活动目录用户和组信息
ACTIVE DIRECTORY USERS AND GROUP INFO
我希望获取我的 Azure 活动目录中存在的对象 ID 和显示名称的所有详细信息。
我知道我们可以使用 POWERSHELL
使用 id 获取显示名称
我正在寻找一种获取所有可用详细信息的方法。
有什么 python/powershell 方法可以做到这一点吗?
一旦您知道 显示名称,您就可以按照 Microsoft 文档中的描述过滤它以获取所有其他详细信息。
文档中的示例。
PS C:\Windows\system32> Get-AzureADGroup -Filter "DisplayName eq 'The Display Name'"
其中提供了以下所有详细信息(从 Microsoft 文档 link 复制而来)
https://docs.microsoft.com/en-ca/azure/active-directory/enterprise-users/groups-settings-v2-cmdlets
DeletionTimeStamp :
ObjectId : 31f1ff6c-d48c-4f8a-b2e1-abca7fd399df
ObjectType : Group
Description : Intune Device Administrators
DirSyncEnabled :
DisplayName : Intune Administrators
LastDirSyncTime :
Mail :
MailEnabled : False
MailNickName : 4dd067a0-6515-4f23-968a-cc2ffc2eff5c
OnPremisesSecurityIdentifier :
ProvisioningErrors : {}
ProxyAddresses : {}
SecurityEnabled : True
以下是使用 Microsoft Graph 在 PowerShell 中执行此操作的方法。您需要为 Microsoft Graph.
设置至少 Directory.Read.All 的应用程序注册
$TenantId = "xxxxxxxx-xxxx-xxxx-xxxx--xxxxxxxxxxxx"
$ClientId = "xxxxxxxx-xxxx-xxxx-xxxx--xxxxxxxxxxxx"
$ClientSecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
$logonURI = "login.microsoftonline.com" #Azure GCC-H: "login.microsoftonline.us"
$graphURI = "graph.microsoft.com" #Azure GCC-H: "graph.microsoft.us"
# Create a hashtable for the body, the data needed for the token request
# The variables used are explained above
$Body = @{
'tenant' = $TenantId
'client_id' = $ClientId
'scope' = "https://{0}/.default" -f $graphURI
'client_secret' = $ClientSecret
'grant_type' = 'client_credentials'
}
# Assemble a hashtable for splatting parameters, for readability
# The tenant id is used in the uri of the request as well as the body
$Params = @{
'Uri' = "https://{0}/$TenantId/oauth2/v2.0/token" -f $logonURI
'Method' = 'Post'
'Body' = $Body
'ContentType' = 'application/x-www-form-urlencoded'
}
$AuthResponse = Invoke-RestMethod @Params
$Headers = @{
'Authorization' = "Bearer $($AuthResponse.access_token)"
}
# 1. List all Users
$usrURI = "https://{0}/v1.0/users" -f $graphURI
$usrResult = Invoke-RestMethod -Uri $usrURI -Headers $Headers
$Users = $usrResult.value
while ($usrResult.'@odata.nextLink') {
Write-Host "Getting another page of 100 users..."
$usrResult = Invoke-RestMethod -Uri $usrResult.'@odata.nextLink' -Headers $Headers
$Users += $usrResult.value
}
foreach ($user in $Users)
{
$user
}
我希望获取我的 Azure 活动目录中存在的对象 ID 和显示名称的所有详细信息。 我知道我们可以使用 POWERSHELL
使用 id 获取显示名称我正在寻找一种获取所有可用详细信息的方法。 有什么 python/powershell 方法可以做到这一点吗?
一旦您知道 显示名称,您就可以按照 Microsoft 文档中的描述过滤它以获取所有其他详细信息。
文档中的示例。
PS C:\Windows\system32> Get-AzureADGroup -Filter "DisplayName eq 'The Display Name'"
其中提供了以下所有详细信息(从 Microsoft 文档 link 复制而来)
https://docs.microsoft.com/en-ca/azure/active-directory/enterprise-users/groups-settings-v2-cmdlets
DeletionTimeStamp :
ObjectId : 31f1ff6c-d48c-4f8a-b2e1-abca7fd399df
ObjectType : Group
Description : Intune Device Administrators
DirSyncEnabled :
DisplayName : Intune Administrators
LastDirSyncTime :
Mail :
MailEnabled : False
MailNickName : 4dd067a0-6515-4f23-968a-cc2ffc2eff5c
OnPremisesSecurityIdentifier :
ProvisioningErrors : {}
ProxyAddresses : {}
SecurityEnabled : True
以下是使用 Microsoft Graph 在 PowerShell 中执行此操作的方法。您需要为 Microsoft Graph.
设置至少Directory.Read.All 的应用程序注册
$TenantId = "xxxxxxxx-xxxx-xxxx-xxxx--xxxxxxxxxxxx"
$ClientId = "xxxxxxxx-xxxx-xxxx-xxxx--xxxxxxxxxxxx"
$ClientSecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
$logonURI = "login.microsoftonline.com" #Azure GCC-H: "login.microsoftonline.us"
$graphURI = "graph.microsoft.com" #Azure GCC-H: "graph.microsoft.us"
# Create a hashtable for the body, the data needed for the token request
# The variables used are explained above
$Body = @{
'tenant' = $TenantId
'client_id' = $ClientId
'scope' = "https://{0}/.default" -f $graphURI
'client_secret' = $ClientSecret
'grant_type' = 'client_credentials'
}
# Assemble a hashtable for splatting parameters, for readability
# The tenant id is used in the uri of the request as well as the body
$Params = @{
'Uri' = "https://{0}/$TenantId/oauth2/v2.0/token" -f $logonURI
'Method' = 'Post'
'Body' = $Body
'ContentType' = 'application/x-www-form-urlencoded'
}
$AuthResponse = Invoke-RestMethod @Params
$Headers = @{
'Authorization' = "Bearer $($AuthResponse.access_token)"
}
# 1. List all Users
$usrURI = "https://{0}/v1.0/users" -f $graphURI
$usrResult = Invoke-RestMethod -Uri $usrURI -Headers $Headers
$Users = $usrResult.value
while ($usrResult.'@odata.nextLink') {
Write-Host "Getting another page of 100 users..."
$usrResult = Invoke-RestMethod -Uri $usrResult.'@odata.nextLink' -Headers $Headers
$Users += $usrResult.value
}
foreach ($user in $Users)
{
$user
}