added documetation

2026-02-27 18:52:18 +01:00 · 2025-11-03 08:12:01 +01:00
parent 8840b0e300
commit a226ca97ac
37 changed files with 8315 additions and 1481 deletions
--- a/Powershell/Lists/MyEffectory/GroupMappingsCheck.ps1
+++ b/Powershell/Lists/MyEffectory/GroupMappingsCheck.ps1
@@ -1,28 +1,63 @@
-Import-Module AzureAD
+# Import required modules for PowerShell Core compatibility
+Import-Module Microsoft.Graph.Groups
+Import-Module Microsoft.Graph.Users
+Import-Module Microsoft.Graph.Authentication
 Import-Module SqlServer

-#Connect-AzureAD
+# Authentication - uncomment as needed
+#Connect-MgGraph -Scopes "Group.Read.All", "User.Read.All", "GroupMember.Read.All"
 #Connect-AzAccount

 [string] $date = Get-Date -Format "yyyy-MM-dd HHmm"
-$filename = "c:\tmp\$date User group mappings.csv"
+$filename = ".\$date User group mappings.csv"


-Function Get-RecursiveAzureAdGroupMemberUsers{
+Function Get-RecursiveMgGroupMemberUsers{
    [cmdletbinding()]
    param(
       [parameter(Mandatory=$True,ValueFromPipeline=$true)]
-       $AzureGroup
+       $MgGroup
    )
        Begin{
-            If(-not(Get-AzureADCurrentSessionInfo)){Connect-AzureAD}
+            # Check if Microsoft Graph is connected
+            $context = Get-MgContext
+            If(-not($context)){
+                Write-Warning "Microsoft Graph not connected. Please run Connect-MgGraph first."
+                throw "Microsoft Graph connection required"
+            }
        }
        Process {
-            Write-Verbose -Message "Enumerating $($AzureGroup.DisplayName)"
-            $Members = Get-AzureADGroupMember -ObjectId $AzureGroup.ObjectId -All $true
-            $UserMembers = $Members | Where-Object{$_.ObjectType -eq 'User'}
-            If($Members | Where-Object{$_.ObjectType -eq 'Group'}){
-                $UserMembers += $Members | Where-Object{$_.ObjectType -eq 'Group'} | ForEach-Object{ Get-RecursiveAzureAdGroupMemberUsers -AzureGroup $_}
+            Write-Verbose -Message "Enumerating $($MgGroup.DisplayName)"
+            
+            # Get group members using Microsoft Graph
+            $Members = Get-MgGroupMember -GroupId $MgGroup.Id -All
+            
+            # Filter for user members and get full user details
+            $UserMembers = @()
+            $UserMemberIds = $Members | Where-Object {$_.AdditionalProperties["@odata.type"] -eq "#microsoft.graph.user"}
+            
+            foreach ($userMember in $UserMemberIds) {
+                try {
+                    $userDetails = Get-MgUser -UserId $userMember.Id -ErrorAction Stop
+                    $UserMembers += $userDetails
+                }
+                catch {
+                    Write-Warning "Could not retrieve user details for ID: $($userMember.Id)"
+                }
+            }
+            
+            # Process nested groups recursively
+            $GroupMembers = $Members | Where-Object {$_.AdditionalProperties["@odata.type"] -eq "#microsoft.graph.group"}
+            If($GroupMembers){
+                foreach ($groupMember in $GroupMembers) {
+                    try {
+                        $nestedGroup = Get-MgGroup -GroupId $groupMember.Id -ErrorAction Stop
+                        $UserMembers += Get-RecursiveMgGroupMemberUsers -MgGroup $nestedGroup
+                    }
+                    catch {
+                        Write-Warning "Could not process nested group ID: $($groupMember.Id)"
+                    }
+                }
            }
        }
        end {
@@ -33,7 +68,9 @@ Function Get-RecursiveAzureAdGroupMemberUsers{
 # Get SQL records
 Write-Host ("Get SQL records") -foreground Yellow

-$access_token = (Get-AzAccessToken -ResourceUrl https://database.windows.net).Token
+$access_token_secure = (Get-AzAccessToken -ResourceUrl https://database.windows.net).Token
+$access_token = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($access_token_secure))
+
 $signInConnectionString = "Data Source=signin-effectory.database.windows.net;Initial Catalog=SignIn;Persist Security Info=False;Encrypt=True;TrustServerCertificate=False;Application Name=CloudEngineering";
 $eceConnectionString = "Data Source=c0m7f8nybr.database.windows.net;Initial Catalog='Effectory Extranet';Persist Security Info=False;Encrypt=True;TrustServerCertificate=False;Application Name=CloudEngineering";

@@ -171,7 +208,14 @@ foreach($mapping in $mappings) {
    Write-Host ("[$itemDate] [$a/$noMappings] - Mapping '$mappingName'") -foreground Green

    #get users in mapping
-    $usersInMapping = Get-AzureADGroup -ObjectId $mapping.GroupId | Get-RecursiveAzureAdGroupMemberUsers
+    try {
+        $group = Get-MgGroup -GroupId $mapping.GroupId -ErrorAction Stop
+        $usersInMapping = Get-RecursiveMgGroupMemberUsers -MgGroup $group
+    }
+    catch {
+        Write-Warning "Could not retrieve group with ID: $($mapping.GroupId). Error: $($_.Exception.Message)"
+        continue
+    }

    #get mapping claims
    $mappingItemsInMapping = $mappingItems | Where-Object GroupId -eq $mapping.GroupId
@@ -189,7 +233,8 @@ foreach($mapping in $mappings) {
            $userMappingItem.GroupId = $mappingItem.GroupId
            $userMappingItem.GroupMappingName = $mappingItem.GroupMappingName

-            $userMappingItem.UserObjectId = $user.ObjectId
+            # Microsoft Graph user properties (property names are the same)
+            $userMappingItem.UserObjectId = $user.Id
            $userMappingItem.UserDisplayName = $user.DisplayName
            $userMappingItem.UserMail = $user.Mail
            $userMappingItem.UserUserPrincipalName = $user.UserPrincipalName