functions/Tenant/Get-HawkTenantAZAdmins.ps1
Function Get-HawkTenantAZAdmins{ <# .SYNOPSIS Tenant Azure Active Directory Administrator export. Must be connected to Azure-AD using the Connect-AzureAD cmdlet .DESCRIPTION Tenant Azure Active Directory Administrator export. Reviewing administrator access is key to knowing who can make changes to the tenant and conduct other administrative actions to users and applications. .EXAMPLE Get-HawkTenantAZAdmins Gets all Azure AD Admins .OUTPUTS AzureADAdministrators.csv .LINK https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureaddirectoryrolemember?view=azureadps-2.0 .NOTES #> BEGIN{ #Initializing Hawk Object if not present if ([string]::IsNullOrEmpty($Hawk.FilePath)) { Initialize-HawkGlobalObject } Out-LogFile "Gathering Azure AD Administrators" Test-AzureADConnection } PROCESS{ $roles = foreach ($role in Get-MgDirectoryRole){ $admins = (Get-MGDirectoryRoleMember -DirectoryRoleId $role.id) if ([string]::IsNullOrWhiteSpace($admins)) { [PSCustomObject]@{ AdminGroupName = $role.DisplayName Members = "No Members" } } foreach ($admin in $admins){ if($admin.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.user"){ [PSCustomObject]@{ AdminGroupName = $role.DisplayName Members = $admin.AdditionalProperties.userPrincipalName } } else{ [PSCustomObject]@{ AdminGroupName = $role.DisplayName Members = $admin.AdditionalProperties.displayName } } } } $roles | Out-MultipleFileType -FilePrefix "AzureADAdministrators" -csv -json } END{ Out-LogFile "Completed exporting Azure AD Admins" } }#End Function |