Forum Discussion
MFA for users from ou to csv file
hi i am trying to modify my mfa script to include more than the upn and if MFA is enabled and wanted to include the description and when created date from AD. unfortunately it creates the CSV files w...
Hello robertglass,
I played your script with little modifications:
- I remove the two lines below:
Get-MsolUser -UserPrincipalName $User
Select-Object -Property UserPrincipalName,- I changed
User = $_.UserPrincipalName
Name = $_.DisplayName
created = $_.whencreated
Jobtitle = $_.description
MFAstatus = {$_.StrongAuthenticationRequirements.State}by
User = $User.UserPrincipalName
Name = $User.DisplayName
created = $User.whencreated
Jobtitle = $User.description
MFAstatus = $User.StrongAuthenticationRequirements.StateAnd it worked like a charm.
thijoubertold hi thanks for looking at this i made the changes as you suggested but still the CSV file remains empty with none of the user information written did you make any other changes. here is what i have now.
$Users = Get-ADUser -Filter * -SearchBase 'OU=test,DC=Dc,DC=net' -Properties UserPrincipalName,description,whencreated|Select-Object -ExpandProperty UserPrincipalName
$Report = [System.Collections.Generic.List[Object]]::new() # Create output file
Write-Host "Processing" $Users.Count "accounts..."
foreach( $User in $Users ){
$ReportLine = [PSCustomObject] @{
User = $user.UserPrincipalName
Name = $user.DisplayName
created = $user.whencreated
Jobtitle = $user.description
MFAstatus = $user.StrongAuthenticationRequirements.State
}
$Report.Add($ReportLine)
}
$Report | Select User, Name, created, Jobtitle, MFAstatus | Sort Name | Out-GridView
$Report | Sort Name | Export-Csv -Path 'C:\Temp\UK-MFA Report.csv' -NoTypeInformation
Hi robertglass
I just saw that you collected your users from your local AD (Get-ADUser) and not from (Get-MsolUser).
The script below gave me the expected results.
If you want to keep Get-ADuser, you should add a step to request the details of MFA from Azure AD / O365 with a local user.# $Users = Get-ADUser -Filter * -SearchBase 'OU=test,DC=Dc,DC=net' -Properties UserPrincipalName,description,whencreated|Select-Object -ExpandProperty UserPrincipalName $Users = Get-MsolUser $Report = [System.Collections.Generic.List[Object]]::new() # Create output file Write-Host "Processing" $Users.Count "accounts..." foreach( $User in $Users ){ $ReportLine = [PSCustomObject] @{ User = $user.UserPrincipalName Name = $user.DisplayName created = $user.whencreated Jobtitle = $user.description MFAstatus = $user.StrongAuthenticationRequirements.State } $Report.Add($ReportLine) } $Report | Sort User | Format-Table # $Report | Select User, Name, created, Jobtitle, MFAstatus | Sort Name | Out-GridView # $Report | Sort Name | Export-Csv -Path 'C:\Temp\UK-MFA Report.csv' -NoTypeInformation- hi thanks for this and it does work well but i really need to be able to include the description and when created attributes from AD also on this report which is not provided using the MSOLuser command alone.
robertglass I added a step line 10 and modified line 17
Is it ok for you?
Users = Get-ADUser -Filter * -SearchBase 'OU=test,DC=Dc,DC=net' -Properties UserPrincipalName,description,whencreated|Select-Object -ExpandProperty UserPrincipalName $Report = [System.Collections.Generic.List[Object]]::new() # Create output file Write-Host "Processing" $Users.Count "accounts..." foreach( $User in $Users ){ # Newline $MsolUser = Get-MsolUser -UserPrincipalName $User.UserPrincipalName $ReportLine = [PSCustomObject] @{ User = $user.UserPrincipalName Name = $user.DisplayName created = $user.whencreated Jobtitle = $user.description MFAstatus = $MsolUser.StrongAuthenticationRequirements.State } $Report.Add($ReportLine) } $Report | Sort User | Format-Table # $Report | Select User, Name, created, Jobtitle, MFAstatus | Sort Name | Out-GridView # $Report | Sort Name | Export-Csv -Path 'C:\Temp\UK-MFA Report.csv' -NoTypeInformation
robertglass At this point there is no Get-MsolUser in your script so it's not going to have any info for $User.StrongAuthenti*** properties.
If you want to try my script for this, it relies on MSONLINE module like your initial script already was using, so should be ready to go for you:
Here is the help section:
<# .Synopsis Get Azure MFA status and details for users in Azure AD. .Parameter UserPrincipalName UPN of user to query for MFA details. Accepts pipeline input. .Parameter MsolUser MsolUser objects from Get-MsolUser. Accepts objects in the pipeline or stored as variables. .Parameter All Specifies to get and process all MsolUser's. .Example .\Get-MsolUserMFADetails.ps1 -UserPrincipalName User1@jb365.ca PS C:\> .\Get-MsolUserMFADetails.ps1 User1@jb365.ca PS C:\> "User1@jb365.ca" | .\Get-MsolUserMFADetails.ps1 .Example $HQUsers = Get-MsolUser -City 'Quispamsis' PS C:\> .\Get-MsolUserMFADetails.ps1 -MsolUser $HQUsers PS C:\> .\Get-MsolUserMFADetails.ps1 $HQUsers PS C:\> $HQUsers | .\Get-MsolUserMFADetails.ps1 .Example .\Get-MsolUserMFADetails.ps1 -All | Export-csv MsolUserMFADetails.csv .Outputs [PSCustomObject] as follows: UserPrincipalName : User1@jb365.ca DisplayName : User1 MfaState : Disabled DefaultMethod : PhoneAppNotification ConfiguredMethods : OneWaySMS, TwoWayVoiceMobile, PhoneAppOTP, PhoneAppNotification AuthenticationPhone : +1 8005551212 AltAuthenticationPhone : PhoneAppAuthMethod : Notification, OTP PhoneAppDeviceName : ONEPLUS A5010 UserType : Member ObjectId : 04eb85e2-e0bf-490b-81d2-e5559ad35d19 #>
