-
-
Save SMSAgentSoftware/c9468f638dad3af747689cb931cd4fc8 to your computer and use it in GitHub Desktop.
## Requires the Microsoft.Graph.Intune module | |
## Examples: | |
$GroupMembership = Get-DeviceGroupMembership -DeviceName "PC001" | |
$GroupMembership = Get-DeviceGroupMembership -AADDeviceId "c089201c-ad84-1234-5678-00d06dc86d8f" | |
$GroupMembership | Sort Name | Out-GridView | |
# Is device a member of a specific group | |
$GroupMembership.Name -contains "Intune - All Windows 10 Workstations" | |
# Function | |
function Get-DeviceGroupMembership{ | |
[CmdletBinding(DefaultParameterSetName='Name')] | |
Param( | |
[Parameter(Mandatory=$true,ParameterSetName='Name')] | |
[ValidateNotNullOrEmpty()] | |
[string]$DeviceName, | |
[Parameter(Mandatory=$true,ParameterSetName='Id')] | |
[ValidateNotNullOrEmpty()] | |
[string]$AADDeviceId | |
) | |
$ProgressPreference = 'SilentlyContinue' | |
# Get a user token for MS Graph | |
$GraphToken = Connect-MSGraph -PassThru | |
# Find the object id | |
If ($DeviceName) | |
{ | |
$URL = "https://graph.microsoft.com/v1.0/devices?`$filter=displayName eq '$DeviceName'&`$select=id" | |
} | |
If ($AADDeviceId) | |
{ | |
$URL = "https://graph.microsoft.com/v1.0/devices?`$filter=deviceId eq '$AADDeviceID'&`$select=id" | |
} | |
$headers = @{'Authorization'="Bearer " + $GraphToken} | |
$D_Response = Invoke-WebRequest -Uri $URL -Method GET -Headers $Headers -UseBasicParsing | |
If ($D_Response.StatusCode -eq 200) | |
{ | |
# Check for duplicates | |
$DeviceId = ($D_Response.Content | ConvertFrom-Json).Value.id | |
If ($DeviceId.Count -gt 1) | |
{ | |
Write-Warning "Multiple devices found. Please pass a unique devicename or AAD device Id!" | |
Return | |
} | |
else | |
{ | |
If ($DeviceId) | |
{ | |
# Get the group membership | |
$URL = "https://graph.microsoft.com/beta/devices/$DeviceId/memberOf?`$select=displayName,description,id,groupTypes,membershipRule,membershipRuleProcessingState" | |
$G_Response = Invoke-WebRequest -Uri $URL -Method GET -Headers $Headers -UseBasicParsing | |
If ($G_Response.StatusCode -eq 200) | |
{ | |
$Groups = ($G_Response.Content | ConvertFrom-Json).Value | |
} | |
# Get the transitive group membership | |
$URL = "https://graph.microsoft.com/beta/devices/$DeviceId/transitiveMemberOf?`$select=displayName,description,id,groupTypes,membershipRule,membershipRuleProcessingState" | |
$TG_Response = Invoke-WebRequest -Uri $URL -Method GET -Headers $Headers -UseBasicParsing | |
If ($TG_Response.StatusCode -eq 200) | |
{ | |
$TransitiveGroups = ($TG_Response.Content | ConvertFrom-Json).Value | |
} | |
} | |
else | |
{ | |
Write-Warning "Device not found!" | |
} | |
} | |
} | |
else | |
{ | |
Return | |
} | |
# If results found | |
If ($Groups.Count -ge 1 -or $TransitiveGroups.Count -ge 1) | |
{ | |
# Create a datatable to hold the groups | |
$DataTable = [System.Data.DataTable]::New() | |
$Columns = @() | |
@( | |
'Name' | |
'Description' | |
'Object Id' | |
'Membership Type' | |
'Direct or Transitive' | |
'Membership Rule' | |
'Membership Rule Processing State' | |
) | foreach { | |
$Columns += [System.Data.DataColumn]::new("$_") | |
} | |
$DataTable.Columns.AddRange($Columns) | |
# Add the groups | |
foreach ($Group in $Groups) | |
{ | |
If (($Group.groupTypes | Select -First 1) -eq "DynamicMembership") | |
{$MembershipType = "Dynamic"} | |
Else {$MembershipType = "Assigned"} | |
[void]$DataTable.Rows.Add($Group.displayName,$Group.description,$Group.id,$MembershipType,"Direct",$Group.membershipRule,$Group.membershipRuleProcessingState) | |
} | |
# Add the transitive groups | |
foreach ($TransitiveGroup in ($TransitiveGroups | where {$_.id -NotIn $Groups.id})) | |
{ | |
If (($TransitiveGroup.groupTypes | Select -First 1) -eq "DynamicMembership") | |
{$MembershipType = "Dynamic"} | |
Else {$MembershipType = "Assigned"} | |
[void]$DataTable.Rows.Add($TransitiveGroup.displayName,$TransitiveGroup.description,$TransitiveGroup.id,$MembershipType,"Transitive",$TransitiveGroup.membershipRule,$TransitiveGroup.membershipRuleProcessingState) | |
} | |
Return $DataTable | |
} | |
} |
Download the PS1, run it and got this error:
"Importing modules...You cannot call a method on a null-valued expression"
Your commenting on the wrong script, but I'm guessing you don't have the SMS variable set, eg
Import-Module $env:SMS_ADMIN_UI_PATH.Replace('i386','ConfigurationManager.psd1') -ErrorAction Stop
Thanks for the fast answer, Trevor.
You´re right, I comment on the wrong script, can you move this comments?
And you´re also right with the missing SMS module, I have overseen that if I use the switch -All this module is necessary.
Thanks, working fine!
Thanks for the fast answer, Trevor. You´re right, I comment on the wrong script, can you move this comments?
And you´re also right with the missing SMS module, I have overseen that if I use the switch -All this module is necessary. Thanks, working fine!
👍
Download the PS1, run it and got this error:
"Importing modules...You cannot call a method on a null-valued expression"
Any idea?