functions/Tenant/Get-HawkTenantAZAdmins.ps1
|
Function Get-HawkTenantAZAdmins{ <# .SYNOPSIS Tenant Azure Active Directory Administrator export. Must be connected to Azure-AD using the Connect-AzureAD cmdlet .DESCRIPTION Tenant Azure Active Directory Administrator export. Reviewing administrator access is key to knowing who can make changes to the tenant and conduct other administrative actions to users and applications. .EXAMPLE Get-HawkTenantAZAdmins Gets all Azure AD Admins .OUTPUTS AzureADAdministrators.csv .LINK https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureaddirectoryrolemember?view=azureadps-2.0 .NOTES #> BEGIN{ Out-LogFile "Gathering Azure AD Administrators" Test-AzureADConnection Send-AIEvent -Event "CmdRun" } PROCESS{ $roles = foreach ($role in Get-AzureADDirectoryRole){ $admins = (Get-AzureADDirectoryRoleMember -ObjectId $role.objectid).userprincipalname if ([string]::IsNullOrWhiteSpace($admins)) { [PSCustomObject]@{ AdminGroupName = $role.DisplayName Members = "No Members" } } foreach ($admin in $admins){ [PSCustomObject]@{ AdminGroupName = $role.DisplayName Members = $admin } } } $roles | Out-MultipleFileType -FilePrefix "AzureADAdministrators" -csv } END{ Out-LogFile "Completed exporting Azure AD Admins" } }#End Function |