joerodgers/OneDriveEEEU.ps1

## OneDriveEEEU.ps1
#requires -modules "PnP.PowerShell"

# requires SharePoint > Application > Sites.FullControl.All
Connect-PnPOnline `
            -Url         "https://$env:O365_TENANT-admin.sharepoint.com" `
            -ClientId    $env:O365_CLIENTID `
            -Thumbprint  $env:O365_THUMBPRINT `
            -Tenant      $env:O365_TENANTID `
            -ErrorAction Stop

# pull all sites and filter out non-onedrive sites
$personalSites = Get-PnPTenantSite -IncludeOneDriveSites | Where-Object -Property Template -match "SPSPERS"

# enumerate onedrive sites
$results = foreach( $personalSite in $personalSites )
{
    Write-Host "[$(Get-Date)] - Scanning: $($personalSite.Url)"

    try
    {
        # connect to the onedrive site
        Connect-PnPOnline `
                    -Url         $personalSite.Url `
                    -ClientId    $env:O365_CLIENTID `
                    -Thumbprint  $env:O365_THUMBPRINT `
                    -Tenant      $env:O365_TENANTID `
                    -ErrorAction Stop

        # get the rootweb + RoleAssignments
        $web = Get-PnPWeb -Includes RoleAssignments

        # enumerate RoleAssignments
        foreach( $roleAssignment in $web.RoleAssignments )
        {
            # pull principal LoginName
            $null = Get-PnPProperty -ClientObject $roleAssignment.Member -Property LoginName

            # enumerate principals
            foreach( $member in $roleAssignment.Member )
            {
                # check if principal is EEEU
                if( $member.LoginName -match "spo-grid-all-users" )
                {
                    # hydrate RoleDefinitionBindings (permissions)
                    $null = Get-PnPProperty -ClientObject $roleAssignment -Property RoleDefinitionBindings

                    # filter out hidden permissions
                    if( $roleDefinitionBindings = $roleAssignment.RoleDefinitionBindings | Where-Object -Property Hidden -eq $false )
                    {
                        # output object
                        [PSCustomObject] @{
                            SiteUrl                = $personalSite.Url
                            Owner                  = $personalSite.Owner
                            Claim                  = $member.LoginName
                            RoleDefinitionBindings = $roleDefinitionBindings.Name -join ","
                        }
                    }
                }
            }

        }
    }
    catch
    {
        Write-Host "Error processing site: $($_)" -ForegroundColor Red
    }
}

$results | Export-Csv -Path "OneDriveEEEU.csv" -NoTypeInformation
	#requires -modules "PnP.PowerShell"

	# requires SharePoint > Application > Sites.FullControl.All
	Connect-PnPOnline `
	-Url "https://$env:O365_TENANT-admin.sharepoint.com" `
	-ClientId $env:O365_CLIENTID `
	-Thumbprint $env:O365_THUMBPRINT `
	-Tenant $env:O365_TENANTID `
	-ErrorAction Stop

	# pull all sites and filter out non-onedrive sites
	$personalSites = Get-PnPTenantSite -IncludeOneDriveSites \| Where-Object -Property Template -match "SPSPERS"

	# enumerate onedrive sites
	$results = foreach( $personalSite in $personalSites )
	{
	Write-Host "[$(Get-Date)] - Scanning: $($personalSite.Url)"

	try
	{
	# connect to the onedrive site
	Connect-PnPOnline `
	-Url $personalSite.Url `
	-ClientId $env:O365_CLIENTID `
	-Thumbprint $env:O365_THUMBPRINT `
	-Tenant $env:O365_TENANTID `
	-ErrorAction Stop

	# get the rootweb + RoleAssignments
	$web = Get-PnPWeb -Includes RoleAssignments

	# enumerate RoleAssignments
	foreach( $roleAssignment in $web.RoleAssignments )
	{
	# pull principal LoginName
	$null = Get-PnPProperty -ClientObject $roleAssignment.Member -Property LoginName

	# enumerate principals
	foreach( $member in $roleAssignment.Member )
	{
	# check if principal is EEEU
	if( $member.LoginName -match "spo-grid-all-users" )
	{
	# hydrate RoleDefinitionBindings (permissions)
	$null = Get-PnPProperty -ClientObject $roleAssignment -Property RoleDefinitionBindings

	# filter out hidden permissions
	if( $roleDefinitionBindings = $roleAssignment.RoleDefinitionBindings \| Where-Object -Property Hidden -eq $false )
	{
	# output object
	[PSCustomObject] @{
	SiteUrl = $personalSite.Url
	Owner = $personalSite.Owner
	Claim = $member.LoginName
	RoleDefinitionBindings = $roleDefinitionBindings.Name -join ","
	}
	}
	}
	}

	}
	}
	catch
	{
	Write-Host "Error processing site: $($_)" -ForegroundColor Red
	}
	}

	$results \| Export-Csv -Path "OneDriveEEEU.csv" -NoTypeInformation