Forum Discussion

robertglass's avatar
robertglass
Copper Contributor
Sep 01, 2021

MFA for users from ou to csv file

hi i am trying to modify my mfa script to include more than the upn and if MFA is enabled and wanted to include the description and when created date from AD. unfortunately it creates the CSV files with the header but none of the fields any ideas where i am going wrong i am probably just over complicating it.

 

 

$Users = Get-ADUser -Filter * -SearchBase 'OU=test,DC=Dc,DC=net' -Properties UserPrincipalName,description,whencreated |
      Select-Object -ExpandProperty UserPrincipalName
$Report = [System.Collections.Generic.List[Object]]::new() # Create output file
Write-Host "Processing" $Users.Count "accounts..." 
foreach( $User in $Users ){
    Get-MsolUser -UserPrincipalName $User
        Select-Object -Property UserPrincipalName,
        
        $ReportLine = [PSCustomObject] @{
        User        = $_.UserPrincipalName
        Name        = $_.DisplayName
        created     = $_.whencreated
        Jobtitle  = $_.description
        MFAstatus = {$_.StrongAuthenticationRequirements.State}
                    }
                    $Report.Add($ReportLine)
                }
$Report | Select User, Name, created, Jobtitle, MFAstatus | Sort Name | Out-GridVew
$Report | Sort Name | Export-Csv -Path 'C:\Temp\UK-MFA Report.csv' -NoTypeInformation

 

 

Azure Active Directory (AAD)
Identity Management
microsoft 365
  • robertglass's avatar
    robertglass
    Copper Contributor
    Sep 02, 2021

    i finally found a way round my issue and this is the script i ended up with thanks for peoples input it helped me figure it out.

     

    below is a copy of how my script ended up and provides a csv file with the attributes i needed. hopefully sharing it will be useful to others.

     

     

    $Users = Get-ADUser -Filter * -SearchBase 'OU=test,DC=Dc,DC=net' |
	Get-ADUser -Properties mail | where {$_.mail -ne $null} |
    Select-Object -ExpandProperty UserPrincipalName
$Report = [System.Collections.Generic.List[Object]]::new() # Create output file
Write-Host "Processing" $Users.Count "accounts..." 
foreach( $user in $users ){
    $msousers = Get-MsolUser -UserPrincipalName $User          
	foreach ($msouser in $msousers) {$ReportLine = [PSCustomObject] @{
        User        = $msouser.UserPrincipalName
        Name        = $msouser.DisplayName
        created     = $msouser.whencreated
        Jobtitle    = $msouser.title
        MFAstatus   = $msouser.StrongAuthenticationRequirements.State
                   } }
                    $Report.Add($ReportLine)
                }

$Report | Sort User | Export-Csv -Path 'C:\Temp\UK-MFA Report.csv' -NoTypeInformation

     

     

  • thijoubertold's avatar
    thijoubertold
    Iron Contributor
    Sep 01, 2021

    Hello robertglass

    I played your script with little modifications: 

    - I remove the two lines below: 

        Get-MsolUser -UserPrincipalName $User
        Select-Object -Property UserPrincipalName,

    -  I changed 

            User        = $_.UserPrincipalName
        Name        = $_.DisplayName
        created     = $_.whencreated
        Jobtitle  = $_.description
        MFAstatus = {$_.StrongAuthenticationRequirements.State}

    by 

            User        = $User.UserPrincipalName
        Name        = $User.DisplayName
        created     = $User.whencreated
        Jobtitle    = $User.description
        MFAstatus   = $User.StrongAuthenticationRequirements.State

     And it worked like a charm.

    • robertglass's avatar
      robertglass
      Copper Contributor
      Sep 02, 2021

      thijoubertold  hi thanks for looking at this i made the changes as you suggested but still the CSV file remains empty with none of the user information written did you make any other changes. here is what i have now.

       

       

      $Users = Get-ADUser -Filter * -SearchBase 'OU=test,DC=Dc,DC=net' -Properties UserPrincipalName,description,whencreated|Select-Object -ExpandProperty UserPrincipalName
$Report = [System.Collections.Generic.List[Object]]::new() # Create output file
Write-Host "Processing" $Users.Count "accounts..." 
foreach( $User in $Users ){
                   
	$ReportLine = [PSCustomObject] @{
        User        = $user.UserPrincipalName
        Name        = $user.DisplayName
        created     = $user.whencreated
        Jobtitle    = $user.description
        MFAstatus   = $user.StrongAuthenticationRequirements.State
                    }
                    $Report.Add($ReportLine)
                }
$Report | Select User, Name, created, Jobtitle, MFAstatus | Sort Name | Out-GridView
$Report | Sort Name | Export-Csv -Path 'C:\Temp\UK-MFA Report.csv' -NoTypeInformation

       

       

      • thijoubertold's avatar
        thijoubertold
        Iron Contributor
        Sep 02, 2021

        Hi robertglass 

        I just saw that you collected your users from your local AD (Get-ADUser) and not from (Get-MsolUser). 
        The script below gave me the expected results. 


        If you want to keep Get-ADuser, you should add a step to request the details of MFA from Azure AD / O365 with a local user. 

        # $Users = Get-ADUser -Filter * -SearchBase 'OU=test,DC=Dc,DC=net' -Properties UserPrincipalName,description,whencreated|Select-Object -ExpandProperty UserPrincipalName
$Users = Get-MsolUser

$Report = [System.Collections.Generic.List[Object]]::new() # Create output file

Write-Host "Processing" $Users.Count "accounts..." 
foreach( $User in $Users ){
                   
	$ReportLine = [PSCustomObject] @{
        User        = $user.UserPrincipalName
        Name        = $user.DisplayName
        created     = $user.whencreated
        Jobtitle    = $user.description
        MFAstatus   = $user.StrongAuthenticationRequirements.State
                    }
                    $Report.Add($ReportLine)
                }

$Report | Sort User | Format-Table

# $Report | Select User, Name, created, Jobtitle, MFAstatus | Sort Name | Out-GridView
# $Report | Sort Name | Export-Csv -Path 'C:\Temp\UK-MFA Report.csv' -NoTypeInformation

         

Resources