Monday, August 20, 2018

Powershell - find which domain a user in O365 is connected to

This script was used as I had two domain, old and new which both had a connection to o365 via AADC. I needed to know which was active, so I could make the new one active an ultimately disable and remove the old one.

This needs W7+ x64 for the Office Powershell components.

Lastly, yes I could have the on screen display in one part of the code, but once you are half way down a hole it make sense to jump, not climb back up and start again. ;)

You only need to run this after a reboot, etc, so use ISE and run as needed
[]::defaultwebproxy = new-object'')
[]::defaultwebproxy.credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
[]::defaultwebproxy.BypassProxyOnLocal = $true

#this is a check to ensure you have a connection prior to running a disable/delete etc, put in a name that works
$TESTADuser=Get-ADUser -Filter {sAMAccountName -eq 'colvind' } -Properties * -SearchScope Subtree
if ($TESTADuser.whenCreated -eq $null) { write-host "ERROR no connected to AZAD ***************"

$users = Import-Csv C:\temp\userlist.txt
foreach ($users in $users){

#write-host "looking at " $logon
$newAcc = $null
$oldAcc = $null
$newAcc = Get-ADUser -Filter {sAMAccountName -eq $logon } -Properties * -server "" -SearchScope Subtree
$oldAcc = Get-ADUser -Filter {sAMAccountName -eq $logon } -Properties * -server "" -SearchScope Subtree

try {
$azad=Get-AzureADUser -objectid $newAcc.UserPrincipalName
$o3ad=Get-MsolUser -UserPrincipalName $newAcc.UserPrincipalName # | ft AccountSku, licence

if ($azad.OnPremisesSecurityIdentifier -like "S-1-5-21-1323355854-4650515797-*") {$whichAD="o365 Joined to NEW" }
if ($azad.OnPremisesSecurityIdentifier -notlike "S-1-5-21-1323355854-4650515797-*") {$whichAD="**OLD AD Joined**" }

#write-host $oldAcc.samaccountname";" $AZAD.UserPrincipalName"; lic-> " $o3ad.IsLicensed ";" $oldacc.CanonicalName " IC LL;" + $newAcc.LastLogonDate + $whichAD

if ($oldAcc.LastLogonDate -eq $null)
write-host "logon name ; email; whichAD ; IC LastLogonDate ;LastLogonDate  ;o365 lic-> IsLicensed ;" # WCA Not used;WCA LL; #
write-host $newAcc.SamAccountName ";" $newAcc.mail ";"$whichAD ";" ";IC LastLogon;" $newAcc.LastLogonDate  ";o365 lic->" $o3ad.IsLicensed ";" $newacc.CanonicalName # WCA Not used;WCA LL; $oldAcc.LastLogonDate

 if ($oldAcc.LastLogonDate -ne $null)
write-host "logon name ; email; whichAD ; UserPrincipalName/email; IC LastLogonDate; LastLogonDate ; o365lic-> IsLicensed ; ##"
write-host $newAcc.SamAccountName ";" $newAcc.mail ";"$whichAD ";"$AZAD.UserPrincipalName ";IC LastLogon;" $newAcc.LastLogonDate ";" ";o365lic->" $o3ad.IsLicensed ";" $newacc.CanonicalName #;WCA LL;" $oldAcc.LastLogonDate "

#write-host "logon name; email; Not in Office 365; UPN; IC LL; LastLogonDate; CanonicalName, ###"
write-host $newAcc.SamAccountName ";" $newAcc.mail "; Not in Office 365;" $newACC.UserPrincipalName "; IC LastLogon;" $newAcc.LastLogonDate ";"# $newacc.CanonicalName $newAcc.DistinguishedName
#write-host $oldAcc.SamAccountName + $oldAcc.LastLogonDate + "not in O365"

No comments:

Blog Archive