PS - Office 365 Admin Role Group Membership Report

Office 365 Admin Role Group Membership Report

There's a handy script by Joey Hornick on the TechNet Gallery - https://gallery.technet.microsoft.com/office/Office-365-Role-Group-a12842a2#content to create a report of Office 365 Admin Role Group membership.

<#

.SYNOPSIS

Get-Office365GroupMemberReport.ps1 - Enumerate the membership of Exchange RBAC groups

.DESCRIPTION

This PowerShell script reports the membership of Office 365 RBAC groups.

.OUTPUTS

Results are output to CSV. Each RBAC group is reported in a separate CSV file

with a Summary.csv file also generated.

.EXAMPLE

.\Get-Office365GroupMemberReport.ps1

Generates the CSV files.

.NOTES

Written by: Joey Hornick

Change Log

V1.00, 03/24/2017 - Initial version

v1.01, 04/10/2017 - Added tenant name to Summary file, files dropped in C:\Temp

#>

#...................................

# Variables

#...................................

$outputpath = 'C:\Temp\'

$summary = @()

$summaryFile = "$outputpath"+"$tenant Tenant Summary.csv"

$tenant = (((Get-MsolDomain | Where-Object {$_.IsInitial -EQ $true}).Name).Split(".",3) | Select-Object -Index 0)

#...................................

# Script

#...................................

# Get the list of RBAC role groups

$RoleGroups = Get-MsolRole | Where-Object {$_.Name -ne 'Directory Writers' -and $_.Name -ne 'Directory Readers'}

# Loop through the list of role groups and extract membership

foreach ($RoleGroup in $RoleGroups)

{

    Write-Host -ForegroundColor White "----------------- Processing" $RoleGroup.Name

   

    $MemberList = @()

    $RoleGroupMembers = @(Get-MsolRoleMember -RoleObjectId $RoleGroup.ObjectId | Get-MSOLUser | Select DisplayName,UserPrincipalName,BlockCredential,IsLicensed,LastPasswordChangeTimestamp)

    if ($RoleGroupMembers.Count -gt 0)

    {

        Write-Host "Getting info about group members"

        foreach ($member in $RoleGroupMembers)

        {

           

            if (!($MemberList.CanoniCalName -icontains $member.DisplayName))

            {

                Write-Host -Foreground Green "Adding $($member.DisplayName)"

                $MemberList += $member

            }

            else

            {

                Write-Host -Foreground Cyan "Results already include $($member.DisplayName)"

            }

        }

   

    #Export the membership of the role group to CSV

    $MemberList | Sort DisplayName| Export-CSV -NoTypeInformation -Path $outputpath"$($RoleGroup.Name)-Members.csv"

    }

    else

    {

        Write-Host "$RoleName contains no members"

    }

   

    # Calculate some stats for the summary CSV

    $totalcount = $MemberList.Count

    $enabledcount = @($MemberList | Where {$_.Enabled -eq $true}).count

    $disabledcount = @($MemberList | Where {$_.Enabled -eq $false}).count

    # Custom object foor the summary CSV data

    $summaryObj = New-Object PSObject

    $summaryObj | Add-Member NoteProperty -Name "Role Group" -Value $RoleGroup.Name

    $summaryObj | Add-Member NoteProperty -Name "Total Members" -Value $totalcount

    $summaryObj | Add-Member NoteProperty -Name "Enabled Accounts" -Value $enabledcount

    $summaryObj | Add-Member NoteProperty -Name "Disabled Accounts" -Value $disabledcount

    $summary += $summaryObj

}

# Generate the summary CSV file

$summary | Export-CSV -NoTypeInformation -Path $summaryFile

Write-Host "Finished."

#...................................

# Finished

#...................................