internal/Export-AADAssessmentReportData.ps1


function Export-AADAssessmentReportData {
    [CmdletBinding()]
    param
    (
        # Full path of the directory where the source xml files are located.
        [Parameter(Mandatory = $true)]
        [string] $SourceDirectory,
        # Full path of the directory where the output files will be generated.
        [Parameter(Mandatory = $true)]
        [string] $OutputDirectory
    )

    $LookupCache = New-LookupCache

    Import-Clixml -Path (Join-Path $SourceDirectory "applicationData.xml") `
    | Use-Progress -Activity 'Exporting applications' -Property displayName -PassThru -WriteSummary `
    | Export-JsonArray (Join-Path $OutputDirectory "applications.json") -Depth 5 -Compress

    Import-Clixml -Path (Join-Path $SourceDirectory "directoryRoleData.xml") `
    | Use-Progress -Activity 'Exporting directoryRoles' -Property displayName -PassThru -WriteSummary `
    | Export-JsonArray (Join-Path $OutputDirectory "directoryRoles.json") -Depth 5 -Compress

    Set-Content -Path (Join-Path $OutputDirectory "appRoleAssignments.csv") -Value 'id,appRoleId,createdDateTime,principalDisplayName,principalId,principalType,resourceDisplayName,resourceId'
    Import-Clixml -Path (Join-Path $SourceDirectory "appRoleAssignmentData.xml") `
    | Use-Progress -Activity 'Exporting appRoleAssignments' -Property id -PassThru -WriteSummary `
    | Format-Csv `
    | Export-Csv (Join-Path $OutputDirectory "appRoleAssignments.csv") -NoTypeInformation

    Set-Content -Path (Join-Path $OutputDirectory "oauth2PermissionGrants.csv") -Value 'id,consentType,clientId,principalId,resourceId,scope'
    Import-Clixml -Path (Join-Path $SourceDirectory "oauth2PermissionGrantData.xml") `
    | Use-Progress -Activity 'Exporting oauth2PermissionGrants' -Property id -PassThru -WriteSummary `
    | Export-Csv (Join-Path $OutputDirectory "oauth2PermissionGrants.csv") -NoTypeInformation

    Import-Clixml -Path (Join-Path $SourceDirectory "servicePrincipalData.xml") `
    | Use-Progress -Activity 'Exporting servicePrincipals' -Property displayName -PassThru -WriteSummary `
    | Export-JsonArray (Join-Path $OutputDirectory "servicePrincipals.json") -Depth 5 -Compress

    Set-Content -Path (Join-Path $OutputDirectory "servicePrincipals.csv") -Value 'id,appId,servicePrincipalType,displayName,accountEnabled,appOwnerOrganizationId,appRoles,oauth2PermissionScopes,keyCredentials,passwordCredentials'
    Import-Clixml -Path (Join-Path $SourceDirectory "servicePrincipalData.xml") `
    | Use-Progress -Activity 'Exporting servicePrincipals' -Property displayName -PassThru -WriteSummary `
    | Select-Object -Property id, appId, servicePrincipalType, displayName, accountEnabled, appOwnerOrganizationId `
    | Export-Csv (Join-Path $OutputDirectory "servicePrincipals.csv") -NoTypeInformation

    # Import-Clixml -Path (Join-Path $SourceDirectory "userData.xml") `
    # | Use-Progress -Activity 'Exporting users' -Property displayName -PassThru -WriteSummary `
    # | Export-JsonArray (Join-Path $OutputDirectory "users.json") -Depth 5 -Compress

    Set-Content -Path (Join-Path $OutputDirectory "users.csv") -Value 'id,userPrincipalName,userType,displayName,accountEnabled,onPremisesSyncEnabled,onPremisesImmutableId,mail,otherMails,AADLicense'
    Import-Clixml -Path (Join-Path $SourceDirectory "userData.xml") `
    | Use-Progress -Activity 'Exporting users' -Property displayName -PassThru -WriteSummary `
    | Select-Object -Property id,userPrincipalName,userType,displayName,accountEnabled, `
        @{ Name = "onPremisesSyncEnabled"; Expression = {[bool]$_.onPremisesSyncEnabled}}, `
        @{ Name = "onPremisesImmutableId"; Expression = {![string]::IsNullOrWhiteSpace($_.onPremisesImmutableId)}},mail, `
        @{ Name = "otherMails"; Expression = { $_.otherMails -join ';' } }, `
        @{ Name = "AADLicense"; Expression = {$plans = $_.assignedPlans | foreach-object { $_.servicePlanId }; if ($plans -contains "eec0eb4f-6444-4f95-aba0-50c24d67f998") { "AADP2" } elseif ($plans -contains "41781fb2-bc02-4b7c-bd55-b576c07bb09d") { "AADP1" } else { "None" }}} `
    | Export-Csv (Join-Path $OutputDirectory "users.csv") -NoTypeInformation
    #

    # Import-Clixml -Path (Join-Path $SourceDirectory "groupData.xml") `
    # | Use-Progress -Activity 'Exporting groups' -Property displayName -PassThru -WriteSummary `
    # | Export-JsonArray (Join-Path $OutputDirectory "groups.json") -Depth 5 -Compress

    Set-Content -Path (Join-Path $OutputDirectory "groups.csv") -Value 'id,groupTypes,displayName,mail,groupType'
    Import-Clixml -Path (Join-Path $SourceDirectory "groupData.xml") `
    | Use-Progress -Activity 'Exporting groups' -Property displayName -PassThru -WriteSummary `
    | Select-Object -Property id, groupTypes, displayName, mail, `
    @{ Name = "groupType"; Expression = {
        if ($_.groupTypes -contains "Unified") {
            "Microsoft 365"
        } else {
            if ($_.securityEnabled) {
                if ($_.mailEnabled) {
                    "Mail-enabled Security"
                } else {                
                    "Security"
                }
            } else {
                if ($_.mailEnabled) {
                    "Distribution"
                } else {                
                    "Unknown" # not mail enabled neither security enabled
                }
            }
        }
    }} `
    | Export-Csv (Join-Path $OutputDirectory "groups.csv") -NoTypeInformation

    ## Option 1 from Data Collection: Expand Group Membership to get transitiveMembers.
    # Import-Clixml -Path (Join-Path $SourceDirectory "groupData.xml") | Add-AadObjectToLookupCache -Type group -LookupCache $LookupCache
    # Set-Content -Path (Join-Path $OutputDirectory "groupTransitiveMembers.csv") -Value 'id,memberId,memberType'
    # $LookupCache.group.Values `
    # | Use-Progress -Activity 'Exporting group memberships' -Property displayName -Total $LookupCache.group.Count -PassThru -WriteSummary `
    # | ForEach-Object {
    # $group = $_
    # Expand-GroupTransitiveMembership $group.id -LookupCache $LookupCache | ForEach-Object {
    # [PSCustomObject]@{
    # id = $group.id
    # #'@odata.type' = $group.'@odata.type'
    # memberId = $_.id
    # memberType = $_.'@odata.type' -replace '#microsoft.graph.', ''
    # #direct = $group.members.id.Contains($_.id)
    # }
    # }
    # } `
    # | Export-Csv (Join-Path $OutputDirectory "groupTransitiveMembers.csv") -NoTypeInformation

    $OrganizationData = Get-Content -Path (Join-Path $SourceDirectory "organization.json") -Raw | ConvertFrom-Json
    [array] $DirectoryRoleData = Import-Clixml -Path (Join-Path $SourceDirectory "directoryRoleData.xml")
    Import-Clixml -Path (Join-Path $SourceDirectory "userData.xml") | Add-AadObjectToLookupCache -Type user -LookupCache $LookupCache
    Import-Clixml -Path (Join-Path $SourceDirectory "groupData.xml") | Add-AadObjectToLookupCache -Type group -LookupCache $LookupCache
    Get-AADAssessNotificationEmailsReport -Offline -OrganizationData $OrganizationData -UserData $LookupCache.user -GroupData $LookupCache.group -DirectoryRoleData $DirectoryRoleData `
    | Use-Progress -Activity 'Exporting NotificationsEmailsReport' -Property recipientEmail -PassThru -WriteSummary `
    | Export-Csv -Path (Join-Path $OutputDirectory "NotificationsEmailsReport.csv") -NoTypeInformation
    Remove-Variable DirectoryRoleData
    $LookupCache.group.Clear()

    [array] $ApplicationData = Import-Clixml -Path (Join-Path $SourceDirectory "applicationData.xml")
    Import-Clixml -Path (Join-Path $SourceDirectory "servicePrincipalData.xml") | Add-AadObjectToLookupCache -Type servicePrincipal -LookupCache $LookupCache
    Get-AADAssessAppCredentialExpirationReport -Offline -ApplicationData $ApplicationData -ServicePrincipalData $LookupCache.servicePrincipal `
    | Use-Progress -Activity 'Exporting AppCredentialsReport' -Property displayName -PassThru -WriteSummary `
    | Format-Csv `
    | Export-Csv -Path (Join-Path $OutputDirectory "AppCredentialsReport.csv") -NoTypeInformation
    Remove-Variable ApplicationData

    [array] $AppRoleAssignmentData = Import-Clixml -Path (Join-Path $SourceDirectory "appRoleAssignmentData.xml")
    # Get-AADAssessAppAssignmentReport -Offline -AppRoleAssignmentData $AppRoleAssignmentData `
    # | Use-Progress -Activity 'Exporting AppAssignmentsReport' -Property id -PassThru -WriteSummary `
    # | Format-Csv `
    # | Export-Csv -Path (Join-Path $OutputDirectory "AppAssignmentsReport.csv") -NoTypeInformation

    [array] $OAuth2PermissionGrantData = Import-Clixml -Path (Join-Path $OutputDirectory "oauth2PermissionGrantData.xml")
    Get-AADAssessConsentGrantReport -Offline -AppRoleAssignmentData $AppRoleAssignmentData -OAuth2PermissionGrantData $OAuth2PermissionGrantData -UserData $LookupCache.user -ServicePrincipalData $LookupCache.servicePrincipal `
    | Use-Progress -Activity 'Exporting ConsentGrantReport' -Property clientDisplayName -PassThru -WriteSummary `
    | Export-Csv -Path (Join-Path $OutputDirectory "ConsentGrantReport.csv") -NoTypeInformation

    [array] $groupTransitiveMembership = Import-Csv -Path (Join-Path $OutputDirectory "groupTransitiveMembers.csv")
    Set-Content -Path (Join-Path $OutputDirectory "roleAssignments.csv") -Value 'roleDefinitionId,directoryScopeId,memberType,assignmentType,endDateTime,principalId,principalType'
    Import-Csv -Path (Join-Path $OutputDirectory "roleAssignmentsData.csv") `
    | Use-Progress -Activity 'Exporting Role Assignments' -Property roleDefinitionId -PassThru -WriteSummary `
    | ForEach-Object  {
        $_
        if ($_.principalType -eq "group") {
            $groupId = $_.principalId
            # prefill resulting assignment
            $resultingAssignement = $_
            $resultingAssignement.memberType = "Group"
            $resultingAssignement.principalType = ""
            $resultingAssignement.principalId = ""
            # look for memberships
            $groupTransitiveMembership | Where-Object { $_.id -eq $groupId } | ForEach-Object {
                $resultingAssignement.principalType = $_.memberType
                $resultingAssignement.principalId = $_.memberId
                $resultingAssignement
            }
        }
    } `
    | Export-Csv -Path (Join-Path $OutputDirectory "roleAssignments.csv") -NoTypeInformation
}