jurjen.ladenius/Cloud-20Engineering
1
0
Fork 0
mirror of https://dev.azure.com/effectory/Survey%20Software/_git/Cloud%20Engineering synced 2026-02-27 18:52:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e93d481b0a4d1309fe54a0792ee8bbc4091aed22
Cloud-20Engineering/Powershell/Lists/GroupMappingsCheck.ps1
Jurjen Ladenius e93d481b0a Added signin group mappings check
2023-07-20 15:12:47 +02:00

217 lines
8.7 KiB
PowerShell
Raw Blame History

Import-Module AzureAD
Import-Module SqlServer
#Connect-AzureAD
#Connect-AzAccount
[string] $date = Get-Date -Format "yyyy-MM-dd HHmm"
$filename = "c:\tmp\$date User group mappings.csv"
Function Get-RecursiveAzureAdGroupMemberUsers{
[cmdletbinding()]
param(
[parameter(Mandatory=$True,ValueFromPipeline=$true)]
$AzureGroup
)
Begin{
If(-not(Get-AzureADCurrentSessionInfo)){Connect-AzureAD}
}
Process {
Write-Verbose -Message "Enumerating $($AzureGroup.DisplayName)"
$Members = Get-AzureADGroupMember -ObjectId $AzureGroup.ObjectId -All $true
$UserMembers = $Members | Where-Object{$_.ObjectType -eq 'User'}
If($Members | Where-Object{$_.ObjectType -eq 'Group'}){
$UserMembers += $Members | Where-Object{$_.ObjectType -eq 'Group'} | ForEach-Object{ Get-RecursiveAzureAdGroupMemberUsers -AzureGroup $_}
}
}
end {
Return $UserMembers
}
}
# Get SQL records
Write-Host ("Get SQL records") -foreground Yellow
$access_token = (Get-AzAccessToken -ResourceUrl https://database.windows.net).Token
$signInConnectionString = "Data Source=signin-effectory.database.windows.net;Initial Catalog=SignIn;Persist Security Info=False;Encrypt=True;TrustServerCertificate=False;Application Name=CloudEngineering";
$eceConnectionString = "Data Source=c0m7f8nybr.database.windows.net;Initial Catalog='Effectory Extranet';Persist Security Info=False;Encrypt=True;TrustServerCertificate=False;Application Name=CloudEngineering";
$mappings = Invoke-Sqlcmd -Query "select gm.GroupId, gm.[Description] as GroupMappingName from GroupMappings gm" -ConnectionString $signInConnectionString -AccessToken $access_token
$mappingClaims = Invoke-Sqlcmd -Query "select distinct gm.GroupId, gm.[Description] as GroupMappingName, gmc.ClaimType, gmc.ClaimValue from GroupMappings gm inner join GroupMappingClaims gmc on gmc.GroupMappingId = gm.GroupMappingId" -ConnectionString $signInConnectionString -AccessToken $access_token
$accounts = Invoke-Sqlcmd -Query "Select distinct a.AccountId, a.Name, a.OwnerId from portal.Account a inner join portal.Project p on p.AccountID = a.AccountID inner join portal.Survey s on p.ProjectID = s.ProjectID" -ConnectionString $eceConnectionString -AccessToken $access_token
$surveys = Invoke-Sqlcmd -Query "select s.SurveyID, s.Name from portal.Survey s" -ConnectionString $eceConnectionString -AccessToken $access_token
$owners = Invoke-Sqlcmd -Query "select o.Id as OwnerId, o.Name from portal.AccountOwner o" -ConnectionString $eceConnectionString -AccessToken $access_token
# map claims
Write-Host ("Map claims - will take a while") -foreground Yellow
class MappingItem {
[string] $GroupId = ""
[string] $GroupMappingName = ""
[string] $ClaimType = ""
[string] $ClaimValue = ""
[string] $AccountID = ""
[string] $AccountName = ""
[string] $SurveyID = ""
[string] $SurveyName = ""
[string] $OwnerId = ""
[string] $OwnerName = ""
}
[MappingItem[]]$mappingItems = @()
foreach ($mappingClaim in $mappingClaims)
{
Write-Host ("*") -foreground White -NoNewline
if ($mappingClaim.ClaimValue -like 'o.*')
{
$owner = $owners | Where-Object OwnerId -eq ([int]$mappingClaim.ClaimValue.Replace('o.',''))
[MappingItem] $mappingItem = [MappingItem]::new()
$mappingItem.GroupId = $mappingClaim.GroupId
$mappingItem.GroupMappingName = $mappingClaim.GroupMappingName
$mappingItem.ClaimType = $mappingClaim.ClaimType
$mappingItem.ClaimValue = $mappingClaim.ClaimValue
$mappingItem.OwnerId = $owner.OwnerId
$mappingItem.OwnerName = $owner.Name
$mappingItems += $mappingItem
# $ownerAccounts = $accounts | Where-Object OwnerId -eq $owner.OwnerId
# foreach ($account in $ownerAccounts)
# {
# Write-Host (".") -foreground White -NoNewline
# [MappingItem] $mappingItem = [MappingItem]::new()
# $mappingItem.GroupId = $mappingClaim.GroupId
# $mappingItem.GroupMappingName = $mappingClaim.GroupMappingName
# $mappingItem.ClaimType = $mappingClaim.ClaimType
# $mappingItem.ClaimValue = $mappingClaim.ClaimValue
# $mappingItem.OwnerId = $owner.OwnerId
# $mappingItem.OwnerName = $owner.Name
# $mappingItem.AccountID = $account.AccountID
# $mappingItem.AccountName = $account.Name
# $mappingItems += $mappingItem
# }
}
else
{
if ($mappingClaim.ClaimValue -like 'a.*')
{
$account = $accounts | Where-Object AccountID -eq ([int]$mappingClaim.ClaimValue.Replace('a.',''))
[MappingItem] $mappingItem = [MappingItem]::new()
$mappingItem.GroupId = $mappingClaim.GroupId
$mappingItem.GroupMappingName = $mappingClaim.GroupMappingName
$mappingItem.ClaimType = $mappingClaim.ClaimType
$mappingItem.ClaimValue = $mappingClaim.ClaimValue
$mappingItem.AccountID = $account.AccountID
$mappingItem.AccountName = $account.Name
$mappingItems += $mappingItem
}
else
{
if ($mappingClaim.ClaimValue -like 's.*')
{
$survey = $surveys | Where-Object SurveyID -eq ([int]$mappingClaim.ClaimValue.Replace('s.',''))
[MappingItem] $mappingItem = [MappingItem]::new()
$mappingItem.GroupId = $mappingClaim.GroupId
$mappingItem.GroupMappingName = $mappingClaim.GroupMappingName
$mappingItem.ClaimType = $mappingClaim.ClaimType
$mappingItem.ClaimValue = $mappingClaim.ClaimValue
$mappingItem.SurveyID = $survey.SurveyID
$mappingItem.SurveyName = $survey.Name
$mappingItems += $mappingItem
}
}
}
}
Write-Host ("x") -foreground White
# Create check list
Write-Host ("Create check list") -foreground Yellow
class UserMappingItem {
[string] $GroupId = ""
[string] $GroupMappingName = ""
[string] $UserObjectId = ""
[string] $UserDisplayName = ""
[string] $UserMail = ""
[string] $UserUserPrincipalName = ""
[string] $UserJobTitle = ""
[string] $UserDepartment = ""
[string] $UserUserType = ""
[string] $ClaimType = ""
[string] $ClaimValue = ""
[string] $AccountID = ""
[string] $AccountName = ""
[string] $SurveyID = ""
[string] $SurveyName = ""
[string] $OwnerId = ""
[string] $OwnerName = ""
}
[UserMappingItem[]]$userMappingItems = @()
$a=0
$noMappings = $mappings.Length
[string] $itemDate
foreach($mapping in $mappings) {
$u=0
$a++
$itemDate = Get-Date -Format "yyyy-MM-dd HHmm"
$mappingName = $mapping.GroupMappingName
Write-Host ("[$itemDate] [$a/$noMappings] - Mapping '$mappingName'") -foreground Green
#get users in mapping
$usersInMapping = Get-AzureADGroup -ObjectId $mapping.GroupId | Get-RecursiveAzureAdGroupMemberUsers
#get mapping claims
$mappingItemsInMapping = $mappingItems | Where-Object GroupId -eq $mapping.GroupId
$noUsers = $usersInMapping.Length
foreach($user in $usersInMapping) {
$u++
$itemDate = Get-Date -Format "yyyy-MM-dd HHmm"
$userName = $user.DisplayName
Write-Host ("[$itemDate] [$a/$noMappings] - Mapping '$mappingName' - [$u/$noUsers] User '$userName'") -foreground White
foreach($mappingItem in $mappingItemsInMapping) {
[UserMappingItem] $userMappingItem = [UserMappingItem]::new()
$userMappingItem.GroupId = $mappingItem.GroupId
$userMappingItem.GroupMappingName = $mappingItem.GroupMappingName
$userMappingItem.UserObjectId = $user.ObjectId
$userMappingItem.UserDisplayName = $user.DisplayName
$userMappingItem.UserMail = $user.Mail
$userMappingItem.UserUserPrincipalName = $user.UserPrincipalName
$userMappingItem.UserJobTitle = $user.JobTitle
$userMappingItem.UserDepartment = $user.Department
$userMappingItem.UserUserType = $user.UserType
$userMappingItem.ClaimType = $mappingItem.ClaimType
$userMappingItem.ClaimValue = $mappingItem.ClaimValue
$userMappingItem.AccountID = $mappingItem.AccountID
$userMappingItem.AccountName = $mappingItem.AccountName
$userMappingItem.SurveyID = $mappingItem.SurveyID
$userMappingItem.SurveyName = $mappingItem.SurveyName
$userMappingItem.OwnerId = $mappingItem.OwnerId
$userMappingItem.OwnerName = $mappingItem.OwnerName
$userMappingItems += $userMappingItem
}
$userMappingItems | Export-Csv -Path $filename -Append -NoTypeInformation
}
}
Reference in New Issue View Git Blame Copy Permalink