UsersToDevices.psm1
function Add-User-Devices { <# .SYNOPSIS Finds registered devices of users in UserGroup and adds them into DeviceGroup. .DESCRIPTION Author: David Velasquez Dependencies: AzureAD Module NuGet provider version '2.8.5.201' or newer Accepts [-From] and [-To] as parameter aliases for [-UserGroup] and [-DeviceGroup]. Example: Add-User-Devices [-From] <String> [-To] <String> [<CommonParameters>] Note: <string> is the ObjectID of the User and Device groups. .PARAMETER UserGroup Specifies the name of the user group where users can be found. .PARAMETER DeviceGroup Specifies the name of the device group where registered devices should be placed. .EXAMPLE PS C:\> Add-User-Devices -UserGroup <ObjectID> -DeviceGroup <ObjectID> .EXAMPLE PS C:\> Add-User-Devices -From <ObjectID> -To <ObjectID> .LINK Get-Report #> [CmdletBinding()] Param( [Parameter(Mandatory = $True)] [Alias("From")] [String] $UserGroup, [Parameter(Mandatory = $True)] [Alias("To")] [String] $DeviceGroup ) Azure-Ad-Auth #Write-Host "`nFinding registered devices" $UserList = Get-AzureADGroupMember -ObjectId $UserGroup -All $true | Sort-Object -Property DisplayName If (!($UserList)) { Write-Host "No users were found - exiting" ; break } Write-Host ("`nProcessing details for {0} users" -f $UserList.count) -ForegroundColor Green $DeviceList = Get-AzureADGroupMember -ObjectId $DeviceGroup -All $true | Sort-Object -Property DisplayName $global:UserGroupName = (Get-AzureADGroup -objectid $UserGroup).displayname $global:DeviceGroupName = (Get-AzureADGroup -objectid $DeviceGroup).displayname $i = 0 foreach ($User in $UserList) { $i++ Write-Host ("`nFinding devices registered to {0} ({1}/{2})" -f $User.DisplayName, $i, $UserList.count) -ForegroundColor Yellow $DeviceQuery = Get-AzureADUserRegisteredDevice -objectid $User.objectid -All $true $Devices = $DeviceQuery | where-object { ($_.displayname -notlike "*iphone*") -and ($_.displayname -notlike "*MacBook*") -and ($_.displayname -notlike "*vdi*") } $j = 0 foreach ($Device in $Devices) { $j++ if ($Device -ne $null) { if ($DeviceList.objectid -notcontains $Device.objectid) { Write-Host ("`nProcessing ({0}/{1}) devices for {2}" -f $j, $Devices.count, $User.DisplayName) -ForegroundColor Green Write-Host ("`nAdding {0}'s {1} to {2}" -f $User.DisplayName, $Device.displayname, $DeviceGroupName) -ForegroundColor Cyan Add-AzureADGroupMember -ObjectId $DeviceGroup -RefObjectId $Device.objectid } else { Write-Host ("`nProcessing ({0}/{1}) devices for {2}" -f $j, $Devices.count, $User.DisplayName) -ForegroundColor Green Write-Host ("`n{0}'s {1} is already a member of {2}" -f $User.DisplayName, $Device.displayname, $DeviceGroupName) -ForegroundColor Red } } } } write-host "" Write-Host -ForegroundColor Yellow -NoNewLine 'Press any key to continue and generate report... '; $null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown'); Get-Report -From $UserGroup -To $DeviceGroup } function Azure-Ad-Auth() { $NuGet = (Get-packageprovider -ListAvailable -Name NuGet -ea silentlycontinue) if (!$NuGet) { Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force | Out-Null } Import-PackageProvider -Name NuGet | Out-Null $AzureAD = (Get-Module -ListAvailable -Name AzureAD -ea silentlycontinue) if (!$AzureAD) { Install-Module -Name AzureAD -Force | Out-Null } Import-Module AzureAD | Out-Null $mod = get-module AzureAD if ($mod -ne $null) { try { clear Connect-AzureAD clear } catch { clear write-host Write-warning "Could not connect to Azure AD" write-host exit } } } function Get-Report() { [CmdletBinding()] Param( [Parameter(Mandatory = $True)] [Alias("From")] [String] $UserGroup, [Parameter(Mandatory = $True)] [Alias("To")] [String] $DeviceGroup ) $UserList = Get-AzureADGroupMember -ObjectId $UserGroup -All $true | Sort-Object -Property DisplayName $DeviceList = Get-AzureADGroupMember -ObjectId $DeviceGroup -All $true | Sort-Object -Property DisplayName $Report = [System.Collections.Generic.List[Object]]::new() foreach ($User in $UserList) { $DeviceQuery = Get-AzureADUserRegisteredDevice -objectid $User.objectid -All $true $Devices = $DeviceQuery | where-object { ($_.displayname -notlike "*iphone*") -and ($_.displayname -notlike "*MacBook*") -and ($_.displayname -notlike "*vdi*") } $Phones = $DeviceQuery | where-object {$_.displayname -like "*iphone*"} $Laptops = $DeviceQuery | where-object {$_.displayname -like "*-LT-*"} $Desktops = $DeviceQuery | where-object { ($_.displayname -notlike "*iphone*") -and ($_.displayname -notlike "*MacBook*") -and ($_.displayname -notlike "*vdi*") -and ($_.displayname -notlike "*-LT-*") } $VirtualDesktops = $DeviceQuery | where-object {$_.displayname -like "*VDI-*"} $DevicesInDeviceGroup = $DeviceQuery | where-object { ($_.objectid -in $DeviceList.objectid) -and ($_.displayname -notlike "*iphone*") -and ($_.displayname -notlike "*MacBook*") -and ($_.displayname -notlike "*vdi*") } $Lines = [PSCustomObject]@{ User = $User.displayname UserObjectID = $User.objectid UserGroup = $UserGroupName UserGroupObjectID = $UserGroup DeviceGroup = $DeviceGroupName DeviceGroupObjectID = $DeviceGroup Devices = $Devices.displayname DeviceObjectIDs = $Devices.objectid DesktopDevices = $Desktops.displayname DesktopDeviceIDs = $Desktops.objectid LaptopDevices = $Laptops.displayname LaptopDeviceIDs = $Laptops.objectid MobileDevices = $Phones.displayname MobileDeviceIDs = $Phones.objectid VirtualDesktopDevices = $VirtualDesktops.displayname VirtualDesktopDeviceIDs = $VirtualDesktops.objectid CustomAttributes = $null DevicesInDeviceGroup = $DevicesInDeviceGroup.displayname DevicesInDeviceGroupIDs = $DevicesInDeviceGroup.objectid } $Report.Add($Lines) } clear Write-Host "`nGenerated Report" Write-Host "----------------`n" $Report } Export-ModuleMember -function * -alias * |