Forum Discussion
MFA for users from ou to csv file
hi i am trying to modify my mfa script to include more than the upn and if MFA is enabled and wanted to include the description and when created date from AD. unfortunately it creates the CSV files with the header but none of the fields any ideas where i am going wrong i am probably just over complicating it.
$Users = Get-ADUser -Filter * -SearchBase 'OU=test,DC=Dc,DC=net' -Properties UserPrincipalName,description,whencreated |
Select-Object -ExpandProperty UserPrincipalName
$Report = [System.Collections.Generic.List[Object]]::new() # Create output file
Write-Host "Processing" $Users.Count "accounts..."
foreach( $User in $Users ){
Get-MsolUser -UserPrincipalName $User
Select-Object -Property UserPrincipalName,
$ReportLine = [PSCustomObject] @{
User = $_.UserPrincipalName
Name = $_.DisplayName
created = $_.whencreated
Jobtitle = $_.description
MFAstatus = {$_.StrongAuthenticationRequirements.State}
}
$Report.Add($ReportLine)
}
$Report | Select User, Name, created, Jobtitle, MFAstatus | Sort Name | Out-GridVew
$Report | Sort Name | Export-Csv -Path 'C:\Temp\UK-MFA Report.csv' -NoTypeInformation
Hello robertglass,
I played your script with little modifications:
- I remove the two lines below:
Get-MsolUser -UserPrincipalName $User Select-Object -Property UserPrincipalName,- I changed
User = $_.UserPrincipalName Name = $_.DisplayName created = $_.whencreated Jobtitle = $_.description MFAstatus = {$_.StrongAuthenticationRequirements.State}by
User = $User.UserPrincipalName Name = $User.DisplayName created = $User.whencreated Jobtitle = $User.description MFAstatus = $User.StrongAuthenticationRequirements.StateAnd it worked like a charm.
thijoubertold hi thanks for looking at this i made the changes as you suggested but still the CSV file remains empty with none of the user information written did you make any other changes. here is what i have now.
$Users = Get-ADUser -Filter * -SearchBase 'OU=test,DC=Dc,DC=net' -Properties UserPrincipalName,description,whencreated|Select-Object -ExpandProperty UserPrincipalName $Report = [System.Collections.Generic.List[Object]]::new() # Create output file Write-Host "Processing" $Users.Count "accounts..." foreach( $User in $Users ){ $ReportLine = [PSCustomObject] @{ User = $user.UserPrincipalName Name = $user.DisplayName created = $user.whencreated Jobtitle = $user.description MFAstatus = $user.StrongAuthenticationRequirements.State } $Report.Add($ReportLine) } $Report | Select User, Name, created, Jobtitle, MFAstatus | Sort Name | Out-GridView $Report | Sort Name | Export-Csv -Path 'C:\Temp\UK-MFA Report.csv' -NoTypeInformationrobertglass At this point there is no Get-MsolUser in your script so it's not going to have any info for $User.StrongAuthenti*** properties.
If you want to try my script for this, it relies on MSONLINE module like your initial script already was using, so should be ready to go for you:
Here is the help section:
<# .Synopsis Get Azure MFA status and details for users in Azure AD. .Parameter UserPrincipalName UPN of user to query for MFA details. Accepts pipeline input. .Parameter MsolUser MsolUser objects from Get-MsolUser. Accepts objects in the pipeline or stored as variables. .Parameter All Specifies to get and process all MsolUser's. .Example .\Get-MsolUserMFADetails.ps1 -UserPrincipalName User1@jb365.ca PS C:\> .\Get-MsolUserMFADetails.ps1 User1@jb365.ca PS C:\> "User1@jb365.ca" | .\Get-MsolUserMFADetails.ps1 .Example $HQUsers = Get-MsolUser -City 'Quispamsis' PS C:\> .\Get-MsolUserMFADetails.ps1 -MsolUser $HQUsers PS C:\> .\Get-MsolUserMFADetails.ps1 $HQUsers PS C:\> $HQUsers | .\Get-MsolUserMFADetails.ps1 .Example .\Get-MsolUserMFADetails.ps1 -All | Export-csv MsolUserMFADetails.csv .Outputs [PSCustomObject] as follows: UserPrincipalName : User1@jb365.ca DisplayName : User1 MfaState : Disabled DefaultMethod : PhoneAppNotification ConfiguredMethods : OneWaySMS, TwoWayVoiceMobile, PhoneAppOTP, PhoneAppNotification AuthenticationPhone : +1 8005551212 AltAuthenticationPhone : PhoneAppAuthMethod : Notification, OTP PhoneAppDeviceName : ONEPLUS A5010 UserType : Member ObjectId : 04eb85e2-e0bf-490b-81d2-e5559ad35d19 #>
i finally found a way round my issue and this is the script i ended up with thanks for peoples input it helped me figure it out.
below is a copy of how my script ended up and provides a csv file with the attributes i needed. hopefully sharing it will be useful to others.
$Users = Get-ADUser -Filter * -SearchBase 'OU=test,DC=Dc,DC=net' | Get-ADUser -Properties mail | where {$_.mail -ne $null} | Select-Object -ExpandProperty UserPrincipalName $Report = [System.Collections.Generic.List[Object]]::new() # Create output file Write-Host "Processing" $Users.Count "accounts..." foreach( $user in $users ){ $msousers = Get-MsolUser -UserPrincipalName $User foreach ($msouser in $msousers) {$ReportLine = [PSCustomObject] @{ User = $msouser.UserPrincipalName Name = $msouser.DisplayName created = $msouser.whencreated Jobtitle = $msouser.title MFAstatus = $msouser.StrongAuthenticationRequirements.State } } $Report.Add($ReportLine) } $Report | Sort User | Export-Csv -Path 'C:\Temp\UK-MFA Report.csv' -NoTypeInformation
