├── list_device_users_posh.JPG ├── README.md ├── User_Devices.ps1 └── Devices_Owners.ps1 /list_device_users_posh.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/damienvanrobaeys/AzureAD_Powershell_List_Users_Devices/HEAD/list_device_users_posh.JPG -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # AzureAD_Powershell_List_Users_Devices 2 | User PowerShell to list all Azure AD users with their devices and vice-versa 3 | ![alt text](https://github.com/damienvanrobaeys/AzureAD_Powershell_List_Users_Devices/blob/master/list_device_users_posh.JPG) 4 | 5 | > *View the full blog post here* 6 | http://www.systanddeploy.com/2020/03/user-powershell-to-list-all-azure-ad.html 7 | 8 | The repo is composed of two scripts: 9 | 1. Devices_Owners.ps1: List and devices and all their owners 10 | 2. User_Devices.ps1: List all users and their devices 11 | -------------------------------------------------------------------------------- /User_Devices.ps1: -------------------------------------------------------------------------------- 1 | If (!(Get-Module -listavailable | where {$_.name -like "*AzureAD*"})) 2 | { 3 | Install-Module AzureAD -ErrorAction SilentlyContinue 4 | } 5 | Else 6 | { 7 | Import-Module AzureAD -ErrorAction SilentlyContinue 8 | } 9 | 10 | Try 11 | { 12 | $Ask_Creds = Connect-AzureAD 13 | write-host "Conexion OK to your tenant" 14 | } 15 | Catch 16 | { 17 | write-host "Conexion KO to your tenant" 18 | } 19 | 20 | $Get_All_Users = Get-AzureADUser -All $true 21 | $Users_report = @() 22 | ForEach($User in $Get_All_Users) 23 | { 24 | $User_ObjectID = $User.ObjectID 25 | $User_DisplayName = $User.DisplayName 26 | $User_Mail = $User.UserPrincipalName 27 | $User_Mobile = $User.Mobile 28 | $User_OU = $User.extensionproperty.onPremisesDistinguishedName 29 | $User_Account_Status = $User.AccountEnabled 30 | 31 | $Get_User_Devices = (Get-AzureADUserRegisteredDevice -ObjectId $User_ObjectID) 32 | $Count_User_Devices = $Get_User_Devices.count 33 | 34 | $User_Owner_Obj = New-Object PSObject 35 | $User_Owner_Obj | Add-Member NoteProperty -Name "User Name" -Value $User_DisplayName 36 | $User_Owner_Obj | Add-Member NoteProperty -Name "User Mail" -Value $User_Mail -force 37 | $User_Owner_Obj | Add-Member NoteProperty -Name "User OU" -Value $User_OU -force 38 | $User_Owner_Obj | Add-Member NoteProperty -Name "Account enabled ?" -Value $User_Account_Status 39 | $User_Owner_Obj | Add-Member NoteProperty -Name "Devices count" -Value $Count_User_Devices -force 40 | 41 | If($Count_User_Devices -eq 0) 42 | { 43 | $User_Owner_Obj | Add-Member NoteProperty -Name "Device name" -Value "No device" -force 44 | $User_Owner_Obj | Add-Member NoteProperty -Name "Device last logon" -Value "No device" -force 45 | $User_Owner_Obj | Add-Member NoteProperty -Name "Device OS type" -Value "No device" -force 46 | $User_Owner_Obj | Add-Member NoteProperty -Name "Device OS version" -Value "No device" -force 47 | } 48 | 49 | If($Count_User_Devices -gt 1) 50 | { 51 | $Devices_LastLogon = @() 52 | $Devices_OSType = @() 53 | $Devices_OSVersion = @() 54 | $Devices_DisplayName = @() 55 | 56 | $Devices_LastLogon = "" 57 | $Devices_OSType = "" 58 | $Devices_OSVersion = "" 59 | $Devices_DisplayName = "" 60 | 61 | ForEach($Device in $Get_User_Devices) 62 | { 63 | $Device_LastLogon = $Device.ApproximateLastLogonTimeStamp 64 | $Device_OSType = $Device.DeviceOSType 65 | $Device_OSVersion = $Device.DeviceOSVersion 66 | $Device_DisplayName = $Device.DisplayName 67 | 68 | If ($owner -eq $Get_User_Devices[-1]) 69 | { 70 | $Devices_LastLogon += "$Device_LastLogon" 71 | $Devices_OSType += "$Device_OSType" 72 | $Devices_OSVersion += "$Device_OSVersion" 73 | $Devices_DisplayName += "$Device_DisplayName" 74 | } 75 | Else 76 | { 77 | $Devices_LastLogon += "$Device_LastLogon`n" 78 | $Devices_OSType += "$Device_OSType`n" 79 | $Devices_OSVersion += "$Device_OSVersion`n" 80 | $Devices_DisplayName += "$Device_DisplayName`n" 81 | } 82 | } 83 | 84 | $User_Owner_Obj | Add-Member NoteProperty -Name "Device name" -Value $Devices_DisplayName -force 85 | $User_Owner_Obj | Add-Member NoteProperty -Name "Device last logon" -Value $Devices_LastLogon -force 86 | $User_Owner_Obj | Add-Member NoteProperty -Name "Device OS type" -Value $Devices_OSType -force 87 | $User_Owner_Obj | Add-Member NoteProperty -Name "Device OS version" -Value $Devices_OSVersion -force 88 | } 89 | Else 90 | { 91 | $Device_LastLogon = $Get_User_Devices.ApproximateLastLogonTimeStamp 92 | $Device_OSType = $Get_User_Devices.DeviceOSType 93 | $Device_OSVersion = $Get_User_Devices.DeviceOSVersion 94 | $Device_DisplayName = $Get_User_Devices.DisplayName 95 | 96 | $User_Owner_Obj | Add-Member NoteProperty -Name "Device name" -Value $Device_DisplayName -force 97 | $User_Owner_Obj | Add-Member NoteProperty -Name "Device last logon" -Value $Device_LastLogon -force 98 | $User_Owner_Obj | Add-Member NoteProperty -Name "Device OS type" -Value $Device_OSType -force 99 | $User_Owner_Obj | Add-Member NoteProperty -Name "Device OS version" -Value $Device_OSVersion -force 100 | 101 | } 102 | $Users_report += $User_Owner_Obj 103 | } 104 | 105 | $Users_report | out-gridview 106 | $Users_report| export-csv "CSV_Path\list_Users_Devices.csv" -notype -delimiter ";" 107 | -------------------------------------------------------------------------------- /Devices_Owners.ps1: -------------------------------------------------------------------------------- 1 | [CmdletBinding()] 2 | Param( 3 | [Parameter(Mandatory=$false)] 4 | [string]$Tattoo_XML_Path 5 | ) 6 | 7 | 8 | If (!(Get-Module -listavailable | where {$_.name -like "*AzureAD*"})) 9 | { 10 | Install-Module AzureAD -ErrorAction SilentlyContinue 11 | } 12 | Else 13 | { 14 | Import-Module AzureAD -ErrorAction SilentlyContinue 15 | } 16 | 17 | $Ask_Creds = Connect-MSGraph 18 | 19 | Try 20 | { 21 | $Ask_Creds = Connect-MSGraph 22 | write-host "Conexion OK to your tenant" 23 | } 24 | Catch 25 | { 26 | write-host "Conexion KO to your tenant" 27 | } 28 | 29 | 30 | $Get_All_Devices = Get-AzureADDevice -All $true 31 | $Devices_report = @() 32 | ForEach($Device in $Get_All_Devices) 33 | { 34 | $found = $false 35 | 36 | $Device_ObjectID = $Device.ObjectID 37 | $Device_LastLogon = $Device.ApproximateLastLogonTimeStamp 38 | $Device_DeviceId = $Device.DeviceId 39 | $Device_DeviceOSType = $Device.DeviceOSType 40 | $Device_DeviceOSVersion = $Device.DeviceOSVersion 41 | $Device_DisplayName = $Device.DisplayName 42 | $Device_DeviceTrustType = $Device.DeviceTrustType 43 | $Device_Account_Status = $Device.AccountEnabled 44 | 45 | $Get_Devices_Owners = Get-AzureADDeviceRegisteredOwner -ObjectId $Device_ObjectID 46 | $Count_Device_Owners = $Get_Devices_Owners.count 47 | 48 | $Device_Owner_Obj = New-Object PSObject 49 | $Device_Owner_Obj | Add-Member NoteProperty -Name "Device Name" -Value $Device_DisplayName 50 | $Device_Owner_Obj | Add-Member NoteProperty -Name "Device Last logon" -Value $Device_LastLogon -force 51 | $Device_Owner_Obj | Add-Member NoteProperty -Name "Is account enabled ?" -Value $Device_Account_Status -force 52 | $Device_Owner_Obj | Add-Member NoteProperty -Name "Device OS" -Value $Device_DeviceOSType -force 53 | $Device_Owner_Obj | Add-Member NoteProperty -Name "Device OS version" -Value $Device_DeviceOSVersion -force 54 | $Device_Owner_Obj | Add-Member NoteProperty -Name "Owner count" -Value $Count_Device_Owners -force 55 | 56 | If($Count_Device_Owners -eq 0) 57 | { 58 | $Device_Owner_Obj | Add-Member NoteProperty -Name "Device Owner name" -Value "No owner" -force 59 | $Device_Owner_Obj | Add-Member NoteProperty -Name "Device Owner mail" -Value "No owner" -force 60 | $Device_Owner_Obj | Add-Member NoteProperty -Name "Device Owner OU" -Value "No owner" -force 61 | } 62 | 63 | ElseIf($Count_Device_Owners -gt 1) 64 | { 65 | $Owners_Name = @() 66 | $Owners_Mail = @() 67 | $Owners_OU = @() 68 | 69 | $Owners_Name = "" 70 | $Owners_Mail = "" 71 | $Owners_OU = "" 72 | 73 | ForEach($Owner in $Get_Devices_Owners) 74 | { 75 | $Owner_DisplayName = $Owner.DisplayName 76 | $Owner_Mail = $Owner.UserPrincipalName 77 | $Owner_Mobile = $Owner.Mobile 78 | $Owner_OU = $Owner.extensionproperty.onPremisesDistinguishedName 79 | 80 | If ($owner -eq $Get_Devices_Owners[-1]) 81 | { 82 | $owners_Name += "$owner_displayName" 83 | $Owners_Mail += "$Owner_Mail" 84 | $Owners_OU += "$Owner_OU" 85 | } 86 | Else 87 | { 88 | $owners_Name += "$owner_displayName`n" 89 | $Owners_Mail += "$Owner_Mail`n" 90 | $Owners_OU += "$Owner_OU`n" 91 | } 92 | } 93 | $Device_Owner_Obj | Add-Member NoteProperty -Name "Device Owner name" -Value $Owners_Name -force 94 | $Device_Owner_Obj | Add-Member NoteProperty -Name "Device Owner mail" -Value $Owners_Mail -force 95 | $Device_Owner_Obj | Add-Member NoteProperty -Name "Device Owner OU" -Value $Owners_OU -force 96 | } 97 | Else 98 | { 99 | $Owner_DisplayName = $Get_Devices_Owners.DisplayName 100 | $Owner_Mail = $Get_Devices_Owners.UserPrincipalName 101 | $Owner_Mobile = $Get_Devices_Owners.Mobile 102 | $Owner_OU = $Get_Devices_Owners.extensionproperty.onPremisesDistinguishedName 103 | 104 | $Device_Owner_Obj | Add-Member NoteProperty -Name "Device Owner name" -Value $Owner_DisplayName -force 105 | $Device_Owner_Obj | Add-Member NoteProperty -Name "Device Owner mail" -Value $Owner_Mail -force 106 | $Device_Owner_Obj | Add-Member NoteProperty -Name "Device Owner OU" -Value $Owner_OU -force 107 | } 108 | $Devices_report += $Device_Owner_Obj 109 | } 110 | 111 | $Devices_report | out-gridview 112 | $Devices_report | export-csv "CSV_Path\list_devices_owner.csv" -notype -delimiter ";" 113 | 114 | 115 | 116 | 117 | --------------------------------------------------------------------------------