Created
January 22, 2022 22:11
-
-
Save pankajsurti/63419a9ecfe93cba108d30383883ef1c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using namespace System.Net | |
# Input bindings are passed in via param block. | |
param($Request, $TriggerMetadata) | |
# Write to the Azure Functions log stream. | |
Write-Host "PowerShell HTTP trigger function processed a request." | |
# get the PFX secret from the key vault | |
$tenantPrefix = "M365x162783"; # replace with your tenant id TODO to replace | |
$adminAppId = "03451a0d-fbfd-4cd5-8c87-7cb8e58894a3"; #admin-app TODO to replace | |
$tenantName = $tenantPrefix +".onmicrosoft.com"; | |
$spoTenantName = "https://" + $tenantPrefix + ".sharepoint.com"; | |
$KeyVaultName = "findsca-kv" | |
$KeyVaultSecretName = "findscakv" | |
$kvSecret = Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name $KeyVaultSecretName | |
$certificateBase64Encode = ''; | |
$ssPtr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($kvSecret.SecretValue) | |
try | |
{ | |
$certificateBase64Encode = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($ssPtr) | |
} | |
finally | |
{ | |
[System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($ssPtr) | |
} | |
# Interact with query parameters or the body of the request. | |
$siteURL2Process = $Request.Query.SiteURL | |
if (-not $siteURL2Process) { | |
$siteURL2Process = $Request.Body.SiteURL | |
} | |
Write-Host "siteURL2Process = $siteURL2Process" | |
function WriteExceptionInformation($AnItem) | |
{ | |
Write-Output $AnItem.Exception.Message | |
Write-Output $AnItem.Exception.StackTrace | |
Write-Output $AnItem.Exception.ScriptStackTrace | |
Write-Output $AnItem.InvocationInfo | Format-List * | |
} | |
function ExtractAddUserInfo ( $anUser, $claimsArray ) | |
{ | |
$delimiterCharForRK = ";" | |
try | |
{ | |
# ignore following users | |
#Id Title LoginName Email | |
#-- ----- --------- ----- | |
# 8 Company Administrator c:0t.c|tenant|GUID | |
if($anUser.LoginName.Contains("provisioning") -eq $false -and $anUser.LoginName.Contains("SHAREPOINT\system") -eq $false -and $anUser.LoginName.Contains("c:0t.c|tenant") -eq $false) | |
{ | |
if($anUser.LoginName.Contains("@")) | |
{ | |
# i:0#.f|membership|joe.smith@contoso.com | |
# remove prefix from email. | |
$emailAddress = $anUser.LoginName -replace "i:0#.f\|membership\|", "" | |
$emailAddress = $emailAddress.ToLower() | |
if ( $emailAddress.Length -gt 0 ) | |
{ | |
$claimsArray.Add( | |
@{ | |
"Claims" = $emailAddress | |
} | |
) | |
} | |
} | |
else | |
{ | |
if($anUser.LoginName.Contains("_o")) | |
{ | |
#LoginName Title | |
#--------- ----- | |
#c:0o.c|federateddirectoryclaimprovider|GUID_o Site Provisioning Dev Owners | |
# If there is an underscore 'o' that means it is a O365 Group. | |
$grpID = $anUser.LoginName.replace("_o"," ").Trim() | |
# take the last part of the as GUID | |
$groupOwners = Get-PnPAzureADGroupOwner -Identity "$($grpID.split('|')[2].Trim())" | |
foreach($groupOwner in $groupOwners) | |
{ | |
$emailAddress = $groupOwner.UserPrincipalName | |
$emailAddress = $emailAddress.ToLower() | |
if ( $emailAddress.Length -gt 0 ) | |
{ | |
$claimsArray.Add( | |
@{ | |
"Claims" = $emailAddress | |
} | |
) | |
} | |
}#endGroupMembersForeach | |
} | |
else | |
{ | |
$roleMembers = Get-PnPAzureADGroupMember -Identity "$($anUser.LoginName.split('|')[2].Trim())" | |
Write-Output " owner = $($anUser)" | |
foreach($roleMember in $roleMembers) | |
{ | |
$emailAddress = $roleMember.UserPrincipalName | |
$emailAddress = $emailAddress.ToLower() | |
if ( $emailAddress.Length -gt 0 ) | |
{ | |
$claimsArray.Add( | |
@{ | |
"Claims" = $emailAddress | |
} | |
) | |
} | |
}#endRoleMembersForeach | |
} | |
} | |
} | |
} | |
catch | |
{ | |
WriteExceptionInformation ( $PSItem ) | |
} | |
} | |
# Using Splat to convert | |
$HashArguments = @{ | |
Url = $siteURL2Process | |
ClientId = $adminAppId | |
CertificateBase64Encoded = $certificateBase64Encode | |
Tenant = $tenantName | |
} | |
Write-Output $("Connecting to {0}" -f $siteURL2Process); | |
$aSiteConn = Connect-PnPOnline @HashArguments -ReturnConnection | |
Write-Output $("Connected to {0}" -f $siteURL2Process); | |
Write-Output $("aSiteConn $aSiteConn") | |
$allSCAs = Get-PnPSiteCollectionAdmin -Connection $aSiteConn | |
Write-Output $("Total SCAs count {0}" -f $allSCAs.Count) | |
$body = New-Object System.Collections.ArrayList | |
foreach($anSCA in $allSCAs) | |
{ | |
ExtractAddUserInfo -anUser $anSCA -claimsArray $body | |
} | |
$bodyJson = ConvertTo-Json $body | |
# Associate values to output bindings by calling 'Push-OutputBinding'. | |
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ | |
StatusCode = [HttpStatusCode]::OK | |
Body = $bodyJson | |
}) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment