查找具有用户/组和所有者的AzureAD IDP企业应用程序。

huangapple
go评论42阅读模式
英文:

Find AzureAD IDP Enterprise Apps with Users/Groups AND Owners

问题

尝试导出所有Azure AD IDP企业应用程序以及它们关联的用户、组和所有者。我能够获取用户和组,但无法获取所有者,代码如下:

foreach ($servicePrincipal in $ServicePrincipalList) {
    Get-AzureADServiceAppRoleAssignment -ObjectId $ServicePrincipal.objectId | Select-Object ResourceDisplayName, ResourceId, PrincipalDisplayName, PrincipalType | Export-Csv -Path "C:\\PSReports\\AzureAD_IDP_Apps - $date.csv" -NoTypeInformation -Append
}

这将生成以下结果:AzureAD_IDP_Apps导出截图

即使应用程序没有分配任何所有者,我希望报告也能显示它。

尝试查找“所有者”值的PrincipalType,但未能找到。

英文:

Trying to export all Azure AD IDP Enterprise applications with their associated Users and Groups and Owners. I'm able to grab the Users and Groups but not the owners with this:

foreach($servicePrincipal in $ServicePrincipalList){  
Get-AzureADServiceAppRoleAssignment -ObjectId $ServicePrincipal.objectId | Select-Object ResourceDisplayName, ResourceId, PrincipalDisplayName, PrincipalType | Export-Csv -Path "C:\\PSReports\\AzureAD_IDP_Apps - $date.csv" -NoTypeInformation -Append  
}

which produces this:
AzureAD_IDP_Apps Export Screenshot (https://i.stack.imgur.com/U002O.png)

Even if the application does not have any owners assigned, I'd like the report to show it.

Tried finding the PrincipalType for the "Owners" value but was unable to find it

答案1

得分: 0

无法找到“Owners”值的PrincipalType,但找不到它。

您可以使用以下代码获取服务主体的所有者,并导出所有Azure AD IDP企业应用程序以及它们关联的用户、组和所有者。

命令:

$date = Get-Date -Format "yyyyMMddHHmmss"
$ServicePrincipalList = Get-AzureADServicePrincipal -All $true

foreach($servicePrincipal in $ServicePrincipalList){  
    $owners = Get-AzureADServicePrincipalOwner -ObjectId $servicePrincipal.ObjectId | Select-Object DisplayName, UserPrincipalName
    $appRoles = Get-AzureADServiceAppRoleAssignment -ObjectId $servicePrincipal.ObjectId | Select-Object ResourceDisplayName, ResourceId, PrincipalDisplayName, PrincipalType
    $report = $appRoles | Select-Object ResourceDisplayName, ResourceId, PrincipalDisplayName, PrincipalType
    $owners | ForEach-Object {
        $owner = $_
        $report | Add-Member -MemberType NoteProperty -Name "OwnerDisplayName" -Value $owner.DisplayName
        $report | Add-Member -MemberType NoteProperty -Name "OwnerUserPrincipalName" -Value $owner.UserPrincipalName
    }
    $report | Export-Csv -Path "C:\\Users\\Documents\\folder1\\important-$date.csv" -NoTypeInformation -Append -Force
}

文件:

查找具有用户/组和所有者的AzureAD IDP企业应用程序。

英文:

> Tried finding the PrincipalType for the "Owners" value but was unable to find it

You can use the below code to get the owner of the service principal and you can export all Azure AD IDP Enterprise applications with their associated Users and Groups and Owners.

Command:

 $date = Get-Date -Format "yyyyMMddHHmmss"
$ServicePrincipalList = Get-AzureADServicePrincipal -All $true

foreach($servicePrincipal in $ServicePrincipalList){  
    $owners = Get-AzureADServicePrincipalOwner -ObjectId $servicePrincipal.ObjectId | Select-Object DisplayName, UserPrincipalName
    $appRoles = Get-AzureADServiceAppRoleAssignment -ObjectId $servicePrincipal.ObjectId | Select-Object ResourceDisplayName, ResourceId, PrincipalDisplayName, PrincipalType
    $report = $appRoles | Select-Object ResourceDisplayName, ResourceId, PrincipalDisplayName, PrincipalType
    $owners | ForEach-Object {
        $owner = $_
        $report | Add-Member -MemberType NoteProperty -Name "OwnerDisplayName" -Value $owner.DisplayName
        $report | Add-Member -MemberType NoteProperty -Name "OwnerUserPrincipalName" -Value $owner.UserPrincipalName
    }
    $report | Export-Csv -Path "C:\\Users\\Documents\\folder1\\important-$date.csv" -NoTypeInformation -Append -Force
}

file:

查找具有用户/组和所有者的AzureAD IDP企业应用程序。

答案2

得分: 0

这个修复了它。当添加了 -join 选项后,如果有多个所有者,它会将它们添加为一个由分号分隔的单个字符串:

Connect-AzureAD
$date = Get-Date -Format yyyyMMddHHmmss
$ServicePrincipalList = Get-AzureADServicePrincipal -All $true
foreach($servicePrincipal in $ServicePrincipalList){
$owners = Get-AzureADServicePrincipalOwner -ObjectId $servicePrincipal.ObjectId | Select-Object DisplayName, UserPrincipalName
$appRoles = Get-AzureADServiceAppRoleAssignment -ObjectId $servicePrincipal.ObjectId | Select-Object ResourceDisplayName, ResourceId, PrincipalDisplayName, PrincipalType
$report = $appRoles | Select-Object ResourceDisplayName, ResourceId, PrincipalDisplayName, PrincipalType
$report | Add-Member -MemberType NoteProperty -Name OwnerDisplayName -Value ($owners.DisplayName -join ;)
$report | Add-Member -MemberType NoteProperty -Name OwnerUserPrincipalName -Value ($owners.UserPrincipalName -join ;)
$report | Export-Csv -Path C:\PSReports\AzureAD_IDP_Apps-$date.csv -NoTypeInformation -Append -Force
}
英文:

This fixed it. When adding -join if there are multiple owners and it adds it as a single string separated by a semi-colon:

Connect-AzureAD
$date = Get-Date -Format “yyyyMMddHHmmss”
$ServicePrincipalList = Get-AzureADServicePrincipal -All $true
*foreach($servicePrincipal in $ServicePrincipalList){ *
$owners = Get-AzureADServicePrincipalOwner -ObjectId $servicePrincipal.ObjectId | Select-Object DisplayName, UserPrincipalName*
$appRoles = Get-AzureADServiceAppRoleAssignment -ObjectId 
$servicePrincipal.ObjectId | Select-Object ResourceDisplayName, ResourceId, PrincipalDisplayName, PrincipalType*
$report = $appRoles | Select-Object ResourceDisplayName, ResourceId, PrincipalDisplayName, PrincipalType*
$report | Add-Member -MemberType NoteProperty -Name “OwnerDisplayName” -Value ($owners.DisplayName -join ‘;’)*
$report | Add-Member -MemberType NoteProperty -Name “OwnerUserPrincipalName” -Value ($owners.UserPrincipalName -join ‘;’)*
$report | Export-Csv -Path “C:\PSReports\AzureAD_IDP_Apps-$date.csv” -NoTypeInformation -Append -Force*

}

huangapple
  • 本文由 发表于 2023年7月11日 04:38:49
  • 转载请务必保留本文链接:https://go.coder-hub.com/76657187.html
  • azure-powershell
  • idp
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定