src/Private/Get-GraphLicensedUsers.ps1
|
function Get-GraphLicensedUsers { <# .SYNOPSIS Retrieves cloud users and their assigned licenses from Microsoft Graph. .DESCRIPTION Uses Invoke-MgGraphRequest (no full Graph SDK) to page through /users selecting only the fields the correlation needs. Returns a flat list of PSCustomObjects. Read-only. .OUTPUTS PSCustomObject: Id, UserPrincipalName, DisplayName, AccountEnabled, OnPremisesImmutableId, OnPremisesSecurityIdentifier, AssignedLicenses (array of skuId strings) #> [CmdletBinding()] param( [int] $PageSize = 999 ) if (-not (Get-Command Invoke-MgGraphRequest -ErrorAction SilentlyContinue)) { throw "Microsoft.Graph.Authentication is required (Invoke-MgGraphRequest not found)." } $select = 'id,userPrincipalName,displayName,accountEnabled,onPremisesImmutableId,onPremisesSecurityIdentifier,assignedLicenses' $uri = "/v1.0/users?`$select=$select&`$top=$PageSize" $users = New-Object System.Collections.Generic.List[object] do { $response = Invoke-MgGraphRequest -Method GET -Uri $uri -OutputType PSObject -ErrorAction Stop foreach ($u in $response.value) { $skuIds = @() if ($u.assignedLicenses) { $skuIds = @($u.assignedLicenses | ForEach-Object { [string]$_.skuId } | Where-Object { $_ }) } $users.Add([pscustomobject]@{ Id = [string]$u.id UserPrincipalName = [string]$u.userPrincipalName DisplayName = [string]$u.displayName AccountEnabled = [bool]$u.accountEnabled OnPremisesImmutableId = [string]$u.onPremisesImmutableId OnPremisesSecurityIdentifier = [string]$u.onPremisesSecurityIdentifier AssignedLicenses = $skuIds }) } $uri = $response.'@odata.nextLink' } while ($uri) return $users } |