Sep 01 2021
07:07 AM
- last edited on
Jan 14 2022
03:54 PM
by
TechCommunityAP
Sep 01 2021
07:07 AM
- last edited on
Jan 14 2022
03:54 PM
by
TechCommunityAP
hi i am trying to modify my mfa script to include more than the upn and if MFA is enabled and wanted to include the description and when created date from AD. unfortunately it creates the CSV files with the header but none of the fields any ideas where i am going wrong i am probably just over complicating it.
$Users = Get-ADUser -Filter * -SearchBase 'OU=test,DC=Dc,DC=net' -Properties UserPrincipalName,description,whencreated |
Select-Object -ExpandProperty UserPrincipalName
$Report = [System.Collections.Generic.List[Object]]::new() # Create output file
Write-Host "Processing" $Users.Count "accounts..."
foreach( $User in $Users ){
Get-MsolUser -UserPrincipalName $User
Select-Object -Property UserPrincipalName,
$ReportLine = [PSCustomObject] @{
User = $_.UserPrincipalName
Name = $_.DisplayName
created = $_.whencreated
Jobtitle = $_.description
MFAstatus = {$_.StrongAuthenticationRequirements.State}
}
$Report.Add($ReportLine)
}
$Report | Select User, Name, created, Jobtitle, MFAstatus | Sort Name | Out-GridVew
$Report | Sort Name | Export-Csv -Path 'C:\Temp\UK-MFA Report.csv' -NoTypeInformation
Sep 01 2021 09:30 AM
Hello @robertglass,
I played your script with little modifications:
- I remove the two lines below:
Get-MsolUser -UserPrincipalName $User
Select-Object -Property UserPrincipalName,
- I changed
User = $_.UserPrincipalName
Name = $_.DisplayName
created = $_.whencreated
Jobtitle = $_.description
MFAstatus = {$_.StrongAuthenticationRequirements.State}
by
User = $User.UserPrincipalName
Name = $User.DisplayName
created = $User.whencreated
Jobtitle = $User.description
MFAstatus = $User.StrongAuthenticationRequirements.State
And it worked like a charm.
Sep 02 2021 01:45 AM - edited Sep 02 2021 01:47 AM
@thijoubertold hi thanks for looking at this i made the changes as you suggested but still the CSV file remains empty with none of the user information written did you make any other changes. here is what i have now.
$Users = Get-ADUser -Filter * -SearchBase 'OU=test,DC=Dc,DC=net' -Properties UserPrincipalName,description,whencreated|Select-Object -ExpandProperty UserPrincipalName
$Report = [System.Collections.Generic.List[Object]]::new() # Create output file
Write-Host "Processing" $Users.Count "accounts..."
foreach( $User in $Users ){
$ReportLine = [PSCustomObject] @{
User = $user.UserPrincipalName
Name = $user.DisplayName
created = $user.whencreated
Jobtitle = $user.description
MFAstatus = $user.StrongAuthenticationRequirements.State
}
$Report.Add($ReportLine)
}
$Report | Select User, Name, created, Jobtitle, MFAstatus | Sort Name | Out-GridView
$Report | Sort Name | Export-Csv -Path 'C:\Temp\UK-MFA Report.csv' -NoTypeInformation
Sep 02 2021 05:31 AM
@robertglass At this point there is no Get-MsolUser in your script so it's not going to have any info for $User.StrongAuthenti*** properties.
If you want to try my script for this, it relies on MSONLINE module like your initial script already was using, so should be ready to go for you:
Here is the help section:
<#
.Synopsis
Get Azure MFA status and details for users in Azure AD.
.Parameter UserPrincipalName
UPN of user to query for MFA details. Accepts pipeline input.
.Parameter MsolUser
MsolUser objects from Get-MsolUser. Accepts objects in the pipeline or stored as variables.
.Parameter All
Specifies to get and process all MsolUser's.
.Example
.\Get-MsolUserMFADetails.ps1 -UserPrincipalName User1@jb365.ca
PS C:\> .\Get-MsolUserMFADetails.ps1 User1@jb365.ca
PS C:\> "User1@jb365.ca" | .\Get-MsolUserMFADetails.ps1
.Example
$HQUsers = Get-MsolUser -City 'Quispamsis'
PS C:\> .\Get-MsolUserMFADetails.ps1 -MsolUser $HQUsers
PS C:\> .\Get-MsolUserMFADetails.ps1 $HQUsers
PS C:\> $HQUsers | .\Get-MsolUserMFADetails.ps1
.Example
.\Get-MsolUserMFADetails.ps1 -All | Export-csv MsolUserMFADetails.csv
.Outputs
[PSCustomObject] as follows:
UserPrincipalName : User1@jb365.ca
DisplayName : User1
MfaState : Disabled
DefaultMethod : PhoneAppNotification
ConfiguredMethods : OneWaySMS, TwoWayVoiceMobile, PhoneAppOTP, PhoneAppNotification
AuthenticationPhone : +1 8005551212
AltAuthenticationPhone :
PhoneAppAuthMethod : Notification, OTP
PhoneAppDeviceName : ONEPLUS A5010
UserType : Member
ObjectId : 04eb85e2-e0bf-490b-81d2-e5559ad35d19
#>
Sep 02 2021 06:10 AM
Hi @robertglass
I just saw that you collected your users from your local AD (Get-ADUser) and not from (Get-MsolUser).
The script below gave me the expected results.
If you want to keep Get-ADuser, you should add a step to request the details of MFA from Azure AD / O365 with a local user.
# $Users = Get-ADUser -Filter * -SearchBase 'OU=test,DC=Dc,DC=net' -Properties UserPrincipalName,description,whencreated|Select-Object -ExpandProperty UserPrincipalName
$Users = Get-MsolUser
$Report = [System.Collections.Generic.List[Object]]::new() # Create output file
Write-Host "Processing" $Users.Count "accounts..."
foreach( $User in $Users ){
$ReportLine = [PSCustomObject] @{
User = $user.UserPrincipalName
Name = $user.DisplayName
created = $user.whencreated
Jobtitle = $user.description
MFAstatus = $user.StrongAuthenticationRequirements.State
}
$Report.Add($ReportLine)
}
$Report | Sort User | Format-Table
# $Report | Select User, Name, created, Jobtitle, MFAstatus | Sort Name | Out-GridView
# $Report | Sort Name | Export-Csv -Path 'C:\Temp\UK-MFA Report.csv' -NoTypeInformation
Sep 02 2021 06:15 AM
Sep 02 2021 08:42 AM - edited Sep 02 2021 08:43 AM
i finally found a way round my issue and this is the script i ended up with thanks for peoples input it helped me figure it out.
below is a copy of how my script ended up and provides a csv file with the attributes i needed. hopefully sharing it will be useful to others.
$Users = Get-ADUser -Filter * -SearchBase 'OU=test,DC=Dc,DC=net' |
Get-ADUser -Properties mail | where {$_.mail -ne $null} |
Select-Object -ExpandProperty UserPrincipalName
$Report = [System.Collections.Generic.List[Object]]::new() # Create output file
Write-Host "Processing" $Users.Count "accounts..."
foreach( $user in $users ){
$msousers = Get-MsolUser -UserPrincipalName $User
foreach ($msouser in $msousers) {$ReportLine = [PSCustomObject] @{
User = $msouser.UserPrincipalName
Name = $msouser.DisplayName
created = $msouser.whencreated
Jobtitle = $msouser.title
MFAstatus = $msouser.StrongAuthenticationRequirements.State
} }
$Report.Add($ReportLine)
}
$Report | Sort User | Export-Csv -Path 'C:\Temp\UK-MFA Report.csv' -NoTypeInformation
Sep 02 2021 09:00 AM
@robertglass I added a step line 10 and modified line 17
Is it ok for you?
Users = Get-ADUser -Filter * -SearchBase 'OU=test,DC=Dc,DC=net' -Properties UserPrincipalName,description,whencreated|Select-Object -ExpandProperty UserPrincipalName
$Report = [System.Collections.Generic.List[Object]]::new() # Create output file
Write-Host "Processing" $Users.Count "accounts..."
foreach( $User in $Users ){
# Newline
$MsolUser = Get-MsolUser -UserPrincipalName $User.UserPrincipalName
$ReportLine = [PSCustomObject] @{
User = $user.UserPrincipalName
Name = $user.DisplayName
created = $user.whencreated
Jobtitle = $user.description
MFAstatus = $MsolUser.StrongAuthenticationRequirements.State
}
$Report.Add($ReportLine)
}
$Report | Sort User | Format-Table
# $Report | Select User, Name, created, Jobtitle, MFAstatus | Sort Name | Out-GridView
# $Report | Sort Name | Export-Csv -Path 'C:\Temp\UK-MFA Report.csv' -NoTypeInformation