Monday, August 20, 2018

Powershell - find which domain a user in O365 is connected to

This script was used as I had two domain, old and new which both had a connection to o365 via AADC. I needed to know which was active, so I could make the new one active an ultimately disable and remove the old one.

This needs W7+ x64 for the Office Powershell components.

Lastly, yes I could have the on screen display in one part of the code, but once you are half way down a hole it make sense to jump, not climb back up and start again. ;)




<#
You only need to run this after a reboot, etc, so use ISE and run as needed
----------------------------------------------------------------------------------------------------------------
[system.net.webrequest]::defaultwebproxy = new-object system.net.webproxy('http://proxy-02.name.nsw.gov.au:8080')
[system.net.webrequest]::defaultwebproxy.credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
[system.net.webrequest]::defaultwebproxy.BypassProxyOnLocal = $true
connect-azuread
Connect-MsolService
----------------------------------------------------------------------------------------------------------------
#>

cls
#this is a check to ensure you have a connection prior to running a disable/delete etc, put in a name that works
$TESTADuser=Get-ADUser -Filter {sAMAccountName -eq 'colvind' } -Properties * -SearchScope Subtree
if ($TESTADuser.whenCreated -eq $null) { write-host "ERROR no connected to AZAD ***************"
break}


$users = Import-Csv C:\temp\userlist.txt
foreach ($users in $users){
$logon=$users.username.trim()

#write-host "looking at " $logon
$newAcc = $null
$oldAcc = $null
$newAcc = Get-ADUser -Filter {sAMAccountName -eq $logon } -Properties * -server "new.name.gov.au" -SearchScope Subtree
$oldAcc = Get-ADUser -Filter {sAMAccountName -eq $logon } -Properties * -server "old.name.gov.au" -SearchScope Subtree


try {
$azad=$null
$o3ad=$null
$whichAD=$null
$azad=Get-AzureADUser -objectid $newAcc.UserPrincipalName
$o3ad=Get-MsolUser -UserPrincipalName $newAcc.UserPrincipalName # | ft AccountSku, licence

if ($azad.OnPremisesSecurityIdentifier -like "S-1-5-21-1323355854-4650515797-*") {$whichAD="o365 Joined to NEW" }
if ($azad.OnPremisesSecurityIdentifier -notlike "S-1-5-21-1323355854-4650515797-*") {$whichAD="**OLD AD Joined**" }

#write-host $oldAcc.samaccountname";" $AZAD.UserPrincipalName"; lic-> " $o3ad.IsLicensed ";" $oldacc.CanonicalName " IC LL;" + $newAcc.LastLogonDate + $whichAD

if ($oldAcc.LastLogonDate -eq $null)
 {
write-host
write-host "logon name ; email; whichAD ; IC LastLogonDate ;LastLogonDate  ;o365 lic-> IsLicensed ;" # WCA Not used;WCA LL; #
write-host $newAcc.SamAccountName ";" $newAcc.mail ";"$whichAD ";" ";IC LastLogon;" $newAcc.LastLogonDate  ";o365 lic->" $o3ad.IsLicensed ";" $newacc.CanonicalName # WCA Not used;WCA LL; $oldAcc.LastLogonDate
 }

 
 if ($oldAcc.LastLogonDate -ne $null)
 {
write-host
write-host "logon name ; email; whichAD ; UserPrincipalName/email; IC LastLogonDate; LastLogonDate ; o365lic-> IsLicensed ; ##"
write-host $newAcc.SamAccountName ";" $newAcc.mail ";"$whichAD ";"$AZAD.UserPrincipalName ";IC LastLogon;" $newAcc.LastLogonDate ";" ";o365lic->" $o3ad.IsLicensed ";" $newacc.CanonicalName #;WCA LL;" $oldAcc.LastLogonDate "
}
}

Catch
{
write-host
#write-host "logon name; email; Not in Office 365; UPN; IC LL; LastLogonDate; CanonicalName, ###"
write-host $newAcc.SamAccountName ";" $newAcc.mail "; Not in Office 365;" $newACC.UserPrincipalName "; IC LastLogon;" $newAcc.LastLogonDate ";"# $newacc.CanonicalName $newAcc.DistinguishedName
#redundent
#write-host $oldAcc.SamAccountName + $oldAcc.LastLogonDate + "not in O365"
}
}


No comments:

Blog Archive