Next round of PowerShell “inventory” scripts

For those of you that don’t follow (why!?), here’s the next round of PowerShell scripts I published. The first one addresses a gap that Microsoft has left unfilled for years now, namely reporting on any files that your OneDrive for Business users have shared. The script uses the Graph API to get a list of all users in the tenant, then for each user checks the presence of a OneDrive for Business (sadly, no way to just list all users that have ODFB enabled). Then, for each ODFB drive, it enumerates all the files and checks whether a given file has been shared, either by direct permissions, sharing link or invitation. In addition, the script will try to determine whether the file has been shared externally, by comparing the email addresses of the invitee with the list of domains registered in your tenant.

Make sure to read the above article for more details. You can get the script from the TechNet Gallery or GitHub. 

The other “inventory” script I published will help you get a comprehensive inventory of all RBAS assignments in your organization. Auditing role assignments is something you should be doing regularly, especially when it comes to more sensitive roles such as Application Impersonation. The script will help you with this task by listing each individual user that has any assignments, effectively expanding the membership of any Role Groups and mail-enabled security groups that have been assigned roles. It will also help you identify those users, as they are only referenced by their display name in Exchange Online. Optionally, the script can also list any Role Groups that have no assignments, so you can get the full picture.

As with the other script, you can get more information from the article over at Get the script from the TechNet Gallery or GitHub.

1 thought on “Next round of PowerShell “inventory” scripts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.