Skip to main content
HashnodeDo it PowerShell way :)Do it PowerShell way :)

Command Palette

Search for a command to run...

How to find all places in Azure where specific account is used

a.k.a. account usage overview

Published
β€’2 min read
How to find all places in Azure where specific account is used
O
Ondrej Sebela

I work as System Administrator for more than 15 years now and I love to make my life easier by automating work & personal stuff via PowerShell (even silly things like food recipes list generation).

Part of seriesAzure

I recently dealt with a situation where I needed to clean up our Azure from previously disabled users. To handle such a task, you need to know where such accounts are used in the first place 😁

Therefore I've created the PowerShell function Get-AzureADAccountOccurrence. Because it requires a lot of other helper functions and modules, I've decided to place it into the new AzureADStuff module.

Get-AzureADAccountOccurrence function takes account ID (or UPN) as an input (account can be user, group, service principal) and outputs PSObject with following properties:

  • what account owns (applications, DevOps organizations, sharepoint sites)
  • where is this account as a manager (direct report)
  • membership:
    • directory role membership
    • group membership
    • DevOps role membership
  • IAM role assignments (over groups, resources, resource groups, management groups, subscriptions,.. accross all subscriptions)
  • application:
    • permission consents
    • Users and Groups role assignments

And the result can look like thisπŸ‘‡ image.png image.png image.png image.png

How to

  1. Get all required modules
    • Install the module with all required modules using Install-Module AzureADStuff command

  2. Connect to the cloud services by calling:

    • Connect-AzureAD2
    • Connect-PnPOnline2 -url https://contoso-admin.sharepoint.com (use your own SharePoint admin URL)
    • Connect-AzAccount2

      I've tested this under Global Admin account, but Global Reader or Security Reader IAM role member at Tenant Root Group in Management groups Azure section, should be fine I guess.

  3. Call my function like Get-AzureADAccountOccurrence -UserPrincipalName user@contoso.com -Verbose

    By default, all available data are gathered. If you want just some subset of them, use data parameter. image.png

If you do not want to use PowerShell Gallery installation, you can manually download the module AzureADStuff from my repository. Then install all required modules by calling Install-Module Az.Accounts, Az.Resources, AzureAD, PnP.PowerShell, MSAL.PS. And import downloaded AzureADStuff module using Import-Module command.

Summary

Get-AzureADAccountOccurrence helps to understand where a specific account is used in your AzureAD environment. This can be helpful in many situations like cleaning up your AzureAD from disabled accounts, account usage auditing, account permission review, etc.

I've also created a function for removing/replacing an account from all places where it was found. But that is for another blog post πŸ˜‰

#azure#security#search

Comments

Join the discussion

No comments yet. Be the first to comment.

Azure

Part 23 of 24
Up next

How to get all Azure DevOps organizations in your AzureAD directory using PowerShell

I was in a situation where I needed to audit some DevOps-related data. What was my surprise when I realized that there is no programmatic way to get all existing Azure DevOps organizations (at least uncle Google didn't offer me any). Sure you can vi...

More from this blog

D

Do it PowerShell way :)

78 posts

With over 15 years of experience as a system administrator, I have a passion for automating workflows using PowerShell. I believe in sharing my creations with the community. Why not, right? :)