spec.graphapi.utilities

1.0.2

Public/Get-specEntraIDUserGroup.ps1

                                function Get-specEntraIDUserGroup {

    <#

    .SYNOPSIS

    Retrieves group membership information for users from Microsoft Graph API based on their UserPrincipalName (UPN).

    .DESCRIPTION

    This function retrieves group membership information for users from Microsoft Graph API based on their UserPrincipalName (UPN). It requires an access token with appropriate permissions to access Microsoft Graph.

    .PARAMETER UPN

    Specifies the UserPrincipalName (UPN) of the user(s) whose group membership information is to be retrieved. This parameter accepts input from the pipeline. If not specified, the default value is set to the UPN of the currently logged-in user.

    .PARAMETER AccessToken

    Specifies the access token required to authenticate with Microsoft Graph API. This parameter is mandatory.

    .EXAMPLE

    Get-specEntraIDUserGroup -UPN "user1@specsavers.com" -AccessToken "your_access_token_here"

    Retrieve group membership information for a single user with the specified UPN.

    .EXAMPLE

    "user1@specsavers.com" | Get-specEntraIDUserGroup -AccessToken "your_access_token_here"

    Retrieve group membership information for a single user using pipeline input for the UPN.

    .EXAMPLE

    $customObject = [pscustomobject]@{

        UPN = "user1@specsavers.com"

        AccessToken = "your_access_token_here"

    }

    $customObject | Get-specEntraIDUserGroup

    Retrieve group membership information for user(s) whose UPNs are contained in a custom object sent through the pipeline.

    .NOTES

    Author: owen.heaume

    Version: 1.0.0 Initial Release

             1.0.1 Add @odata.nextlink code so it returns all groups if over 100 (Previously would only return a max of 100 groups)

    #>

    [cmdletbinding()]

    param(

        [parameter(Mandatory = $false, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]

        [Alias('UserPrincipalName')]

        [string[]]$UPN = "$ENV:Username@specsavers.com",

        [parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true)]

        [string]$AccessToken

    )

    Begin { }

    process {

        foreach ($user in $UPN) {

            $url = "https://graph.microsoft.com/v1.0/users/$user/memberOf"

            $allGroups = @()

            do {

                try {

                    $result = Invoke-RestMethod -Method Get -Uri $url -Headers @{Authorization = "Bearer $($AccessToken)" } -ea Stop

                    $allGroups += $result.value

                    $url = $result.'@odata.nextLink'

                } catch {

                    Write-Warning "$User Error: $($_.Exception.Message)"

                    $url = $null

                }

            } while ($url)

            $allGroups | ForEach-Object {

                [pscustomobject]@{

                    UPN          = $user

                    GroupID      = $_.id

                    DisplayName  = $_.displayName

                    Description  = $_.description

                    MailEnabled  = $_.mailEnabled

                    CreationDate = $_.createdDateTime

                }

            }

        }

    }

}