forked from Gerenios/AADInternals
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAccessPackages.ps1
175 lines (148 loc) · 5.65 KB
/
AccessPackages.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
# This file contains functions for accessing access packages
# Gets access packages
# Apr 24 2023
function Get-AccessPackages
{
<#
.SYNOPSIS
Returns access packages.
.DESCRIPTION
Returns access packages.
.Parameter AccessToken
Access token for the target tenant.
.Example
PS C:\>Get-AADIntAccessTokenForAccessPackages -Tenant company.com -SaveToCache
PS C:\>Get-AADIntAccessPackages
id : df9513b4-1686-4434-8c37-cbfaeea51b69
catalogId : 755780b3-9228-4cf6-8919-732c6f0ff026
displayName : Visitors
description : Access package for Visitors
isHidden : False
isRoleScopesVisible : False
createdBy : [email protected]
createdByString : [email protected]
createdDateTime : 2022-01-02T10:20:44.247Z
modifiedBy : [email protected]
lastModifiedByString : [email protected]
modifiedDateTime : 2022-01-02T10:20:44.247Z
lastModifiedDateTime : 2022-01-02T10:20:44.247Z
lastCriticalModificationDateTime :
lastSuccessfulChangeEvaluationDateTime :
#>
[cmdletbinding()]
Param(
[Parameter(Mandatory=$False)]
[string]$AccessToken
)
Process
{
# Get from cache if not provided
$AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -Resource "https://elm.iga.azure.com" -ClientId "d3590ed6-52b3-4102-aeff-aad2292ab01c"
# Get access packages
try
{
$response = Invoke-RestMethod -UseBasicParsing -Method Get -Uri "https://elm.iga.azure.com/api/v1/accessPackages/Search()?`$count=true&`$top=999" -Headers @{"Authorization" = "Bearer $AccessToken"}
}
catch{}
return $response.Value
}
}
# Gets access package catalogs
# Apr 24 2023
function Get-AccessPackageCatalogs
{
<#
.SYNOPSIS
Returns access package catalogs.
.DESCRIPTION
Returns access package catalogs.
.Parameter AccessToken
Access token for the target tenant.
.Example
PS C:\>Get-AADIntAccessTokenForAccessPackages -Tenant company.com -SaveToCache
PS C:\>Get-AADIntAccessPackageCatalogs
id : 755780b3-9228-4cf6-8919-732c6f0ff026
displayName : Visitors
description : Catalog for visitors
catalogType : UserManaged
catalogStatus : Published
state : published
isExternallyVisible : True
createdBy : [email protected]
createdByString : [email protected]
createdDateTime : 2022-01-02T10:20:44.247Z
modifiedBy : [email protected]
lastModifiedByString : [email protected]
modifiedDateTime : 2022-01-02T10:20:44.247Z
lastModifiedDateTime : 2022-01-02T10:20:44.247Z
#>
[cmdletbinding()]
Param(
[Parameter(Mandatory=$False)]
[string]$AccessToken
)
Process
{
# Get from cache if not provided
$AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -Resource "https://elm.iga.azure.com" -ClientId "d3590ed6-52b3-4102-aeff-aad2292ab01c"
# Get access packages
try
{
$response = Invoke-RestMethod -UseBasicParsing -Method Get -Uri "https://elm.iga.azure.com/api/v1/accessPackageCatalogs/Search()?`$count=true&`$top=999" -Headers @{"Authorization" = "Bearer $AccessToken"}
}
catch{}
return $response.Value
}
}
# Returns access package creators & modifiers
# Apr 24th 2023
function Get-AccessPackageAdmins
{
<#
.SYNOPSIS
Returns access packages administrators.
.DESCRIPTION
Returns administrators from access package and access package catalog createdBy and modifiedBy fields.
The returned administrators are Global Administrators, User Administrators (until May 5 2023), or Identity Governance Administrators (since May 2023).
.Parameter AccessToken
Access token for the target tenant.
.Example
PS C:\>Get-AADIntAccessTokenForAccessPackages -Tenant company.com -SaveToCache
PS C:\>Get-AADIntAccessPackageAdmins
Acheaduncompany.com
Alexaneoscompany.com
Andownlocompany.com
Anselowslcompany.com
Babergencompany.com
Bethportcompany.com
Brangelocompany.com
Caranteecompany.com
Chmenscompany.com
Conneytrcompany.com
Crofficompany.com
Diumficompany.com
Downtichocompany.com
Getacewedcompany.com
#>
[cmdletbinding()]
Param(
[Parameter(Mandatory=$False)]
[String]$AccessToken
)
Process
{
# Get token for access packages
$AccessToken = Get-AccessTokenFromCache -AccessToken $AccessToken -ClientID "d3590ed6-52b3-4102-aeff-aad2292ab01c" -Resource "https://elm.iga.azure.com"
# Get access packages and catalogs
$accessPackages = Get-AccessPackages -AccessToken $AccessToken
$accessPackageCatalogs = Get-AccessPackageCatalogs -AccessToken $AccessToken
# Get names
$names = @()
$accesspackageCatalogs | Select -ExpandProperty "createdBy" | %{ $names += $_}
$accesspackageCatalogs | Select -ExpandProperty "modifiedBy" | %{ $names += $_}
$accesspackages | Select -ExpandProperty "createdBy" | %{ $names += $_}
$accesspackages | Select -ExpandProperty "modifiedBy" | %{ $names += $_}
# Return unique usernames with upn
$names | Select-String -Pattern "@" | Sort-Object | Get-Unique
}
}