1

我已经尝试了一段时间,让我的 $Tenant.Name 变量作为文本插入,而不是作为稍后获取的变量。

目前我收到以下输出:

租户 1 - AADRoles 租户 1 - 组 租户 2 - AADRoles 租户 2 - 组
租户2管理员 租户 2 管理员组 租户2管理员 租户 2 管理员组

两个租户都从租户 2 获取角色和组,我猜这是因为计算属性直到最后才计算,然后它将使用最后一个值。我这样做只是一个白痴吗?

我想要实现的是找出来自 MainTenantUsers 的用户在我们的其他租户中拥有哪些权限和角色。我以为我会通过动态创建选择对象属性来输出它,但它并没有像我希望的那样工作。

SubTenantUsers 和 MainTenantUsers 变量包含来自 的信息Get-AzureADUserGet-AzureADDirectoryRoleGet-AzureADGroup帮助确定为各个用户分配了哪些组和角色。

# Get a list of tenants the user has access to
$Tenants = Get-AzTenant | Where-Object {$_.TenantId -NotMatch $TenantId}



# Get user Roles in other tenants
foreach ($Tenant in $Tenants) {

    $null = Connect-AzureAD -TenantId $Tenant.Id

    $SubTenantUsers = Get-TenantUsersRolesAndGroups

    foreach ($MainTenantUser in $MainTenantUsers) {
        ### Add tenant to list of tenants the user is a member of
        if ($SubTenantUsers.UserPrincipalName -like ('{0}*' -f $MainTenantUser.UserPrincipalName.Replace("@", "_"))) {
            $MainTenantUser.AccessibleTenants += $Tenant.Name
        }

        ### Add the users roles and groups in the tenant
        $null = Add-Member -InputObject $MainTenantUser -MemberType 'NoteProperty' -Name $Tenant.Name -Force -Value (
            [PSCustomObject]@{
                Roles   = ($SubTenantUsers | Where-Object UserPrincipalName -like ('{0}*' -f $MainTenantUser.UserPrincipalName.Replace("@", "_")) | Select-Object Roles).Roles
                Groups  = ($SubTenantUsers | Where-Object UserPrincipalName -like ('{0}*' -f $MainTenantUser.UserPrincipalName.Replace("@", "_")) | Select-Object Groups).Groups
            }
        )
    }
}

foreach ($Tenant in $Tenants) {
    $properties += @{
        Name = "$($Tenant.Name) - AADRoles"
        Expression = {($_.($Tenant.Name).'Roles'.'DisplayName' | Sort-Object) -join ', '}
    }
    $properties += @{
        Name = "$($Tenant.Name) - Groups"
        Expression = {($_.($Tenant.Name).'Groups'.'DisplayName' | Sort-Object) -join ', '}
    }
}

$MainTenantUsers | Sort-Object 'DisplayName' | Select-Object $properties |
    Export-Csv -Path "$pathto\output.csv" -Encoding 'UTF8' -NoTypeInformation
4

1 回答 1

0

我设法通过改变我用来创建脚本块的方法来解决这个问题。

我从这个切换:

foreach ($Tenant in $Tenants) {
    $properties += @{
        Name = "$($Tenant.Name) - AADRoles"
        Expression = {($_.($Tenant.Name).'Roles'.'DisplayName' | Sort-Object) -join ', '}
    }
    $properties += @{
        Name = "$($Tenant.Name) - Groups"
        Expression = {($_.($Tenant.Name).'Groups'.'DisplayName' | Sort-Object) -join ', '}
    }
}

对此:

foreach ($Tenant in $Tenants.Name) {
    $properties += @{
        Name = "$Tenant - AADRoles"
        Expression = ([Scriptblock]::Create("(`$_.'$Tenant'.'Roles'.'DisplayName' | Sort-Object) -join ', '"))
    }
    $properties += @{
        Name = "$Tenant - Groups"
        Expression = ([Scriptblock]::Create("(`$_.'$Tenant'.'Groups'.'DisplayName' | Sort-Object) -join ', '"))
    }
}
于 2021-06-13T10:17:48.607 回答