#Comparing 1 column in two multi column CSVs. $fileA="C:\Scripts\fileA.csv" $fileB="C:\Scripts\fileB.csv" $inFileA = (Import-Csv -Path $fileA).USERNAME $inFileB = (Import-Csv -Path $fileB).USERNAME #$NotInB = @() foreach ($Usr in $inFileA) { if ($inFileB -notcontains $Usr){ #$NotInB += $Usr $props = get-aduser $Usr -properties * $dn = $props.distinguishedname $extAtt1 = $props.extensionattribute1 $line = "$Usr,$extAtt1,$dn" $line #$line | add-content C:\Scripts\outfile.csv } }
Get Okta app information using an app ID
$appID = "xxxxxxxxxxxxxxxxxxxx" $org = "tenant.oktapreview.com" # Your tentant prefix - Ex. [TENANT].oktapreview.com or [TENANT]-admin.okta.com for production # May or may not need following Tls12 line [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $api_token = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # Your API Token. You can generate this from Admin - Security - API $uri = "https://$org/api/v1/apps/$appID" $webrequest = Invoke-WebRequest -Headers @{"Authorization" = "SSWS $api_token"} -Method Get -Uri $uri $json = $webrequest | ConvertFrom-Json $json # Get specific properties: $json.name $json.label $json.signOnMode
Get Okta App information using a search string
$srchString = "Adobe" $org = "tenant.oktapreview.com" # Your tentant prefix - Ex. [TENANT].oktapreview.com or [TENANT]-admin.okta.com for production # May or may not need following Tls12 line [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $api_token = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # Your API Token. You can generate this from Admin - Security - API $uri = "https://$org/api/v1/apps?q=$srchString" $webrequest = Invoke-WebRequest -Headers @{"Authorization" = "SSWS $api_token"} -Method Get -Uri $uri $json = $webrequest | ConvertFrom-Json # using a loop in case of multiple apps found with search string foreach ($A in $json){ $line = "$($A.label),$($A.id),$($A.signOnMode)" $line }
Get all users assigned to an app in Okta
# Get all users assigned to an app in Okta. # Using pagination to return over 200 users $org = "tenant.oktapreview.com" # Your tentant prefix - Ex. [TENANT].oktapreview.com or [TENANT]-admin.okta.com for production # May or may not need following Tls12 line [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $api_token = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # Your API Token. You can generate this from Admin - Security - API $sufix= Get-Date -format 'MM-dd-yyyy-hhmmss' $uri = "https://$org/api/v1/apps/$app/users?limit=200" $allusers = @() DO { $webrequest = Invoke-WebRequest -Headers @{"Authorization" = "SSWS $api_token"} -Method Get -Uri $uri $link = $webrequest.Headers.Link.Split("") $uri = $link[3] $json = $webrequest | ConvertFrom-Json $allusers += $json } while ($webrequest.Headers.Link.EndsWith('rel="next"')) $allusers $allusers.count
Get all Okta apps in tenant:
# GET ALL APPS IN TENANT # SAVES: APP NAME, STATUS, AND APP ID TO CSV FILE # USING PAGINATION FOR OVER 200 APPS $org = "tenant.oktapreview.com" # Your tentant prefix - Ex. [TENANT].oktapreview.com or [TENANT]-admin.okta.com for production # May or may not need following Tls12 line [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $api_token = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # Your API Token. You can generate this from Admin - Security - API $sufix= Get-Date -format 'MM-dd-yyyy-hhmmss' $outfile = "C:\Scripts\AllActiveApps_$sufix.csv" $uri = "https://$org/api/v1/apps?limit=200" $allActiveApps = $null DO { $webrequest = Invoke-WebRequest -Headers @{"Authorization" = "SSWS $api_token"} -Method Get -Uri $uri $link = $webrequest.Headers.Link.Split("") $uri = $link[3] $json = $webrequest | ConvertFrom-Json $allActiveApps += $json } while ($webrequest.Headers.Link.EndsWith('rel="next"')) foreach ($app in $allActiveApps){ $line = $null $theApp = $null $Stat = $null $theApp = $app.label $theAppID = $app.id $Stat = $app.status $line = "$theApp,$Stat,$theAppID" $line | out-file -append $outfile }
Get user by Okta username (email address)
$usr = "USER@COMPANY.COM" $org = "tenant.oktapreview.com" # Your tentant prefix - Ex. [tenant].oktapreview.com or [tenant]-admin.okta.com for production # May or may not need following Tls12 line [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $api_token = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # Your API Token. You can generate this from Admin - Security - API $uri = "https://$org/api/v1/users/$usr" $webrequest = Invoke-WebRequest -Headers @{"Authorization" = "SSWS $api_token"} -Method Get -Uri $uri $json = $webrequest | ConvertFrom-Json $usrInfo = $json #for all properties: $usrInfo #for specific properties: $usrInfo.status $usrInfo.profile.displayname $usrInfo.profile.employeenumber
Search for Okta user by using a search string
# SEARCH USERS BY USING SEARCH STRING. CAN CHANGE profile.email TO OTHER FIELDS $srchString = "theUserName" $org = "tenant.oktapreview.com" # Your tentant prefix - Ex. [tenant].oktapreview.com or [tenant]-admin.okta.com for production # May or may not need following Tls12 line [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $api_token = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # Your API Token. You can generate this from Admin - Security - API # CAN CHANGE profile.email TO OTHER FIELDS $uri = "https://$org/api/v1/users?search=profile.email sw %22$srchString%22" $webrequest = Invoke-WebRequest -Headers @{"Authorization" = "SSWS $api_token"} -Method Get -Uri $uri $json = $webrequest | ConvertFrom-Json $usrInfo = $json #for all properties: $usrInfo #for specific properties: $usrInfo.status $usrInfo.profile.displayname $usrInfo.profile.employeenumber
Get last Azure login(EST) using Msgraph
$Usr = "theSAMname" $UserID = (get-mgUser -UserId "$Usr@company.com").ID $LastAzLogin = (Get-MgUser -UserId $UserID -Property SignInActivity | Select-Object -ExpandProperty SignInActivity).LastSignInDateTime.addhours(-5) $Lo = $LastAzLogin.ToString('yyyy-MM-dd') $line = "$Usr,$Lo" $line
MS Bookings calendars
Get list of Bookings:
(Get-Mailbox -RecipientTypeDetails SchedulingMailbox -ResultSize:Unlimited).PrimarySmtpAddress
Get associated user(s) with Bookings calendar:
Get-Mailbox -RecipientTypeDetails SchedulingMailbox | Get-MailboxPermission | Select-Object Identity,User,AccessRights | Where-Object {($_.user -like '*@*')}
Remove Bookings address list from global address list (gal):
Set-Mailbox -Identity "BookingsEmailAddress" -HiddenFromAddressListsEnabled $True
Adding a user to a Booking as an Admin:
Add-MailboxPermission -Identity MyBooking@live.xxx.com -User joeUser@xxx.com -AccessRights FullAccess -InheritanceType All Add-RecipientPermission -Identity MyBooking@live.xxx.com -Trustee joeUser@xxx.com -AccessRights SendAs -Confirm:$false
Get MSIpatch information
Install-Module -Name MSIPatches Get-MsiPatch Get-OrphanedPatch Get-OrphanedPatch | Move-OrphanedPatch -Destination C:\Backup