-Command -ScriptBlock $ScriptBlock -ComputerName $env:computername -Credential $mycreds | Wait-Job
$otheruser | Receive-Job
I would like to know if it is possible to have the Export-Csv file line outside of the scriptblock and have the cert information contents populate as it should using a different credential.

Loading an array of one item into a WPF ListBox

I am experiencing an issue with this code where if item(s) in the array returns less than two strings, the string is display as a list.
For example if I have two clusters. The listbox would give me the option to select let's say Test-Cluster and Dev-Cluster; however, if only Test-Cluster is the only available cluster, the listbox would display each letter of the string as a different option in the list box. I can't seem to figure out why. See picture:
#event: when Environment is selected
$wpFBoxEnvironment.Add_DropDownClosed({
Disconnect-VIServer * -Confirm:$false
#empty VCenters inside form
$wpFBoxSrcVCenter.Items.Clear()
$wpFListTgtVCenters.Items.Clear()
#empty Source VMs inside form
$wpFListSrcVMs.Items.Clear()
#validate VI servers connetion and connect if session doesn't exist
$VServers = $vdiEnvironments |
Where-Object Env -like $wpFBoxEnvironment.Text
#notify use to wait for vCenter server login
Write-Host "Logging in to all $($wpFBoxEnvironment.Text) servers. Please wait..."
foreach ($VServer in $VServers) {
$sessionID = ($global:DefaultVIServers | Where-Object -FilterScript {$_.Name -like $VServer.Name}).sessionId
if ($sessionID) {
Connect-VIServer -Server $VServer.Name -Session $sessionID
} elseif ($credential) {
Connect-VIServer -Server $VServer.Name -Credential $credential
} else {
throw 'Connection Error'
}
}
$clusters = Get-Cluster | Select-Object Name, Uid
$clusters | ForEach-Object {
$_ | Add-Member -MemberType NoteProperty -Name VCName -Value $_.Uid.Split('#')[1].Split(':')[0]
}
$datastores = Get-Datastore | Select-Object -Property Name, DatastoreBrowserPath, FreeSpaceMB, CapacityMB
$datastores | ForEach-Object {
$_ | Add-Member -MemberType NoteProperty -Name VCName -Value $_.DatastoreBrowserPath.Split('\')[1].replace('#443','')
$_.FreeSpaceMB = [int]$_.FreeSpaceMB
$_.CapacityMB = [int]$_.CapacityMB
}
$portgroups = Get-VDPortgroup | Select-Object VlanConfiguration, Name, NumPorts, Uid | ? VlanConfiguration -notlike "*0-4094*"
$portgroups | ForEach-Object {
$_ | Add-Member -MemberType NoteProperty -Name VCName -Value $_.Uid.Split('#')[1].Split(':')[0]
$_.NumPorts = [int]$_.NumPorts
}
$vCenters = #()
foreach ($vCenter in $VDIEnvironments) {
#Find single clusters and padd array
if (($clusters | ? VCName -like $vCenter.Name).Count -eq 1) {
$clusters += ("-----")
}
$vCenter |
Add-Member -MemberType NoteProperty -Name TargetCluster -Value (
$clusters | ? VCName -like $vCenter.Name
)[0].Name -Force
$vCenter |
Add-Member -MemberType NoteProperty -Name Clusters -Value $(
$clusters | ? VCName -like $vCenter.Name
).Name -Force
$vCenter |
Add-Member -MemberType NoteProperty -Name TargetDatastore -Value $(
$datastores | ? VCName -like $vCenter.Name | Sort-Object -Descending FreeSpaceMB
)[0].Name -Force
$vCenter |
Add-Member -MemberType NoteProperty -Name Datastores -Value $(
$datastores | ? VCName -like $vCenter.Name
).Name -Force
$vCenter |
Add-Member -MemberType NoteProperty -Name TargetPortgroup -Value (
$portgroups | ? VCName -like $vCenter.Name | Sort-Object -Descending NumPorts
)[0].Name -Force
$vCenter |
Add-Member -MemberType NoteProperty -Name Portgroups -Value $(
$portgroups | ? VCName -like $vCenter.Name
).Name -Force
$vCenters += $vCenter
}
#fill VCenters inside form from selected Environment
$selectedVCenters = $vCenters |
Where-Object Env -like $wpFBoxEnvironment.Text |
Where-Object Datastores -ne $Null
$selectedVCenters | ForEach-Object {
$wpFBoxSrcVCenter.Items.Add($_.Name)
$wpFListTgtVCenters.Items.Add($_)
$wpFListTgtVCenters.SelectedItems.Add($_)
}
})
<GridViewColumn Header="Target Cluster"
Width="160" >
<GridViewColumn.CellTemplate>
<DataTemplate>
<ComboBox ItemsSource="{Binding 'Clusters'}"
SelectedItem="{Binding Path='TargetCluster', Mode=TwoWay}"
Width="145"
/>
</DataTemplate>
</GridViewColumn.CellTemplate>
</GridViewColumn>

I think it's because you are iterating over either an array, or in the case of a single item, a string. Try predefining your array then add (+=) to it. That way in the case of a single string it will still be an array:
Edit:
Looking at the data, it looks like you may have to explicitly convert the single string to an array by wrapping $_ in #(..) to get: #($_)
This will either convert the string into a single value array, or keep the existing array. More info: about_arrays
...
#fill VCenters inside form from selected Environment
$selectedVCenters = #()
$selectedVCenters += $vCenters |
Where-Object Env -like $wpFBoxEnvironment.Text |
Where-Object Datastores -ne $Null
$selectedVCenters | ForEach-object {
$wpFBoxSrcVCenter.Items.Add($_.Name)
$wpFListTgtVCenters.Items.Add(#($_))
$wpFListTgtVCenters.SelectedItems.Add($_)
}

Match rows from two different arrays

I'm trying to create a list of all servers in the domain and note which ones are being backed up. I'm using a Quest plugin for the AD server list and a Veeam plugin for the back up list. The arrays being created, but I'm having trouble understanding how to compare and create the final list.
# Get list of all servers in AD
if ((Get-PSSnapin -Name Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue) -eq $null) {
Add-PSSnapin Quest.ActiveRoles.ADManagement
}
$servers = get-qadcomputer -SizeLimit 0 | where {$_.OSName -match "Server"}
$arrAllServers = #()
foreach ($server in $servers) {
$singleserver = New-Object PSObject
$singleserver | Add-Member -Name "Name" -Value $x.name -MemberType NoteProperty
$arrAllServers += $singleserver
}
# Get list of servers being backed up
if ((Get-PSSnapin -Name VeeamPSSnapin -ErrorAction SilentlyContinue) -eq $null) {
Add-PSSnapin VeeamPSSnapin
}
Connect-VBRServer -Server host.foo.org -Port 9392
$allDetails = #()
$jobs = Get-VBRJob | ?{$_.JobType -eq "Backup"}
# Loop through each job adding details to array
foreach ($job in $jobs) {
$Object = Get-VBRJobObject -Job $job
$jobOptions = New-Object PSObject
$jobOptions | Add-Member -MemberType NoteProperty -Name "Name" -value $job.name
$jobOptions | Add-Member -MemberType NoteProperty -Name "Enabled" -value $job.isscheduleenabled
$jobOptions | Add-Member -MemberType NoteProperty -Name "Servers" -Value (#($Object.name) | Out-String).Trim()
$jobOptions | Add-Member -MemberType NoteProperty -Name "Backup Mode" -value $job.backuptargetoptions.algorithm
$repo = (Get-VBRBackupRepository | ?{$_.HostId -eq $job.TargetHostId -and $_.Path -eq $job.TargetDir}).name
$jobOptions | Add-Member -MemberType NoteProperty -Name "Repository" -value $repo
$allBackupDetails += $jobOptions
}
Disconnect-VBRServer
# Now match by server name and produce some output.
foreach ($lserver in $arrAllServers) {
foreach ($bserver in $allDetails) {
if($lserver.name -eq $bserver.servers) {
Write-Host $lserver.name $bserver.name
}
}
}

You create the array $allDetails and read from it, but you write the objects to $allBackupDetails
$bserver.servers is an array so you need to use -contains or -in
$bserver.servers might be "broken" because of your out-string-operation (why use it?)
$arrAllServers is wasted resources when you only want the servername.
Try:
# Load modules
if ((Get-PSSnapin -Name Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue) -eq $null) {
Add-PSSnapin Quest.ActiveRoles.ADManagement
}
if ((Get-PSSnapin -Name VeeamPSSnapin -ErrorAction SilentlyContinue) -eq $null) {
Add-PSSnapin VeeamPSSnapin
}
# Get list of all servers in AD
$servers = get-qadcomputer -SizeLimit 0 | where {$_.OSName -match "Server"} | Select-Object -ExpandProperty Name
# Get backup jobs
Connect-VBRServer -Server host.foo.org -Port 9392
$allBackupDetails = #()
$jobs = Get-VBRJob | ?{$_.JobType -eq "Backup"}
# Loop through each job adding details to array
foreach ($job in $jobs) {
$Object = Get-VBRJobObject -Job $job
$jobOptions = New-Object PSObject
$jobOptions | Add-Member -MemberType NoteProperty -Name "Name" -value $job.name
$jobOptions | Add-Member -MemberType NoteProperty -Name "Enabled" -value $job.isscheduleenabled
$jobOptions | Add-Member -MemberType NoteProperty -Name "Servers" -Value #($Object.name)
$jobOptions | Add-Member -MemberType NoteProperty -Name "Backup Mode" -value $job.backuptargetoptions.algorithm
$repo = (Get-VBRBackupRepository | ?{$_.HostId -eq $job.TargetHostId -and $_.Path -eq $job.TargetDir}).name
$jobOptions | Add-Member -MemberType NoteProperty -Name "Repository" -value $repo
$allBackupDetails += $jobOptions
}
Disconnect-VBRServer
# Now match by server name and produce some output.
foreach ($server in $servers) {
foreach ($backupDetails in $allBackupDetails) {
if($backupDetails.servers -contains $server) {
Write-Host "$server is in $($backupDetails.name)"
}
}
}

How do I send each result of Get-AdGroupMembership to my array?

I'm trying to recurse an NTFS folder structure, and output a CSV file that only displays each USER account with permissions on only the folders. Everything in the script outputs correctly EXCEPT for the portion that discovers a group and proceeds to enumerate the users in that group using Get-ADGroupMember. While debugging, I can see that each user within the group (even with nested groups) is outputted, but I guess I'm not properly "arraying" each output of the command and sending it onward to my "out" array.
I marked the section I'm having trouble with. Any help folks could provide would be very much appreciated. Thanks!
$Answer = Read-Host 'Do you wish to use an answer file? File must be named answer.csv and must reside in same directory as script. (Default is [N])'
If ($Answer -eq "y") {
$AnsFile = Import-Csv answer.csv | Select src,outdir,domain,user,pwd
$List_Dir = $AnsFile.src
$OutPath = $AnsFile.outdir
$DomainName = $AnsFile.domain
$Admin = $AnsFile.user
$Pwd = $AnsFile.pwd
}
Else {
Do {
$List_Dir = Read-Host 'Enter the directory path to be searched/recursed'
$TestList_Dir = Test-Path $List_Dir
If ($TestList_Dir -eq $True) {Write-Host "List directory checks out..."}
Else {Write-Host "Incorrect source directory. Please try again." -foregroundcolor red -backgroundcolor yellow}
}
While ($TestList_Dir -eq $False)
Do {
$OutPath = Read-Host 'Enter the directory path where the output files will be saved. Do not add a trailing slash.'
$TestOutPath = Test-Path $OutPath
If ($TestOutPath -eq $True) {Write-Host "Output path checks out..."}
Else {Write-Host "Incorrect output path. Please try again." -foregroundcolor red -backgroundcolor yellow}
}
While ($TestOutPath -eq $False)
$DomainName = Read-Host 'Enter the non-distinguished name of the Active Directory domain'
$Admin = Read-Host 'Type in an administrative account with rights to read AD Security Groups'
$Pwd = Read-Host 'Enter the adminstrative account password'
}
$Folder_Array = #()
write-host "List directory = $List_Dir"
write-host "Output path = $OutPath"
write-host "Domain = $DomainName"
write-host "Admin account = $Admin"
write-host "Password = $Pwd"
Import-Module ActiveDirectory
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$CType = [DirectoryServices.AccountManagement.ContextType]::Domain
$IDType = [DirectoryServices.AccountManagement.IdentityType]::SamAccountName
$DomainContext = New-Object DirectoryServices.AccountManagement.PrincipalContext -ArgumentList $CType, $DomainName, $Admin, $Pwd
#$pat = "^[a-zA-Z0-9_:.]+$"
$pat = "^[a-zA-Z0-9_:.\]+$]"
get-childitem $List_Dir -recurse | where-object {$_.psIsContainer -eq $true} | foreach-object {
$a = ($_.FullName)
$d = $a -match $pat
$e = (get-acl $_.FullName).Access
foreach ($e1 in $e) {
$f = $e1.FileSystemRights
$g = $e1.AccessControlType
$SecID = $e1.IdentityReference
foreach ($Sec in $SecID) {
$GroupPrincipal = [DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($DomainContext, $IDType, $Sec)
if ($GroupPrincipal -ne $null) {
$Sec = $Sec.ToString()
$Sec = $Sec.Split("\")[1]
Get-AdGroupMember $Sec -Recursive | ForEach-Object {
$User = ($_.SamAccountName)
foreach ($u in $User) {
$out = new-object psobject
$out | add-member noteproperty Path $a
$out | add-member noteproperty Unix_Safe $d
$out | Add-Member NoteProperty UserAccount $u
$out | add-member noteproperty Permission $f
$out | add-member noteproperty AccessType $g
$Folder_Array += $out
}
}
}
else {
$e2 = $Sec.ToString()
$e2 = $e2.split("\")[1]
$out = new-object psobject
$out | add-member noteproperty Path $a
$out | add-member noteproperty Unix_Safe $d
$out | Add-Member NoteProperty UserAccount $e2
$out | add-member noteproperty Permission $f
$out | add-member noteproperty AccessType $g
$Folder_Array += $out
}
}
}
}
$Folder_Array | Select Path,UserAccount,Permission,AccessType,Unix_Safe | Export-Csv "$OutPath\folderonly.csv" -NoTypeInformation

The problem isn't so much with how you're doing it, it's more of when you're doing things. Let me explain...
Get-AdGroupMember $Sec -Recursive | ForEach-Object {
$User = ($_.SamAccountName)
foreach ($u in $User) {
$e2 = $u
}
}
}
****************************************************
else {
$e2 = $Sec.ToString()
$e2 = $e2.split("\")[1]
}
}
}
$out = new-object psobject
$out | add-member noteproperty Path $a
$out | add-member noteproperty Unix_Safe $d
$out | Add-Member NoteProperty UserAccount $e2
$out | add-member noteproperty Permission $f
$out | add-member noteproperty AccessType $g
$Folder_Array += $out
Given that, if it is a group you are taking all users for the group and setting that array of users to $User, and then going through that array, and assigning each user, one at a time, to $e2. Once you're done with that you create your object, and add that object to the array for output.
Let's say that group has 3 users in it, Tom, Dick, and Harvey (Harry was busy, he sent his brother instead). So now:
$User = #("Tom","Dick","Harvey")
Then you cycle through that assigning each to $e2, which basically comes out to this (some pseudocode here):
If(is a group){
$User = Get-ADGroup |select -expand samaccountname
ForEach($u in $User){
$e2 = "Tom"
<Next item in array>
$e2 = "Dick"
<next item in array>
$e2 = "Harvey"
<No more items in array, end ForEach>
So now when it moves on to create your object $e2 = "Harvey" and Tom and Dick are just out of luck. To resolve that we have options. Either:
A) Move object creation to inside the If/Else portions of the loop, specifically to create an object every time you assign $e2, and add those objects to the output array immediately after making them.
or:
B) Make $e2 an array by changing all references to setting it to read either $e2 += $u or $e2 = ,$Sec.ToString().Split("\")[1]. And then when you create objects do that like:
ForEach($User in $e2){
$Folder_Array += [PSCustomObject][Ordered]#{
'Path' = $a
'Unix_Safe' = $d
'UserAccount' = $User
'Permission' = $f
'AccessType' = $g
}
}

Resources