Public/Get-MsolUserWithIssue.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
<#
.SYNOPSIS
    Uses MSOnline and Exchange to get disabled users and shared mailboxes with licenses assigned.
.DESCRIPTION
    Long description
.EXAMPLE
    PS C:\> <example usage>
    Explanation of what the example does
.INPUTS
    Inputs (if any)
.OUTPUTS
    Output (if any)
.NOTES
    General notes
#>

function Get-MsolUserWithIssue {
    [CmdletBinding()]
    param (
        # PSCredential for Exchange Online, must use app password due to MFA
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $Credential
    )
    
    begin {
        try {
            $tenants = Get-MsolPartnerContract -ErrorAction Stop
        }
        catch {
            Write-Error "You must connect to Office 365 first with Connect-MsolService"
        }
    }
    
    process {
        foreach ($contract in $tenants) {
            $disabledUsersWithLicense = Get-MsolUser -TenantId $contract.TenantId -EnabledFilter DisabledOnly -All | Where-Object isLicensed
            $sessionParams = @{
                ConnectionUri = "https://ps.outlook.com/powershell-liveid?DelegatedOrg=$($contract.DefaultDomainName)"
                ConfigurationName = "Microsoft.Exchange"
                Authentication = "Basic"
                AllowRedirection = $true
                Credential = $credential
            }
            $session = New-PSSession @sessionParams
            $null = Import-PSSession -Session $session -CommandName "Get-Mailbox" -AllowClobber
            $sharedMailboxes = Get-Mailbox -RecipientTypeDetails SharedMailbox
            $licensedSharedMailboxes = foreach ($mailbox in $sharedMailboxes) {
                Write-Debug -Message "Looking for $($mailbox.UserPrincipalName)"
                Get-MsolUser -UserPrincipalName $mailbox.UserPrincipalName -TenantId $contract.TenantId | Where-Object isLicensed
            }

            Remove-PSSession -Session $session
            
            foreach ($u in $disabledUsersWithLicense) {
                [PSCustomObject]@{
                    UserPrincipalName = $u.UserPrincipalName
                    Licenses = $u.Licenses.AccountSkuId -join '; '
                    Disabled = $u.BlockCredential
                    Issue = "DisabledAccountWithLicense"
                }
            }

            foreach ($u in $licensedSharedMailboxes) {
                [PSCustomObject]@{
                    UserPrincipalName = $u.UserPrincipalName
                    MailboxType = $u.RecipientTypeDetails
                    Licenses = $u.Licenses.AccountSkuId -join '; '
                    Disabled = $u.BlockCredential
                    Issue = "SharedMailboxWithLicense"
                }
            }
        }
    }
    
    end {
        
    }
}