UsersToDevices.psm1
|
function Add-User-Devices { <# .SYNOPSIS Finds registered devices of users in UserGroup and adds them into DeviceGroup. .DESCRIPTION Author: David Velasquez Dependencies: AzureAD Module NuGet provider version '2.8.5.201' or newer Accepts [-From] and [-To] as parameter aliases for [-UserGroup] and [-DeviceGroup]. Accepts [-Mobile] as optional parameter to only add mobile devices to [-DeviceGroup]. Example: Add-User-Devices [-From] <String> [-To] <String> [-Mobile] [<CommonParameters>] Note: <string> is the ObjectID of the User and Device groups. .PARAMETER UserGroup Specifies the name of the user group where users can be found. .PARAMETER DeviceGroup Specifies the name of the device group where registered devices should be placed. .PARAMETER Mobile Optional: Specifies the name of the device group where registered mobile devices should be placed. .EXAMPLE PS C:\> Add-User-Devices -UserGroup <ObjectID> -DeviceGroup <ObjectID> .EXAMPLE PS C:\> Add-User-Devices -From <ObjectID> -To <ObjectID> .EXAMPLE PS C:\> Add-User-Devices -From <ObjectID> -To <ObjectID> -Mobile .LINK Get-Report #> [CmdletBinding()] Param( [Parameter(Mandatory = $True,HelpMessage='User Group ObjectId')] [Alias("From")] [String] $UserGroup, [Parameter(Mandatory = $True,HelpMessage='Device Group ObjectId')] [Alias("To")] [String] $DeviceGroup, [Parameter(Mandatory = $False)] [Alias("M")] [switch] $Mobile ) Azure-Ad-Auth #Write-Host "`nFinding registered devices" $UserList = Get-AzureADGroupMember -ObjectId $UserGroup -All $true | Sort-Object -Property DisplayName If (!($UserList)) { Write-Host "No users were found - exiting" ; break } Write-Host ("`nProcessing details for {0} users" -f $UserList.count) -ForegroundColor Green $DeviceList = Get-AzureADGroupMember -ObjectId $DeviceGroup -All $true | Sort-Object -Property DisplayName $global:UserGroupName = (Get-AzureADGroup -objectid $UserGroup).displayname $global:DeviceGroupName = (Get-AzureADGroup -objectid $DeviceGroup).displayname $i = 0 foreach ($User in $UserList) { $i++ Write-Host ("`nFinding devices registered to {0} ({1}/{2})" -f $User.DisplayName, $i, $UserList.count) -ForegroundColor Yellow $DeviceQuery = Get-AzureADUserRegisteredDevice -objectid $User.objectid -All $true if ($Mobile) { $Devices = $DeviceQuery | where-object { ($_.displayname -like "*iphone*") -or ($_.displayname -like "*ipad*") } } else { $Devices = $DeviceQuery | where-object { ($_.displayname -notlike "*iphone*") -and ($_.displayname -notlike "*MacBook*") -and ($_.displayname -notlike "*ipad*") -and ($_.displayname -notlike "*vdi*") -and ($_.displayname -notlike "*yealink*") -and ($_.displayname -notlike "*android*") } } $j = 0 foreach ($Device in $Devices) { $j++ if ($Device -ne $null) { if ($DeviceList.objectid -notcontains $Device.objectid) { Write-Host ("`nProcessing ({0}/{1}) devices for {2}" -f $j, $Devices.count, $User.DisplayName) -ForegroundColor Green Write-Host ("`nAdding {0}'s {1} to {2}" -f $User.DisplayName, $Device.displayname, $DeviceGroupName) -ForegroundColor Cyan Add-AzureADGroupMember -ObjectId $DeviceGroup -RefObjectId $Device.objectid } else { Write-Host ("`nProcessing ({0}/{1}) devices for {2}" -f $j, $Devices.count, $User.DisplayName) -ForegroundColor Green Write-Host ("`n{0}'s {1} is already a member of {2}" -f $User.DisplayName, $Device.displayname, $DeviceGroupName) -ForegroundColor Red } } } } write-host "" Write-Host -ForegroundColor Yellow -NoNewLine 'Press any key to continue and generate report... '; $null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown'); Get-Report -From $UserGroup -To $DeviceGroup } function Azure-Ad-Auth() { $NuGet = (Get-packageprovider -ListAvailable -Name NuGet -ea silentlycontinue) if (!$NuGet) { Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force | Out-Null } Import-PackageProvider -Name NuGet | Out-Null $AzureAD = (Get-Module -ListAvailable -Name AzureAD -ea silentlycontinue) if (!$AzureAD) { Install-Module -Name AzureAD -Force | Out-Null } Import-Module AzureAD | Out-Null $mod = get-module AzureAD if ($mod -ne $null) { try { clear Connect-AzureAD clear } catch { clear write-host Write-warning "Could not connect to Azure AD" write-host exit } } } function Get-Report() { [CmdletBinding()] Param( [Parameter(Mandatory = $True)] [Alias("From")] [String] $UserGroup, [Parameter(Mandatory = $True)] [Alias("To")] [String] $DeviceGroup ) $UserList = Get-AzureADGroupMember -ObjectId $UserGroup -All $true | Sort-Object -Property DisplayName $DeviceList = Get-AzureADGroupMember -ObjectId $DeviceGroup -All $true | Sort-Object -Property DisplayName $Report = [System.Collections.Generic.List[Object]]::new() foreach ($User in $UserList) { $DeviceQuery = Get-AzureADUserRegisteredDevice -objectid $User.objectid -All $true $Devices = $DeviceQuery | where-object { ($_.displayname -notlike "*iphone*") -and ($_.displayname -notlike "*ipad*") -and ($_.displayname -notlike "*MacBook*") -and ($_.displayname -notlike "*vdi*") -and ($_.displayname -notlike "*android*") -and ($_.displayname -notlike "*yealink*") } $iPhones = $DeviceQuery | where-object {$_.displayname -like "*iphone*"} $iPads = $DeviceQuery | where-object {$_.displayname -like "*ipad*"} $Laptops = $DeviceQuery | where-object {$_.displayname -like "*-LT-*"} $AppleLaptops = $DeviceQuery | where-object {$_.displayname -like "*MacBook*"} $Desktops = $DeviceQuery | where-object { ($_.displayname -notlike "*iphone*") -and ($_.displayname -notlike "*ipad*") -and ($_.displayname -notlike "*MacBook*") -and ($_.displayname -notlike "*vdi*") -and ($_.displayname -notlike "*-LT-*") -and ($_.displayname -notlike "*android*") -and ($_.displayname -notlike "*yealink*") } $MobileDevices = $DeviceQuery | where-object { ($_.displayname -like "*iphone*") -or ($_.displayname -like "*ipad*") } $VirtualDesktops = $DeviceQuery | where-object {$_.displayname -like "*VDI-*"} $DevicesInDeviceGroup = $DeviceQuery | where-object { ($_.objectid -in $DeviceList.objectid) -and ($_.displayname -notlike "*iphone*") -and ($_.displayname -notlike "*ipad*") -and ($_.displayname -notlike "*MacBook*") -and ($_.displayname -notlike "*vdi*") -and ($_.displayname -notlike "*android*") } $MobileDevicesInDeviceGroup = $DeviceQuery | where-object { ($_.objectid -in $DeviceList.objectid) -and ($_.displayname -like "*iphone*") -or ($_.displayname -like "*ipad*") } $Lines = [PSCustomObject]@{ User = $User.displayname UserObjectID = $User.objectid UserGroup = $UserGroupName UserGroupObjectID = $UserGroup DeviceGroup = $DeviceGroupName DeviceGroupObjectID = $DeviceGroup Devices = $Devices.displayname DeviceObjectIDs = $Devices.objectid DesktopDevices = $Desktops.displayname DesktopDeviceIDs = $Desktops.objectid LaptopDevices = $Laptops.displayname LaptopDeviceIDs = $Laptops.objectid AppleLaptopDevices = $AppleLaptops.displayname AppleLaptopDeviceIDs = $AppleLaptops.objectid iPadDevices = $iPads.displayname iPadDeviceIDs = $iPads.objectid iPhoneDevices = $iPhones.displayname iPhoneDeviceIDs = $iPhones.objectid VirtualDesktopDevices = $VirtualDesktops.displayname VirtualDesktopDeviceIDs = $VirtualDesktops.objectid CustomAttributes = $null DevicesInDeviceGroup = $DevicesInDeviceGroup.displayname DevicesInDeviceGroupIDs = $DevicesInDeviceGroup.objectid MobileDevicesInDeviceGroup = $MobileDevicesInDeviceGroup.displayname MobileDevicesInDeviceGroupIDs = $MobileDevicesInDeviceGroup.objectid } $Report.Add($Lines) } clear Write-Host "`nGenerated Report" Write-Host "----------------`n" $Report } Export-ModuleMember -function * -alias * |