From 770a2afd4ed700a1bafb13f12cf349e3a7e36dec Mon Sep 17 00:00:00 2001 From: Jurjen Ladenius Date: Wed, 22 May 2024 13:54:20 +0200 Subject: [PATCH] Added SQL user list script #100863 --- Powershell/Lists/Azure/WebApps.ps1 | 156 ++++++++++++++------------ Powershell/Lists/SQL/SQLUserCheck.ps1 | 88 +++++++++++++++ 2 files changed, 173 insertions(+), 71 deletions(-) create mode 100644 Powershell/Lists/SQL/SQLUserCheck.ps1 diff --git a/Powershell/Lists/Azure/WebApps.ps1 b/Powershell/Lists/Azure/WebApps.ps1 index 4b21885..bf380ca 100644 --- a/Powershell/Lists/Azure/WebApps.ps1 +++ b/Powershell/Lists/Azure/WebApps.ps1 @@ -41,6 +41,8 @@ class ResourceCheck { [string] $ResourceGroup = "" [string] $ResourceType = "" [string] $State = "" + [string] $ManagementGroupId = "" + [string] $ManagementGroupName = "" [string] $SubscriptionId = "" [string] $SubscriptionName = "" [string] $Tag_Team = "" @@ -64,98 +66,110 @@ Write-Host "==================================================================== Write-Host "Creating webapp resource overview." Write-Host "======================================================================================================================================================================" - $subscriptions = Get-AzSubscription | Where-Object State -eq "Enabled" - [string] $date = Get-Date -Format "yyyy-MM-dd HHmm" $fileName = ".\$date azure_webapps.csv" -# rm $fileName -foreach ($subscription in $subscriptions) +$managementGroups = Get-AzManagementGroup + +foreach ($managementGroup in $managementGroups) { Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------" + Write-Host "Management group [$($managementGroup.Name)]" - Set-AzContext -SubscriptionId $subscription.Id + $subscriptions = Get-AzManagementGroupSubscription -Group $managementGroup.Name | Where-Object State -eq "Active" - Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------" + foreach ($subscription in $subscriptions) + { + Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------" + $scope = $subscription.Id.Substring($subscription.Parent.Length, $subscription.Id.Length - $subscription.Parent.Length) + $subscriptionId = $scope.Replace("/subscriptions/", "") + Write-Host "Subscription [$($subscription.DisplayName) - $subscriptionId]" + Set-AzContext -SubscriptionId $subscriptionId | Out-Null + Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------" - $allResourceGroups = Get-AzResourceGroup - [ResourceCheck[]]$Result = @() + $allResourceGroups = Get-AzResourceGroup + [ResourceCheck[]]$Result = @() - foreach ($group in $allResourceGroups) { + foreach ($group in $allResourceGroups) { - Write-Host $group.ResourceGroupName + Write-Host $group.ResourceGroupName - $allWebApps = Get-AzWebApp -ResourceGroupName $group.ResourceGroupName - - foreach ($webApp in $allWebApps) { - - [ResourceCheck] $resourceCheck = [ResourceCheck]::new() - $resourceCheck.ResourceId = $webApp.Id - $resourceCheck.Kind = $webApp.Kind - $resourceCheck.Location = $webApp.Location - $resourceCheck.State = $webApp.State - $resourceCheck.ResourceName = $webApp.Name - $resourceCheck.ResourceGroup = $webApp.ResourceGroup - $resourceCheck.ResourceType = $webApp.Type - $resourceCheck.SubscriptionId = $subscription.Id - $resourceCheck.SubscriptionName = $subscription.Name - $resourceCheck.Tag_Team = $webApp.Tags.team - $resourceCheck.Tag_Product = $webApp.Tags.product - $resourceCheck.Tag_Environment = $webApp.Tags.environment - $resourceCheck.Tag_Data = $webApp.Tags.data - $resourceCheck.Tag_CreatedOnDate = $webApp.Tags.CreatedOnDate - $resourceCheck.Tag_Deployment = $webApp.Tags.drp_deployment - $resourceCheck.Prop_HttpsOnly = $webApp.HttpsOnly - $resourceCheck.Prop_PhpVersion = $webApp.SiteConfig.PhpVersion - $resourceCheck.Prop_RemoteDebuggingEnabled = $webApp.SiteConfig.RemoteDebuggingEnabled - $resourceCheck.Prop_MinTlsVersion = $webApp.SiteConfig.MinTlsVersion - $resourceCheck.Prop_FtpsState = $webApp.SiteConfig.FtpsState - $resourceCheck.Prop_Http20Enabled = $webApp.SiteConfig.Http20Enabled - $resourceCheck.Prop_Identity = $webApp.Identity.Type - $resourceCheck.LastDeployDate = GetDeployment -siteName $webApp.Name -resourceGroupName $group.ResourceGroupName -subscriptionId $subscription.Id - - $Result += $resourceCheck - - $allSlots = Get-AzWebAppSlot -Name $webApp.Name -ResourceGroupName $webApp.ResourceGroup - - foreach ($slotTemp in $allSlots) { - - [string] $slotName = $slotTemp.Name.Split("/")[1] - $slot = Get-AzWebAppSlot -Name $webApp.Name -ResourceGroupName $webApp.ResourceGroup -Slot $slotName + $allWebApps = Get-AzWebApp -ResourceGroupName $group.ResourceGroupName + + foreach ($webApp in $allWebApps) { [ResourceCheck] $resourceCheck = [ResourceCheck]::new() - $resourceCheck.ResourceId = $slot.Id - $resourceCheck.Kind = $slot.Kind - $resourceCheck.Location = $slot.Location - $resourceCheck.State = $slot.State - $resourceCheck.ResourceName = $slot.Name - $resourceCheck.ResourceGroup = $slot.ResourceGroup - $resourceCheck.ResourceType = $slot.Type + $resourceCheck.ResourceId = $webApp.Id + $resourceCheck.Kind = $webApp.Kind + $resourceCheck.Location = $webApp.Location + $resourceCheck.State = $webApp.State + $resourceCheck.ResourceName = $webApp.Name + $resourceCheck.ResourceGroup = $webApp.ResourceGroup + $resourceCheck.ResourceType = $webApp.Type + $resourceCheck.ManagementGroupId = $managementGroup.Id + $resourceCheck.ManagementGroupName = $managementGroup.DisplayName $resourceCheck.SubscriptionId = $subscription.Id - $resourceCheck.SubscriptionName = $subscription.Name - $resourceCheck.Tag_Team = $slot.Tags.team - $resourceCheck.Tag_Product = $slot.Tags.product - $resourceCheck.Tag_Environment = $slot.Tags.environment - $resourceCheck.Tag_Data = $slot.Tags.data - $resourceCheck.Tag_CreatedOnDate = $slot.Tags.CreatedOnDate - $resourceCheck.Tag_Deployment = $slot.Tags.drp_deployment - $resourceCheck.Prop_HttpsOnly = $slot.HttpsOnly - $resourceCheck.Prop_PhpVersion = $slot.SiteConfig.PhpVersion - $resourceCheck.Prop_RemoteDebuggingEnabled = $slot.SiteConfig.RemoteDebuggingEnabled - $resourceCheck.Prop_MinTlsVersion = $slot.SiteConfig.MinTlsVersion - $resourceCheck.Prop_FtpsState = $slot.SiteConfig.FtpsState - $resourceCheck.Prop_Http20Enabled = $slot.SiteConfig.Http20Enabled - $resourceCheck.Prop_Identity = $slot.Identity.Type - - $resourceCheck.LastDeployDate = GetDeployment -siteName $webApp.Name -resourceGroupName $group.ResourceGroupName -subscriptionId $subscription.Id -slotName $slotName + $resourceCheck.SubscriptionName = $subscription.DisplayName + $resourceCheck.Tag_Team = $webApp.Tags.team + $resourceCheck.Tag_Product = $webApp.Tags.product + $resourceCheck.Tag_Environment = $webApp.Tags.environment + $resourceCheck.Tag_Data = $webApp.Tags.data + $resourceCheck.Tag_CreatedOnDate = $webApp.Tags.CreatedOnDate + $resourceCheck.Tag_Deployment = $webApp.Tags.drp_deployment + $resourceCheck.Prop_HttpsOnly = $webApp.HttpsOnly + $resourceCheck.Prop_PhpVersion = $webApp.SiteConfig.PhpVersion + $resourceCheck.Prop_RemoteDebuggingEnabled = $webApp.SiteConfig.RemoteDebuggingEnabled + $resourceCheck.Prop_MinTlsVersion = $webApp.SiteConfig.MinTlsVersion + $resourceCheck.Prop_FtpsState = $webApp.SiteConfig.FtpsState + $resourceCheck.Prop_Http20Enabled = $webApp.SiteConfig.Http20Enabled + $resourceCheck.Prop_Identity = $webApp.Identity.Type + $resourceCheck.LastDeployDate = GetDeployment -siteName $webApp.Name -resourceGroupName $group.ResourceGroupName -subscriptionId $subscription.Id $Result += $resourceCheck + + $allSlots = Get-AzWebAppSlot -Name $webApp.Name -ResourceGroupName $webApp.ResourceGroup + + foreach ($slotTemp in $allSlots) { + + [string] $slotName = $slotTemp.Name.Split("/")[1] + $slot = Get-AzWebAppSlot -Name $webApp.Name -ResourceGroupName $webApp.ResourceGroup -Slot $slotName + + [ResourceCheck] $resourceCheck = [ResourceCheck]::new() + $resourceCheck.ResourceId = $slot.Id + $resourceCheck.Kind = $slot.Kind + $resourceCheck.Location = $slot.Location + $resourceCheck.State = $slot.State + $resourceCheck.ResourceName = $slot.Name + $resourceCheck.ResourceGroup = $slot.ResourceGroup + $resourceCheck.ResourceType = $slot.Type + $resourceCheck.ManagementGroupId = $managementGroup.Id + $resourceCheck.ManagementGroupName = $managementGroup.DisplayName + $resourceCheck.SubscriptionId = $subscription.Id + $resourceCheck.SubscriptionName = $subscription.DisplayName + $resourceCheck.Tag_Team = $slot.Tags.team + $resourceCheck.Tag_Product = $slot.Tags.product + $resourceCheck.Tag_Environment = $slot.Tags.environment + $resourceCheck.Tag_Data = $slot.Tags.data + $resourceCheck.Tag_CreatedOnDate = $slot.Tags.CreatedOnDate + $resourceCheck.Tag_Deployment = $slot.Tags.drp_deployment + $resourceCheck.Prop_HttpsOnly = $slot.HttpsOnly + $resourceCheck.Prop_PhpVersion = $slot.SiteConfig.PhpVersion + $resourceCheck.Prop_RemoteDebuggingEnabled = $slot.SiteConfig.RemoteDebuggingEnabled + $resourceCheck.Prop_MinTlsVersion = $slot.SiteConfig.MinTlsVersion + $resourceCheck.Prop_FtpsState = $slot.SiteConfig.FtpsState + $resourceCheck.Prop_Http20Enabled = $slot.SiteConfig.Http20Enabled + $resourceCheck.Prop_Identity = $slot.Identity.Type + + $resourceCheck.LastDeployDate = GetDeployment -siteName $webApp.Name -resourceGroupName $group.ResourceGroupName -subscriptionId $subscription.Id -slotName $slotName + + $Result += $resourceCheck + } } } + $Result | Export-Csv -Path $fileName -Append -NoTypeInformation } - $Result | Export-Csv -Path $fileName -Append -NoTypeInformation } Write-Host "======================================================================================================================================================================" diff --git a/Powershell/Lists/SQL/SQLUserCheck.ps1 b/Powershell/Lists/SQL/SQLUserCheck.ps1 new file mode 100644 index 0000000..1bc8efa --- /dev/null +++ b/Powershell/Lists/SQL/SQLUserCheck.ps1 @@ -0,0 +1,88 @@ +Import-Module SqlServer + +#Clear-AzContext +#Connect-AzAccount + +Write-Host "======================================================================================================================================================================" +Write-Host "Creating SQL user list." +Write-Host "======================================================================================================================================================================" + +[string] $date = Get-Date -Format "yyyy-MM-dd HHmm" +$filename = ".\$date SQL User check.csv" + + +class UserItem { + [string] $ServerName = "" + [string] $DatabaseName = "" + [string] $UserName = "" + [string] $CreateDate = "" + [string] $ModifyDate = "" + [string] $Type = "" + [string] $AuthenticationType = "" +} + +$serverList= @('c0m7f8nybr.database.windows.net','calculations.database.windows.net','effectory.database.windows.net','effectorycore.database.windows.net', 'logit-backup.database.windows.net', 'mhpfktialk.database.windows.net', 'participants.database.windows.net', 'signin-effectory.database.windows.net', 'sqlserver01prod.6a1f4aa9f43a.database.windows.net', 'teamie.database.windows.net') + +# 'sqlserver01test.164709c94fb0.database.windows.net', 'replication.database.windows.net', + +$databaseListQuery = @' +SELECT name, database_id, create_date +FROM sys.databases +order by name; +'@ + +$userListQuery = @' +select @@SERVERNAME as serverName, + DB_NAME() as databaseName, + name as username, + create_date, + modify_date, + type_desc as type, + authentication_type_desc as authentication_type +from sys.database_principals +where type not in ('A', 'G', 'R', 'X') + and sid is not null + and name != 'guest' +order by name; +'@ + +foreach ($server in $serverlist) { + + Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------" + Write-Host "Server [$server)]" + Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------" + + $access_token = (Get-AzAccessToken -ResourceUrl https://database.windows.net).Token + $connectionString = "Data Source=$server;Initial Catalog=master;Persist Security Info=False;Encrypt=True;TrustServerCertificate=False;Application Name=CloudEngineering"; + + $databases = Invoke-Sqlcmd -Query $databaseListQuery -ConnectionString $connectionString -AccessToken $access_token + + foreach ($database in $databases) { + + Write-Host "Database [$($database.name)]" + + [UserItem[]]$Result = @() + + $databaseName = $database.name + $databaseConnectionString = "Data Source=$server;Initial Catalog=$databaseName;Persist Security Info=False;Encrypt=True;TrustServerCertificate=False;Application Name=CloudEngineering"; + + $users = Invoke-Sqlcmd -Query $userListQuery -ConnectionString $databaseConnectionString -AccessToken $access_token + + foreach ($user in $users) { + [UserItem] $userItem = [UserItem]::new() + $userItem.ServerName = $server + $userItem.DatabaseName = $database.name + $userItem.UserName = $user.username + $userItem.CreateDate = $user.create_date + $userItem.ModifyDate = $user.modify_date + $userItem.Type = $user.type + $userItem.AuthenticationType = $user.authentication_type + $Result += $userItem + } + + $Result | Export-Csv -Path $fileName -Append -NoTypeInformation + } +} + +Write-Host "======================================================================================================================================================================" +Write-Host "Done." \ No newline at end of file