Osprey

1.0.3

functions/Tenant/Get-OspreyTenantAdmins.ps1

                                <#

.DESCRIPTION

    Exports administrators via Entra and Exchange.

.OUTPUTS

    EntraIDAdministrators.csv

    EntraIDAdministrators.json

    ExchangeAdmins.csv

#>

Function Get-OspreyTenantAdmins {

    Test-EXOConnection

    Test-GraphConnection

    $InformationPreference = "Continue"

    ##Getting Entra Admins##

    Out-LogFile "Gathering Entra ID Administrators"

    #Foreach directory admin role

    $rolesENT = foreach ($role in Get-MgDirectoryRole) {

        $adminsENT = (Get-MgDirectoryRoleMemberAsUser -DirectoryRoleId $role.Id).userprincipalname #get any accounts that is a member

        if ([string]::IsNullOrWhiteSpace($adminsENT)) {

            #if no members were found

            [PSCustomObject]@{

                AdminGroupName = $role.DisplayName

                Members        = "No Members"

            }

        }

        foreach ($admin in $adminsENT) {

            #if a member was found

            [PSCustomObject]@{

                AdminGroupName = $role.DisplayName

                Members        = $admin

            }

        }

    }

    $rolesENT | Out-MultipleFileType -FilePrefix "EntraIDAdmins" -csv -json #export it

    <#

    #filter out the no members member, then select unique members

    $admins2ENT = $rolesENT | Where-Object -property members -notMatch "No Members" | Select-Object -unique -property Members

    #put member names into a variable

    $AllAdmins += $admins2ENT.members

    #>

    Out-LogFile "Completed exporting Entra ID Administrators"

    Out-LogFile "Gathering Exchange Online Administrators"

    #Foreach exchange admin role

    $rolesEXO = foreach ($Role in Get-RoleGroup) {

        $AdminsEXO = Get-RoleGroupMember -Identity $Role.Identity | Select-Object -Property * #get members

        foreach ($admin in $AdminsEXO) {

            if ([string]::IsNullOrWhiteSpace($admin.WindowsLiveId)) {

                #if no windows live ID property

                [PSCustomObject]@{

                    ExchangeAdminGroup = $Role.Name

                    Members            = $admin.DisplayName

                    RecipientType      = $admin.RecipientType

                }

            }

            else {

                [PSCustomObject]@{ #if windowsliveid property exists

                    ExchangeAdminGroup = $Role.Name

                    Members            = $admin.WindowsLiveId

                    RecipientType      = $admin.RecipientType

                }

            }

        }

    }

    $rolesEXO | Out-MultipleFileType -FilePrefix "ExchangeAdmins" -csv #export

    Out-Logfile "Completed exporting Exchange Online Administrators"

    <# failure

    #get all actual accounts that arent just groups, then select unique

    $admins2EXO = $rolesEXO | Where-Object -property RecipientType -Match "UserMailbox" | Select-Object -unique -property Members

    #throw into the admins variable

    $AllAdmins += $admins2EXO.members

    #remove any duplicates

    $AllAdmins = $AllAdmins | Select-Object -unique

    ##Checking for new admins##

    $InvestigateLog = @()

    foreach ($user in $AllAdmins) {

        Get-mguser -userid $user

        if ((get-mguser -userid $user) )

    }

#>

}