This script was used as I had two domain, old and new which both had a connection to o365 via AADC. I needed to know which was active, so I could make the new one active an ultimately disable and remove the old one.
This needs W7+ x64 for the Office Powershell components.
Lastly, yes I could have the on screen display in one part of the code, but once you are half way down a hole it make sense to jump, not climb back up and start again. ;)
This needs W7+ x64 for the Office Powershell components.
Lastly, yes I could have the on screen display in one part of the code, but once you are half way down a hole it make sense to jump, not climb back up and start again. ;)
<#
You only need to run this after a reboot, etc, so use
ISE and run as needed
----------------------------------------------------------------------------------------------------------------
[system.net.webrequest]::defaultwebproxy = new-object
system.net.webproxy('http://proxy-02.name.nsw.gov.au:8080')
[system.net.webrequest]::defaultwebproxy.credentials =
[System.Net.CredentialCache]::DefaultNetworkCredentials
[system.net.webrequest]::defaultwebproxy.BypassProxyOnLocal
= $true
connect-azuread
Connect-MsolService
----------------------------------------------------------------------------------------------------------------
#>
cls
#this is a check to ensure you have a connection prior
to running a disable/delete etc, put in a name that works
$TESTADuser=Get-ADUser -Filter {sAMAccountName -eq
'colvind' } -Properties * -SearchScope Subtree
if ($TESTADuser.whenCreated -eq $null) { write-host
"ERROR no connected to AZAD ***************"
break}
$users = Import-Csv C:\temp\userlist.txt
foreach ($users in $users){
$logon=$users.username.trim()
#write-host "looking at " $logon
$newAcc = $null
$oldAcc = $null
$newAcc = Get-ADUser -Filter {sAMAccountName -eq
$logon } -Properties * -server "new.name.gov.au" -SearchScope Subtree
$oldAcc = Get-ADUser -Filter {sAMAccountName -eq
$logon } -Properties * -server "old.name.gov.au" -SearchScope Subtree
try {
$azad=$null
$o3ad=$null
$whichAD=$null
$azad=Get-AzureADUser -objectid
$newAcc.UserPrincipalName
$o3ad=Get-MsolUser -UserPrincipalName
$newAcc.UserPrincipalName # | ft AccountSku, licence
if ($azad.OnPremisesSecurityIdentifier -like
"S-1-5-21-1323355854-4650515797-*") {$whichAD="o365 Joined to
NEW" }
if ($azad.OnPremisesSecurityIdentifier -notlike
"S-1-5-21-1323355854-4650515797-*") {$whichAD="**OLD AD
Joined**" }
#write-host $oldAcc.samaccountname";"
$AZAD.UserPrincipalName"; lic-> " $o3ad.IsLicensed ";"
$oldacc.CanonicalName " IC LL;" + $newAcc.LastLogonDate + $whichAD
if ($oldAcc.LastLogonDate -eq $null)
{
write-host
write-host "logon name ; email; whichAD ; IC
LastLogonDate ;LastLogonDate ;o365 lic-> IsLicensed ;" # WCA Not
used;WCA LL; #
write-host $newAcc.SamAccountName ";"
$newAcc.mail ";"$whichAD ";" ";IC LastLogon;"
$newAcc.LastLogonDate ";o365 lic->" $o3ad.IsLicensed
";" $newacc.CanonicalName # WCA Not used;WCA LL;
$oldAcc.LastLogonDate
}
if ($oldAcc.LastLogonDate -ne $null)
{
write-host
write-host "logon name ; email; whichAD ;
UserPrincipalName/email; IC LastLogonDate; LastLogonDate ; o365lic->
IsLicensed ; ##"
write-host $newAcc.SamAccountName ";"
$newAcc.mail ";"$whichAD ";"$AZAD.UserPrincipalName
";IC LastLogon;" $newAcc.LastLogonDate ";"
";o365lic->" $o3ad.IsLicensed ";" $newacc.CanonicalName
#;WCA LL;" $oldAcc.LastLogonDate "
}
}
Catch
{
write-host
#write-host "logon name; email; Not in Office
365; UPN; IC LL; LastLogonDate; CanonicalName, ###"
write-host $newAcc.SamAccountName ";"
$newAcc.mail "; Not in Office 365;" $newACC.UserPrincipalName ";
IC LastLogon;" $newAcc.LastLogonDate ";"# $newacc.CanonicalName
$newAcc.DistinguishedName
#redundent
#write-host $oldAcc.SamAccountName +
$oldAcc.LastLogonDate + "not in O365"
}
}
No comments:
Post a Comment