This repository has been archived by the owner on Dec 6, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 525
/
Copy pathdisplay-users-group-of-an-app.ps1
104 lines (71 loc) · 3.03 KB
/
display-users-group-of-an-app.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# This sample script displays users and groups assigned to the specified Application Proxy application.
#
# .\display-users-group-of-an-app.ps1 -ObjectId <ObjectId of the application>
#
# This script requires PowerShell 5.1 (x64) and one of the following modules:
# AzureAD 2.0.2.52
# AzureADPreview 2.0.2.53
#
# Before you begin:
# Run Connect-AzureAD to connect to the tenant domain.
# Required Azure AD role: Global Administrator or Application Administrator
param(
[string] $ObjectId = "null"
)
$aadapServPrincObjId=$ObjectId
If ($aadapServPrincObjId -eq "null") {
Write-Host "Parameter is missing." -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host " "
Write-Host ".\display-users-group-of-an-app.ps1 -ObjectId <ObjectId of the application>" -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host " "
Exit
}
Write-Host "Reading users. This operation might take longer..." -BackgroundColor "Black" -ForegroundColor "Green"
$users=Get-AzureADUser -Top 1000000
Write-Host "Reading groups. This operation might take longer..." -BackgroundColor "Black" -ForegroundColor "Green"
$groups = Get-AzureADGroup -Top 1000000
$aadapApp = $aadapServPrinc | ForEach-Object { $allApps -match $_.AppId }
Write-Host "Displaying users and groups assigned to the specified Application Proxy application..." -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host " "
try { $app = Get-AzureADServicePrincipal -ObjectId $aadapServPrincObjId}
catch {
Write-Host "Possibly the ObjetId is incorrect." -BackgroundColor "Black" -ForegroundColor "Red"
Write-Host " "
Exit
}
Write-Host ("Application: " + $app.DisplayName + "(ServicePrinc. ObjID:" + $aadapServPrincObjId + ")")
Write-Host ("")
Write-Host ("Assigned (directly and through group membership) users:")
Write-Host ("")
$number=0
foreach ($item in $users) {
$listOfAssignments = Get-AzureADUserAppRoleAssignment -ObjectId $item.ObjectId
$assigned = $false
foreach ($item2 in $listOfAssignments) { If ($item2.ResourceID -eq $aadapServPrincObjId) { $assigned = $true } }
If ($assigned -eq $true) {
Write-Host ("DisplayName: " + $item.DisplayName + " UPN: " + $item.UserPrincipalName + " ObjectID: " + $item.ObjectID)
$number = $number + 1
}
}
Write-Host ("")
Write-Host ("Number of (directly and through group membership) users: " + $number)
Write-Host ("")
Write-Host ("")
Write-Host ("Assigned groups:")
Write-Host ("")
$number=0
foreach ($item in $groups) {
$listOfAssignments = Get-AzureADGroupAppRoleAssignment -ObjectId $item.ObjectId
$assigned = $false
foreach ($item2 in $listOfAssignments) { If ($item2.ResourceID -eq $aadapServPrincObjId) { $assigned = $true } }
If ($assigned -eq $true) {
Write-Host ("DisplayName: " + $item.DisplayName + " ObjectID: " + $item.ObjectID)
$number=$number+1
}
}
Write-Host ("")
Write-Host ("Number of assigned groups: " + $number)
Write-Host ("")
Write-Host ("")
Write-Host ("Finished.") -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host ("")