darrenjrobinson/run.ps1

## run.ps1
using namespace System.Net

# Input bindings are passed in via param block.
param($Request, $TriggerMetadata)

# Write to the Azure Functions log stream.
Write-Host "PowerShell AzureAD Query HTTP trigger function received a request."

Write-Host $Request.Body
# Write-Host $Request.Query

[string]$queryString = ($Request.Body)
$queryData = $queryString.Split("&")
$clientState = $queryData[0].Split("=")[1]
$userObject = $queryData[1].Split("=")[1]

write-host $queryString
write-host $queryData
Write-Host $clientState
Write-Host $userObject

if ($clientState -eq "$($env:clientStateValue)" -and ($userObject -like "Users/*")) {
    # Valid Request
    $clientSecret = (ConvertTo-SecureString "$($env:graphAutomationSecret)" -AsPlainText -Force )
    $accessToken = (Get-MsalToken -clientID "$($env:graphAutomationClientID)" -clientSecret $clientSecret -tenantID "$($env:graphAutomationTenantID)").AccessToken

    write-host "AADQuery AccessToken: $($accessToken)"

    if ($accessToken) {
        $updatedUser = $null
        $updatedUserMemberships = $null
        $userSummary = $null

        $updatedUser = Invoke-RestMethod -Method Get `
            -Uri "https://graph.microsoft.com/beta/$($userObject)" `
            -Headers @{Authorization = "Bearer $($accessToken)" }

        write-host "AADQUERY: Querying AAD for User ObjectID '$($userObject)'"

        if ($updatedUser.userType -eq "Guest") {
            # Get Memberships
            $updatedUserMemberships = (Invoke-RestMethod -Method Get `
                    -Uri "https://graph.microsoft.com/v1.0/$($userObject)/transitiveMemberOf" `
                    -Headers @{Authorization = "Bearer $($accessToken)" }).value

            $userSummary = @{
                user   = @($updatedUser)
                groups = @($updatedUserMemberships.displayName)
            }

            write-host "USER: $($updatedUser)"
            write-host "GROUPMemberships: $($updatedUserMemberships.displayName)"
        } else {
            write-host "USER TYPE: '$($updatedUser.userType)', so ignoring."
        }
    } else {
        Write-Host "FAIL: No Access Token Received"
    }
}

if ($userSummary) {
    # Build Notification Email
    $emailSubject = "Changed Azure AD User Object"
    $emailBody = "Azure AD User Summary. `r`n `r`n $($userSummary.user | Out-String) `r`n `r`n Azure AD User Groups Summary `r`n `r`n $($userSummary.groups)"

    $mail = @{
        "personalizations" = @(
            @{
                "to" = @(
                    @{
                        "email" = "$($env:sendGridToAddress)"
                    }
                )
            }
        )
        "from"             = @{
            "email" = "$($env:sendGridFromAddress)"
        }
        "subject"          = "$($emailSubject)"
        "content"          = @(
            @{
                "type"  = "text/plain"
                "value" = "$($emailBody)"
            }
        )
    }

    # Send Email Notification via SendGrid
    if ($mail) {
        Push-OutputBinding -Name message -Value (ConvertTo-Json -InputObject $mail -Depth 4)
    }
}
	using namespace System.Net

	# Input bindings are passed in via param block.
	param($Request, $TriggerMetadata)

	# Write to the Azure Functions log stream.
	Write-Host "PowerShell AzureAD Query HTTP trigger function received a request."

	Write-Host $Request.Body
	# Write-Host $Request.Query

	[string]$queryString = ($Request.Body)
	$queryData = $queryString.Split("&")
	$clientState = $queryData[0].Split("=")[1]
	$userObject = $queryData[1].Split("=")[1]

	write-host $queryString
	write-host $queryData
	Write-Host $clientState
	Write-Host $userObject

	if ($clientState -eq "$($env:clientStateValue)" -and ($userObject -like "Users/*")) {
	# Valid Request
	$clientSecret = (ConvertTo-SecureString "$($env:graphAutomationSecret)" -AsPlainText -Force )
	$accessToken = (Get-MsalToken -clientID "$($env:graphAutomationClientID)" -clientSecret $clientSecret -tenantID "$($env:graphAutomationTenantID)").AccessToken

	write-host "AADQuery AccessToken: $($accessToken)"

	if ($accessToken) {
	$updatedUser = $null
	$updatedUserMemberships = $null
	$userSummary = $null

	$updatedUser = Invoke-RestMethod -Method Get `
	-Uri "https://graph.microsoft.com/beta/$($userObject)" `
	-Headers @{Authorization = "Bearer $($accessToken)" }

	write-host "AADQUERY: Querying AAD for User ObjectID '$($userObject)'"

	if ($updatedUser.userType -eq "Guest") {
	# Get Memberships
	$updatedUserMemberships = (Invoke-RestMethod -Method Get `
	-Uri "https://graph.microsoft.com/v1.0/$($userObject)/transitiveMemberOf" `
	-Headers @{Authorization = "Bearer $($accessToken)" }).value

	$userSummary = @{
	user = @($updatedUser)
	groups = @($updatedUserMemberships.displayName)
	}

	write-host "USER: $($updatedUser)"
	write-host "GROUPMemberships: $($updatedUserMemberships.displayName)"
	} else {
	write-host "USER TYPE: '$($updatedUser.userType)', so ignoring."
	}
	} else {
	Write-Host "FAIL: No Access Token Received"
	}
	}

	if ($userSummary) {
	# Build Notification Email
	$emailSubject = "Changed Azure AD User Object"
	$emailBody = "Azure AD User Summary. `r`n `r`n $($userSummary.user \| Out-String) `r`n `r`n Azure AD User Groups Summary `r`n `r`n $($userSummary.groups)"

	$mail = @{
	"personalizations" = @(
	@{
	"to" = @(
	@{
	"email" = "$($env:sendGridToAddress)"
	}
	)
	}
	)
	"from" = @{
	"email" = "$($env:sendGridFromAddress)"
	}
	"subject" = "$($emailSubject)"
	"content" = @(
	@{
	"type" = "text/plain"
	"value" = "$($emailBody)"
	}
	)
	}

	# Send Email Notification via SendGrid
	if ($mail) {
	Push-OutputBinding -Name message -Value (ConvertTo-Json -InputObject $mail -Depth 4)
	}
	}