Azure AD - 获取用户角色 - PowerShell
Azure AD - Get User Role - PowerShell
问题,因为我有一个完整的脚本可以从 Azure AD 中删除用户信息。
但是,我遇到的一件事是获取“任何用户的用户角色”
目标是检查登录用户是否为“全局管理员”,如果不是,则退出脚本。
Write-Host "Connect to AzureAD" -ForegroundColor Yellow
Connect-AzureAD
Write-Host "[] Validating Azure signed-in User's Role ... " -ForegroundColor Yellow
$currentUser = (Get-AzureADUser -ObjectId (Get-AzureADCurrentSessionInfo).Account.Id)
$currentUser
$MyName = $currentUser.DisplayName
Write-Host "[✔] Welcome: $MyName" -ForegroundColor Green
Write-Host "Your role is: "
尝试使用以下两个,没有成功
Get-AzureADCurrentSessionInfo
Get-AzureADDirectoryRoleMember
有人可以帮忙吗。
供参考:GUI 屏幕截图
因为有这个脚本可以与我上面的目标结合使用
$role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Global Administrator'}
Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId
谢谢
我刚刚知道怎么做了。
这是脚本。
Connect-AzureAD
#Validate Logged in User's Role (Still in progress, maybe I can use if-else if the user is not Globale Administrator or Application Administrator
Write-Host "[] Validating Azure signed-in User's Role ... " -ForegroundColor Yellow
$currentUser = (Get-AzureADUser -ObjectId (Get-AzureADCurrentSessionInfo).Account.Id)
$currentUser
$MyName = $currentUser.DisplayName
Write-Host "[✔] Welcome: $MyName" -ForegroundColor Green
Get-AzureADCurrentSessionInfo
Get-AzureADDirectoryRole
#Getting SMTP - UPN Only
$MyNameUPN = $currentUser.UserPrincipalName
$MyNameUPN
#List all Who are Global Admin
$role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Global Administrator'}
Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId
#Looking using current user UPN to look for user role under the Global Admins
$UserRole = Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId | Where-Object {$_.UserPrincipalName -eq $MyNameUPN}
$UserRole
#Getting SMTP - UPN Only
$MyNameRoleUPN = $UserRole.UserPrincipalName
$MyNameRoleUPN
#Checker if
If ($MyNameUPN -eq $MyNameRoleUPN) {
Write-Host "User is Global Admin!" -ForegroundColor Green
} Else {
Write-Host "You are not a Global Admin. Sorry! Closing this app" -ForegroundColor Red
# Pop-up message
Add-Type -AssemblyName System.Windows.Forms
[System.Windows.Forms.MessageBox]::Show("
[❌]
Config File
You are not a Global Admin.Sorry!
Closing this app❗
")
Sleep 1
}
问题,因为我有一个完整的脚本可以从 Azure AD 中删除用户信息。
但是,我遇到的一件事是获取“任何用户的用户角色”
目标是检查登录用户是否为“全局管理员”,如果不是,则退出脚本。
Write-Host "Connect to AzureAD" -ForegroundColor Yellow
Connect-AzureAD
Write-Host "[] Validating Azure signed-in User's Role ... " -ForegroundColor Yellow
$currentUser = (Get-AzureADUser -ObjectId (Get-AzureADCurrentSessionInfo).Account.Id)
$currentUser
$MyName = $currentUser.DisplayName
Write-Host "[✔] Welcome: $MyName" -ForegroundColor Green
Write-Host "Your role is: "
尝试使用以下两个,没有成功
Get-AzureADCurrentSessionInfo
Get-AzureADDirectoryRoleMember
有人可以帮忙吗。
供参考:GUI 屏幕截图
因为有这个脚本可以与我上面的目标结合使用
$role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Global Administrator'}
Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId
谢谢
我刚刚知道怎么做了。
这是脚本。
Connect-AzureAD
#Validate Logged in User's Role (Still in progress, maybe I can use if-else if the user is not Globale Administrator or Application Administrator
Write-Host "[] Validating Azure signed-in User's Role ... " -ForegroundColor Yellow
$currentUser = (Get-AzureADUser -ObjectId (Get-AzureADCurrentSessionInfo).Account.Id)
$currentUser
$MyName = $currentUser.DisplayName
Write-Host "[✔] Welcome: $MyName" -ForegroundColor Green
Get-AzureADCurrentSessionInfo
Get-AzureADDirectoryRole
#Getting SMTP - UPN Only
$MyNameUPN = $currentUser.UserPrincipalName
$MyNameUPN
#List all Who are Global Admin
$role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Global Administrator'}
Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId
#Looking using current user UPN to look for user role under the Global Admins
$UserRole = Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId | Where-Object {$_.UserPrincipalName -eq $MyNameUPN}
$UserRole
#Getting SMTP - UPN Only
$MyNameRoleUPN = $UserRole.UserPrincipalName
$MyNameRoleUPN
#Checker if
If ($MyNameUPN -eq $MyNameRoleUPN) {
Write-Host "User is Global Admin!" -ForegroundColor Green
} Else {
Write-Host "You are not a Global Admin. Sorry! Closing this app" -ForegroundColor Red
# Pop-up message
Add-Type -AssemblyName System.Windows.Forms
[System.Windows.Forms.MessageBox]::Show("
[❌]
Config File
You are not a Global Admin.Sorry!
Closing this app❗
")
Sleep 1
}