我的任务是在我们的环境中删除所有启用MFA/禁用帐户的列表。我找到了一个脚本,并用我需要的额外字段进行了修改,其中之一是最后登录。我基本上需要此内容以通过报告过滤以删除任何类型的服务帐户/外部帐户ECT。导出到CSV时,我刚刚输出的代码
我已经尝试了我能找到(时间,日期,ect(
的所有lastlogon变体$Report = @()
$i = 0
$Accounts = (Get-MsolUser -All | ? {$_.StrongAuthenticationMethods -ne $Null} | Sort DisplayName)
ForEach ($Account in $Accounts) {
Write-Host "Processing" $Account.DisplayName
$i++
$Methods = $Account | Select -ExpandProperty StrongAuthenticationMethods
$MFA = $Account | Select -ExpandProperty StrongAuthenticationUserDetails
$State = $Account | Select -ExpandProperty StrongAuthenticationRequirements
$Methods | ForEach { If ($_.IsDefault -eq $True) {$Method = $_.MethodType}}
If ($State.State -ne $Null) {$MFAStatus = $State.State}
Else {$MFAStatus = "Disabled"}
$ReportLine = [PSCustomObject][Ordered]@{
User = $Account.DisplayName
UPN = $Account.UserPrincipalName
Department = $Account.Department
Office = $Account.Office
LastLogon = $Account.LastLogon
MFAMethod = $Method
MFAPhone = $MFA.PhoneNumber
MFAEmail = $MFA.Email
MFAStatus = $MFAStatus }
$Report += $ReportLine }
Write-Host $i "accounts are MFA-enabled"
$Report | Export-CSV -NoTypeInformation c:tempMFAUsers.CSV
在日期导出最后登录的任何帮助都很棒。
我无法测试,但是我认为您需要LastLogon = (Get-MailboxStatistics -Identity $Account.UserPrincipalName).LastLogonTime
。
作为旁注,在数组中添加对象很慢,并且有一种更简单的方法将发射对象收集到$Report
变量中:
$mfaEnabled = 0
$Accounts = (Get-MsolUser -All | ? {$_.StrongAuthenticationMethods -ne $Null} | Sort DisplayName)
$Report = foreach ($Account in $Accounts) {
Write-Host "Processing" $Account.DisplayName
$Methods = $Account | Select -ExpandProperty StrongAuthenticationMethods
$MFA = $Account | Select -ExpandProperty StrongAuthenticationUserDetails
$State = $Account | Select -ExpandProperty StrongAuthenticationRequirements
$Methods | ForEach-Object { If ($_.IsDefault -eq $True) {$Method = $_.MethodType}}
If ($State.State) {$MFAStatus = $State.State} else {$MFAStatus = "Disabled"}
# update the counter for MFA Enabled users
if ($MFAStatus -eq 'Enabled') { $mfaEnabled++ }
# just emit the PSObject here, it will be collected in the $Report variable.
# also, no need to use [ordered] on [PSCustomObject]
[PSCustomObject]@{
User = $Account.DisplayName
UPN = $Account.UserPrincipalName
Department = $Account.Department
Office = $Account.Office
LastLogon = (Get-MailboxStatistics -Identity $Account.UserPrincipalName).LastLogonTime
MFAMethod = $Method
MFAPhone = $MFA.PhoneNumber
MFAEmail = $MFA.Email
MFAStatus = $MFAStatus
}
}
Write-Host "$mfaEnabled accounts are MFA-enabled"
$Report | Export-CSV -NoTypeInformation c:tempMFAUsers.CSV