Created
September 11, 2017 18:11
-
-
Save joerodgers/074cf65112b2a9b7940fcd3c7ba66675 to your computer and use it in GitHub Desktop.
Get-AADUserLicenseInfo.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| This Sample Code is provided for the purpose of illustration only and is not intended to be used in a production environment. | |
| THIS SAMPLE CODE AND ANY RELATED INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, | |
| INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE. | |
| We grant you a nonexclusive, royalty-free right to use and modify the sample code and to reproduce and distribute the object | |
| code form of the Sample Code, provided that you agree: | |
| (i) to not use our name, logo, or trademarks to market your software product in which the sample code is embedded; | |
| (ii) to include a valid copyright notice on your software product in which the sample code is embedded; and | |
| (iii) to indemnify, hold harmless, and defend us and our suppliers from and against any claims or lawsuits, including | |
| attorneys’ fees, that arise or result from the use or distribution of the sample code. | |
| Please note: None of the conditions outlined in the disclaimer above will supercede the terms and conditions contained within | |
| the Premier Customer Services Description. | |
| ---------------------------------------------------------- | |
| History | |
| ---------------------------------------------------------- | |
| 09-11-2017 - Created | |
| ==============================================================#> | |
| $tenantId = "contoso.onmicrosoft.com"; | |
| # AAD App Principal credentails. | |
| # This script requires the app principal be granted the "Read all users' full profiles" app permission in AAD | |
| $clientId = "0b88ad94-e6ff-477e-b943-28182a9a6c63"; | |
| $clientSecret = "7L19zLMuld/wLyCh8cCv9Qpwt95uXoP6QNRuKokYnlJ="; | |
| $userIdentifier = "adamb@contoso.com" # this is typically UPN in AAD | |
| function Get-AccessToken | |
| { | |
| [CmdletBinding()] | |
| param | |
| ( | |
| [Parameter(Mandatory=$true)][string]$Tenant, | |
| [Parameter(Mandatory=$true)][System.Guid]$ClientID, | |
| [Parameter(Mandatory=$true)][string]$ClientSecret, | |
| [Parameter(Mandatory=$true)][string]$Resource | |
| ) | |
| begin | |
| { | |
| # attempt to standardize the input to just tenant name | |
| $tenantName = $Tenant | |
| $tenantName = $TenantName -replace "https://", "" | |
| $tenantName = $TenantName -replace "http://", "" | |
| $tenantName = $TenantName -replace ".sharepoint.com", "" | |
| $tenantName = $TenantName -replace ".onmicrosoft.com", "" | |
| $uri = New-Object System.Uri("https://login.microsoftonline.com/$tenantName.onmicrosoft.com/oauth2/token") | |
| } | |
| process | |
| { | |
| try | |
| { | |
| $response = Invoke-WebRequest -Uri $uri -Body "grant_type=client_credentials&client_id=$ClientID&client_secret=$ClientSecret&resource=$Resource" -Method Post -UseBasicParsing | |
| $responseBody = $response.Content | ConvertFrom-JSON | |
| $responseBody.access_token | |
| } | |
| catch | |
| { | |
| write-host $_.Exception.Message -ForegroundColor Red | |
| write-host $_.Exception.ItemName -ForegroundColor Red | |
| } | |
| } | |
| end | |
| { | |
| } | |
| } | |
| function Get-AuthenticationHeaders | |
| { | |
| [CmdletBinding()] | |
| param | |
| ( | |
| [Parameter(Mandatory=$true)][string]$AccessToken | |
| ) | |
| begin | |
| { | |
| } | |
| process | |
| { | |
| @{ | |
| 'Content-Type' = 'application/json' | |
| 'Authorization' = "Bearer $($AccessToken)" | |
| } | |
| } | |
| end | |
| { | |
| } | |
| } | |
| function Get-Users | |
| { | |
| [CmdletBinding()] | |
| param | |
| ( | |
| [Parameter(Mandatory=$true)][string]$AccessToken, | |
| [Parameter(Mandatory=$false)][string]$Filter, | |
| [Parameter(Mandatory=$false)][string]$Select | |
| ) | |
| begin | |
| { | |
| $headers = Get-AuthenticationHeaders -AccessToken $AccessToken | |
| $uri = "https://graph.microsoft.com/beta/users" | |
| if( $Filter ) | |
| { | |
| $uri = "$uri`?`$filter=$filter" | |
| } | |
| if( $Filter -and $Select ) | |
| { | |
| $uri = "$uri&`$select=$Select" | |
| } | |
| elseif( $Select ) | |
| { | |
| $uri = "$uri`?`$select=$select" | |
| } | |
| } | |
| process | |
| { | |
| (Invoke-RestMethod -Uri $uri –Headers $headers –Method GET).value | |
| } | |
| end | |
| { | |
| } | |
| } | |
| function Get-User | |
| { | |
| [CmdletBinding()] | |
| param | |
| ( | |
| [Parameter(Mandatory=$true)][string]$AccessToken, | |
| [Parameter(Mandatory=$false)][string]$Identifier | |
| ) | |
| begin | |
| { | |
| $headers = Get-AuthenticationHeaders -AccessToken $AccessToken | |
| $uri = "https://graph.microsoft.com/beta/users/$Identifier" | |
| } | |
| process | |
| { | |
| Write-Verbose -Message "Request URI: $uri" | |
| try | |
| { | |
| Invoke-RestMethod -Uri $uri –Headers $headers –Method GET -ErrorAction Stop | |
| } | |
| catch | |
| { | |
| Write-Error "User not found in AAD tenant: $Identifier" | |
| } | |
| } | |
| end | |
| { | |
| } | |
| } | |
| function Get-SubscribedSkus | |
| { | |
| [CmdletBinding()] | |
| param | |
| ( | |
| [Parameter(Mandatory=$true)][string]$AccessToken | |
| ) | |
| begin | |
| { | |
| $headers = Get-AuthenticationHeaders -AccessToken $AccessToken | |
| $uri = "https://graph.microsoft.com/beta/subscribedSkus" | |
| } | |
| process | |
| { | |
| Write-Verbose -Message "Request URI: $uri" | |
| (Invoke-RestMethod -Uri $uri –Headers $headers –Method GET).value | |
| } | |
| end | |
| { | |
| } | |
| } | |
| function Get-SubscribedSkuDisplayNames | |
| { | |
| [CmdletBinding()] | |
| param | |
| ( | |
| [Parameter(Mandatory=$true)][Guid[]]$Sku, | |
| [Parameter(Mandatory=$true)][string]$AccessToken | |
| ) | |
| begin | |
| { | |
| $skuInfo = Get-SubscribedSkus -AccessToken $AccessToken | |
| } | |
| process | |
| { | |
| foreach ($x in $Sku ) | |
| { | |
| $skuInfo | ? { $_.skuId -eq $X } | SELECT @{ Name="Sku Name"; Expression={ $_.skuPartNumber }} | |
| } | |
| } | |
| end | |
| { | |
| } | |
| } | |
| # get an access token to talk to the graph API | |
| $accessToken = Get-AccessToken -Tenant $tenantId -ClientID $clientId -ClientSecret $clientSecret -Resource "https://graph.microsoft.com" | |
| # get a list of all the Sku available in the tenant | |
| $subscribedSkus = Get-SubscribedSkus -AccessToken $accessToken | |
| # query the graph API to get the info for the user | |
| $userDetails = Get-User -AccessToken $accessToken -Identifier $userIdentifier | |
| if( -not $userDetails ) { return } | |
| Write-Host "`nGeneral Information`n" -ForegroundColor Green | |
| $userDetails | FL DisplayName, mail, AccountEnabled, onPremisesDomainName, onPremisesLastSyncDateTime, onPremisesSecurityIdentifier, onPremisesSamAccountName, onPremisesUserPrincipalName | |
| Write-Host "`nAssigned Plans`n" -ForegroundColor Green | |
| $userDetails.provisionedPlans | FT * -AutoSize | |
| Write-Host "`nAssigned SKUs`n" -ForegroundColor Green | |
| Get-SubscribedSkuDisplayNames -Sku $($userDetails.assignedLicenses.skuId) -AccessToken $accessToken | FT * -AutoSize | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment