forked from msp4msps/Security
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathFind All Global Admins.ps1
66 lines (39 loc) · 2.25 KB
/
Find All Global Admins.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# This is the username of an Office 365 account with delegated admin permissions
$UserName = Read-Host -Prompt "Please enter Partner Center Username"
$Cred = get-credential -Credential $UserName
#This script is looking for unlicensed Company Administrators. Though you can update the role here to look for another role type.
$RoleName = "Company Administrator"
Connect-MSOLService -Credential $Cred
Import-Module MSOnline
$Customers = Get-MsolPartnerContract -All
$msolUserResults = @()
# This is the path of the exported CSV. You'll need to create a C:\temp folder. You can change this, though you'll need to update the next script with the new path.
$msolUserCsv = "C:\temp\AdminUserList.csv"
ForEach ($Customer in $Customers) {
Write-Host "----------------------------------------------------------"
Write-Host "Getting Unlicensed Admins for $($Customer.Name)"
Write-Host " "
$CompanyAdminRole = Get-MsolRole | Where-Object{$_.Name -match $RoleName}
$RoleID = $CompanyAdminRole.ObjectID
$Admins = Get-MsolRoleMember -TenantId $Customer.TenantId -RoleObjectId $RoleID
foreach ($Admin in $Admins){
if($Admin.EmailAddress -ne $null){
$MsolUserDetails = Get-MsolUser -UserPrincipalName $Admin.EmailAddress -TenantId $Customer.TenantId
$LicenseStatus = $MsolUserDetails.IsLicensed
$userProperties = @{
TenantId = $Customer.TenantID
CompanyName = $Customer.Name
PrimaryDomain = $Customer.DefaultDomainName
DisplayName = $Admin.DisplayName
EmailAddress = $Admin.EmailAddress
IsLicensed = $LicenseStatus
BlockCredential = $MsolUserDetails.BlockCredential
}
Write-Host "$($Admin.DisplayName) from $($Customer.Name) is an unlicensed Company Admin"
$msolUserResults += New-Object psobject -Property $userProperties
}
}
Write-Host " "
}
$msolUserResults | Select-Object TenantId,CompanyName,PrimaryDomain,DisplayName,EmailAddress,IsLicensed,BlockCredential | Export-Csv -notypeinformation -Path $msolUserCsv
Write-Host "Export Complete"