The script can be used to generate a report that will include user accounts and the status of their MFA in Microsoft 365. For the script to work, you need to install Microsoft Azure Active Directory Module on each computer where Adaxes service is running. To connect to Microsoft 365, the script uses the credentials specified in the Run As section (located on the Script tab).
To generate the report:
- A scope is required. If report scope is left empty, the script will not work.
- The Organizational Unit or container selected in the scope for the report generation must be included into the associated scope of a Microsoft 365 tenant registered in Adaxes.
Parameters:
- $columnID - Specifies the identifier of the custom column that will store states of users MFA in Microsoft 365. To get the identifier:
- In the Report-specific columns section, on the Columns tab, right-click the custom column.
- In the context menu, navigate to Copy and click Column ID.
- The column identifier will be copied to clipboard.
PowerShell
Import-Module MsOnline
$columnID = "{406bec83-0e40-4291-88a2-208da5df346b}"
# Get member identifiers
$Context.DirectorySearcher.AppendFilter("(sAMAccountType=805306368)")
$Context.DirectorySearcher.SearchParameters.PropertiesToLoad.Add("adm-O365ObjectId")
try
{
$searchIterator = $Context.DirectorySearcher.ExecuteSearch()
$baseObject = $Context.BindToObject($Context.DirectorySearcher.BaseObjectPath)
# Connect to Microsoft 365
$password = ConvertTo-SecureString -AsPlainText -Force -String $Context.RunAs.Password
$credential = New-Object System.Management.Automation.PsCredential($Context.RunAs.UserName, $password)
Connect-MsolService -Credential $credential
while ($Context.MoveNext($searchIterator))
{
$searchResult = $searchIterator.Current
$id = $searchResult.GetPropertyByName("adm-O365ObjectId").Values[0]
if ($NULL -eq $id)
{
continue
}
# Get MFA state
$user = Get-MsolUser -ObjectId ([Guid]$id)
if ($NULL -eq $user.StrongAuthenticationRequirements.State)
{
$mfaState = "Disabled"
}
else
{
$mfaState = $user.StrongAuthenticationRequirements.State
}
# Add user to the report
$Context.Items.Add($searchResult, @{ $columnID = $mfaState }, $NULL)
}
}
finally
{
# Release resources
if ($searchIterator) { $searchIterator.Dispose() }
}
Thank you for the script, Adaxes.
Sorry for the confusion, but we are not sure what exactly you need to achieve. Please, describe the desired workflow in all the possible details with live examples.