I figured it was time to bite the bullet and start converting all of my scripts from using the MSOnline V1 module to the new and shiny AzureAD 2.0 module. Since I was finding few to no posts on pulling licensed users using the new module out there on the interwebs, I figured I’d share my findings. You can get the AzureAd module quite easily from the PowerShell gallery by using the command:
|
1 |
Install-Module AzureAD |
Once you have that, you are ready to rock and roll. The following script will connect to multiple AzureAD tenants, snag all AzureAD users, determine if they have a license assigned to them, and if they do export their UPN to a custom PowerShell object with the property name of Email Address. I only did this because this is for marketing, and that’s what they wanted (they didn’t want to have to edit the export file at all). But that’s enough explanation, let’s get to the good stuff.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 |
<# .SYNOPSIS This script will: -Connect to each Azure AD domain in array -Get all licensed users UPN's -Create custom PS Object with Email Address property -Assign user UPN to Email Address property -Export to csv with append flag .PREREQUISITES For this script to work: -AzureAD Module -Appropriate Exchange Online access .NOTES Author: Scott Shelton Date: 05/02/2018 Version: 1.0 .CHANGELOG #> ########### #Variables# ########### #File Export $strOutputFile = "C:\Reports\Export.csv" #SMTP $strSMTPServer = "SMTP_Server" $strSMTPTo = "Joe Cool <joecool@peanuts.com>" $strSMTPFrom = "No-Reply <no-reply@peanuts.com>" $strSMTPBcc = "Systems Dude <systemdude@peanuts.com>" $strSMTPSubject = "Report Exported" $strSMTPBody = "The report exported to Export.csv." #O365 Credentials $arrCredentials = @("Username1", "supersecretpassword"), @("Username2", "supersecretpassword"), @("Username3", "supersecretpassword") ########### #Functions# ########### function fnConnect-AzureAD($Username,$Password) { #Encypt password for transmission to Azure AD $objSecurePassword = ConvertTo-SecureString $Password -AsPlainText -Force #Create PowerShell Credential Object $objCredential = New-Object System.Management.Automation.PSCredential $Username, $objSecurePassword #Connect to AzureAD Connect-AzureAD -Credential $objCredential } ################ #Let's Do Stuff# ################ #Loop through credential array foreach($tmpCredential in $arrCredentials) { #Connect to Azure AD Tenant fnConnect-AzureAD -Username $tmpCredential[0] -Password $tmpCredential[1] #Build array of all users in Azure AD $arrAzureADUsers = Get-AzureADUser -All $true #Loop through each Azure AD User foreach($tmpAzureADUser in $arrAzureADUsers) { #Get licenses assigned to user $tmpAzureADUserLicenses = $tmpAzureADUser.AssignedLicenses #If user has a license then... if($tmpAzureADUserLicenses.Count -ne 0) { #Create custom PowerShell object with custom properties $objProperties = @{ "Email Address" = '' } $objUserExport = New-Object -TypeName psobject -Property $objProperties $objUserExport.'Email Address' = $tmpAzureADUser.UserPrincipalName $objUserExport | Select-Object 'Email Address' | Export-Csv -NoTypeInformation -Append -Path $strOutputFile } } } Send-MailMessage -SmtpServer $strSMTPServer -To $strSMTPTo -From $strSMTPFrom -Bcc $strSMTPBcc -Subject $strSMTPSubject -Body $strSMTPBody |
Loosely based off of some of the examples found in this blog post.