vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

format: Line breaks

Browse Source
This commit is contained in:
DrIOS
2024-12-30 13:45:28 -06:00
parent bd9978a494
commit a0b524104d
1 changed files with 2 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
source/Private/Get-AdminRoleUserAndAssignment.ps1
View File

@@ -1,27 +1,20 @@
function Get-AdminRoleUserAndAssignment { function Get-AdminRoleUserAndAssignment {
[CmdletBinding()] [CmdletBinding()]
param () param ()
$result = @{} $result = @{}
# Get the DisplayNames of all admin roles # Get the DisplayNames of all admin roles
$adminRoleNames = (Get-MgDirectoryRole | Where-Object { $null -ne $_.RoleTemplateId }).DisplayName $adminRoleNames = (Get-MgDirectoryRole | Where-Object { $null -ne $_.RoleTemplateId }).DisplayName
# Get Admin Roles # Get Admin Roles
$adminRoles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { ($adminRoleNames -contains $_.DisplayName) -and ($_.DisplayName -ne "Directory Synchronization Accounts") } $adminRoles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { ($adminRoleNames -contains $_.DisplayName) -and ($_.DisplayName -ne 'Directory Synchronization Accounts') }
foreach ($role in $adminRoles) { foreach ($role in $adminRoles) {
Write-Verbose "Processing role: $($role.DisplayName)" Write-Verbose "Processing role: $($role.DisplayName)"
$roleAssignments = Get-MgRoleManagementDirectoryRoleAssignment -Filter "roleDefinitionId eq '$($role.Id)'" $roleAssignments = Get-MgRoleManagementDirectoryRoleAssignment -Filter "roleDefinitionId eq '$($role.Id)'"
foreach ($assignment in $roleAssignments) { foreach ($assignment in $roleAssignments) {
Write-Verbose "Processing role assignment for principal ID: $($assignment.PrincipalId)" Write-Verbose "Processing role assignment for principal ID: $($assignment.PrincipalId)"
$userDetails = Get-MgUser -UserId $assignment.PrincipalId -Property "DisplayName, UserPrincipalName, Id, OnPremisesSyncEnabled" -ErrorAction SilentlyContinue $userDetails = Get-MgUser -UserId $assignment.PrincipalId -Property 'DisplayName, UserPrincipalName, Id, OnPremisesSyncEnabled' -ErrorAction SilentlyContinue
if ($userDetails) { if ($userDetails) {
Write-Verbose "Retrieved user details for: $($userDetails.UserPrincipalName)" Write-Verbose "Retrieved user details for: $($userDetails.UserPrincipalName)"
$licenses = Get-MgUserLicenseDetail -UserId $assignment.PrincipalId -ErrorAction SilentlyContinue $licenses = Get-MgUserLicenseDetail -UserId $assignment.PrincipalId -ErrorAction SilentlyContinue
if (-not $result[$role.DisplayName]) { if (-not $result[$role.DisplayName]) {
$result[$role.DisplayName] = @() $result[$role.DisplayName] = @()
} }
@@ -33,6 +26,5 @@ function Get-AdminRoleUserAndAssignment {
} }
} }
} }
return $result return $result
} }