Cmdlets/IDMUser.ps1




#region
Function Get-IDMAzureUser{

    <#
    .SYNOPSIS
        This function is used to get Azure Entra Users from the Graph API REST interface
 
    .DESCRIPTION
        The function connects to the Graph API Interface and gets any users registered with Azure Entra
 
    .PARAMETER Id
        Must be in GUID format. This is the users GUID
 
    .PARAMETER UPN
        Must be in UPN format (email). This is the user principal name (eg user@domain.com)
 
    .PARAMETER Property
        Option to filter user based on property.
 
    .EXAMPLE
        Get-IDMAzureUser -Id '12981fe3-6049-4039-853f-e20c8d327116'
        Returns specific user by GUID registered with Azure Entra
 
    .EXAMPLE
        Get-IDMAzureUser -userPrincipleName user@domain.com
        Returns specific user by UserPrincipalName registered with Azure Entra
 
    .LINK
    https://docs.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http
    #>


    [CmdletBinding(DefaultParameterSetName='ID')]
    Param
    (
        [Parameter(Mandatory=$True,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$true,ParameterSetName='ID')]
        [string]$Id,

        [Parameter(Mandatory=$True,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$true,ParameterSetName='UPN')]
        [Alias('User','EMail')]
        [System.Net.Mail.MailAddress]$UPN,

        [Parameter(Mandatory=$false)]
        [ValidateSet('id','userPrincipalName','surname','officeLocation','mail','displayName','givenName')]
        [String]$Property,

        [Parameter(Mandatory=$false)]
        [switch]$Passthru
    )
    Begin{
        # Defining graph variables
        $graphApiVersion = "beta"
        $Resource = "users"
    }
    Process{
        If ($PSCmdlet.ParameterSetName -eq "ID"){
            $QueryBy = $Id
        }
        If ($PSCmdlet.ParameterSetName -eq "UPN"){
            $QueryBy = $UPN
        }
        try {
            if([string]::IsNullOrEmpty($QueryBy))
            {
                $uri = "$Global:GraphEndpoint/$graphApiVersion/$($Resource)"
                Write-Verbose $uri
                $Response = Invoke-MgGraphRequest -Uri $uri -Method Get -ErrorAction Stop
            }
            else {
                if([string]::IsNullOrEmpty($Property)){
                    $uri = "$Global:GraphEndpoint/$graphApiVersion/$($Resource)/$QueryBy"
                    Write-Verbose $uri
                    $Response = Invoke-MgGraphRequest -Uri $uri -Method Get -ErrorAction Stop
                }
                else {
                    $uri = "$Global:GraphEndpoint/$graphApiVersion/$($Resource)/$QueryBy/$Property"
                    Write-Verbose $uri
                    $Response = Invoke-MgGraphRequest -Uri $uri -Method Get -ErrorAction Stop
                }
            }
        }
        catch {
            Write-ErrorResponse($_)
        }
    }
    End{
        If($Passthru) {
            return $Response
        }
        Elseif($QueryBy -and -NOT($Property)){
            return (ConvertFrom-GraphHashtable $Response -ResourceUri "$Global:GraphEndpoint/$graphApiVersion/$($Resource)")
        }
        Else{
            return $Response.Value
        }
    }
}


Function Get-IDMAzureUsers{
    <#
    .SYNOPSIS
        This function is used to get a users in Azure
 
    .DESCRIPTION
        The function connects to the Graph API Interface and gets users
 
    .PARAMETER Filter
    Filters by User by looking for characters that are equal to its filterby parameter
 
    .PARAMETER FilterBy
    Options are: UserPrincipalName,SurName,EMailAddress,SearchDisplayName. Defaults to 'UserPrincipalName'
 
    .PARAMETER IncludeGuests
    [True | False] Include users that have an external label on them
 
    .EXAMPLE
        Get-IDMAzureUsers
        Returns all users except guest
 
    .EXAMPLE
        Get-IDMAzureUsers -IncludeGuests
        Returns all users except guest
 
    .EXAMPLE
        Get-IDMAzureUsers -Filter 'AdeleV@dtolab.ltd'
        Returns a user with UPN of 'AdeleV@dtolab.ltd'
 
    .EXAMPLE
        @('John','Bob') | Get-IDMAzureUsers -FilterBy SearchDisplayName
        Returns all users with display name of Bob of John in it
 
    .LINK
        https://docs.microsoft.com/en-us/graph/api/user-list?view=graph-rest-beta&tabs=http
    #>


    [cmdletbinding()]
    param
    (
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$true)]
        [string]$Filter,

        [Parameter(Mandatory=$false)]
        [ValidateSet('UserPrincipalName','SurName','EMailAddress','SearchDisplayName')]
        [string]$FilterBy = 'UserPrincipalName',

        [switch]$IncludeGuests,

        [Parameter(Mandatory=$false)]
        [switch]$Passthru
    )
    Begin{
        # Defining graph variables
        $graphApiVersion = "beta"
        $Resource = "users"

        #If($FilterBy -eq 'SearchDisplayName' ){
        # $AuthToken += @{ConsistencyLevel = 'eventual'}
        #}
        $filterQuery=$null
    }
    Process{
        $Query = @()

        If($PSBoundParameters.ContainsKey('Filter')){
            switch($FilterBy){
               'UserPrincipalName' {$Query += "userPrincipalName eq '$Filter'";$Operator='filter'}
               'SurName' {$Query += "SurName eq '$Filter'";$Operator='filter'}
               'EMailAddress' {$Query += "mail eq '$Filter'";$Operator='filter'}
               'SearchDisplayName' {$Query += "`"displayName:$Filter`"";$Operator='search'}
           }
        }

        #build query filter if exists
        If($Query.count -ge 1){
            $filterQuery = "`?`$$Operator=" + ($Query -join ' and ')
        }
        If($IncludeGuests){
            $uri = "$Global:GraphEndpoint/$graphApiVersion/$Resource" + $filterQuery
        }Else{
            $uri = "$Global:GraphEndpoint/$graphApiVersion/$($Resource)?`$filter=userType eq 'Member'" + $filterQuery
        }

        try {
            Write-Verbose "Get $uri"
            $response = Invoke-MgGraphRequest -Uri $uri -Method Get -ErrorAction Stop
        }
        catch {
            Write-ErrorResponse($_)
        }
    }
    End{
        If($Passthru){
            return $Response.Value
        }
        else{
            return (ConvertFrom-GraphHashtable $Response.Value -ResourceUri "$Global:GraphEndpoint/$graphApiVersion/$Resource")
        }
    }
}


Function Get-IDMDeviceAssignedUser{
    <#
    .SYNOPSIS
        This function is used to get a Managed Device username from the Graph API REST interface
 
    .DESCRIPTION
        The function connects to the Graph API Interface and gets a managed device users registered with Intune MDM
 
    .PARAMETER DeviceID
        Must be in GUID format. This is for Intune Managed device ID, not the Azure ID or Object ID
 
    .PARAMETER Passthru
        Returns all user details for the device
 
    .EXAMPLE
        Get-IDMDeviceAssignedUser -DeviceID 0a212b6a-e1d2-4985-b9dd-4cf5205662fa
        Returns a managed device user registered in Intune
 
    .EXAMPLE
        @('0a212b6a-e1d2-4985-b9dd-4cf5205662fa','ef07dabc-2b16-48cb-9692-a6ab9ff48c55') | Get-IDMDeviceAssignedUser
        Returns a device pending action that matches DeviceID's
    #>


    [cmdletbinding()]
    param
    (
        [Parameter(Mandatory=$True,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$true)]
        $DeviceID,

        [switch]$Passthru
    )
    Begin{
        # Defining graph variables
        $graphApiVersion = "beta"
    }
    Process{
        $Resource = "deviceManagement/manageddevices('$DeviceID')"

        try {
            $uri = "$Global:GraphEndpoint/$graphApiVersion/$($Resource)"
            Write-Verbose "Get $uri"
            $response = Invoke-MgGraphRequest -Uri $uri -Method Get -ErrorAction Stop
        }
        catch {
            Write-ErrorResponse($_)
        }
    }
    End{
        If($Passthru){
            $userdetails = "" | Select-Object userPrincipalName,UserId,userDisplayName,enrolledDateTime,emailAddress,lastSyncDateTime
            $userdetails.userPrincipalName = $response.userPrincipalName
            $userdetails.UserId = $response.userId
            $userdetails.userDisplayName = $response.userDisplayName
            $userdetails.enrolledDateTime = $response.enrolledDateTime
            $userdetails.emailAddress = $response.emailAddress
            $userdetails.lastSyncDateTime = $response.lastSyncDateTime
            return $userdetails
        }
        else{
            return $response.userId
        }
    }
}


function Set-IDMDeviceAssignedUser {

    <#
    .SYNOPSIS
        This updates the Intune device primary user
 
    .DESCRIPTION
        This updates the Intune device primary user
 
    .PARAMETER DeviceId
        Must be in GUID format. This is for Intune Managed device ID, not the Azure ID or Object ID
 
    .PARAMETER UserId
        Must be in GUID format. This is for Azure User ID
 
    .PARAMETER UPN
        Must be in UPN format (email). This is the user principal name (eg user@domain.com)
 
    .EXAMPLE
        Set-IDMDeviceAssignedUser -DeviceID '08d06b3b-8513-417b-80ee-9dc8a3beb377' -UPN 'AdeleV@dtolab.ltd'
        Assigns the user to device'
 
    .EXAMPLE
        Set-IDMDeviceAssignedUser -DeviceID '08d06b3b-8513-417b-80ee-9dc8a3beb377' -UserId 'c9d00ac2-b07d-4477-961b-442bbc424586'
        Assigns the user to device'
 
    .EXAMPLE
        @('08d06b3b-8513-417b-80ee-9dc8a3beb377','c9d00ac2-b07d-4477-961b-442bbc424586') | Set-IDMDeviceAssignedUser -UPN 'AdeleV@dtolab.ltd'
        Returns all users with display name of Bob of John in it
 
    .LINK
    Get-IDMAzureUser
    #>


    [CmdletBinding(DefaultParameterSetName='ID')]
    param
    (
        [Parameter(Mandatory=$True,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$true)]
        $DeviceId,

        [Parameter(Mandatory=$True,ParameterSetName='ID')]
        [string]$UserId,

        [Parameter(Mandatory=$True,ParameterSetName='UPN')]
        [Alias('User','EMail')]
        [System.Net.Mail.MailAddress]$UPN
    )
    Begin{
        $graphApiVersion = "beta"
        If ($PSCmdlet.ParameterSetName -eq "UPN"){
            $UserId = (Get-IDMAzureUser -UPN $UPN).Id
        }
    }
    Process{
        $Resource = "deviceManagement/managedDevices('$DeviceId')/users/`$ref"

        #build UserUri body; convert to JSON
        $userUri = "$Global:GraphEndpoint/$graphApiVersion/users/" + $UserId
        $JSON = @{ "@odata.id"="$userUri" } | ConvertTo-Json -Compress

        $uri = "$Global:GraphEndpoint/$graphApiVersion/$($Resource)"

        try {
            Write-Verbose "Get $uri"
            $null = Invoke-MgGraphRequest -Uri $uri -Method Post -Body $JSON -ErrorAction Stop
        } catch {
            Write-ErrorResponse($_)
        }
    }

}