vilega-AddRbacDiags-35

vilega · May 27, 2020 · 907a405 · 907a405
1 parent 7600409
commit 907a405
Show file tree

Hide file tree

Showing 6 changed files with 82 additions and 22 deletions.
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,2 @@
+{
+}
diff --git a/ActionPlans/Start-AllUsersWithAllRoles.ps1 b/ActionPlans/Start-AllUsersWithAllRoles.ps1
@@ -0,0 +1,14 @@
+$Workloads = "exo"
+Connect-O365PS $Workloads
+$CurrentProperty = "Connecting to: $Workloads"
+$CurrentDescription = "Success"
+write-log -Function "Connecting to O365 workloads" -Step $CurrentProperty -Description $CurrentDescription 
+
+$ts= get-date -Format yyyyMMdd_HHmmss
+$ExportPath = "$global:WSPath\RbacRole_$ts"
+mkdir $ExportPath -Force
+. $script:modulePath\ActionPlans\Start-RbacTools.ps1
+Get-AllUsersWithAllRoles
+Read-Host "Press any key then [Enter] to return to main menu"
+Clear-Host
+Start-O365TroubleshootersMenu
diff --git a/ActionPlans/Start-FindUserWithSpecificRbacRole.ps1 b/ActionPlans/Start-FindUserWithSpecificRbacRole.ps1
@@ -0,0 +1,14 @@
+$Workloads = "exo"
+Connect-O365PS $Workloads
+$CurrentProperty = "Connecting to: $Workloads"
+$CurrentDescription = "Success"
+write-log -Function "Connecting to O365 workloads" -Step $CurrentProperty -Description $CurrentDescription 
+
+$ts= get-date -Format yyyyMMdd_HHmmss
+$ExportPath = "$global:WSPath\RbacRole_$ts"
+mkdir $ExportPath -Force
+. $script:modulePath\ActionPlans\Start-RbacTools.ps1
+Get-SpecificRoleMembers
+Read-Host "Press any key then [Enter] to return to main menu"
+Clear-Host
+Start-O365TroubleshootersMenu
diff --git a/ActionPlans/Start-OfficeMessageEncryption.ps1 b/ActionPlans/Start-OfficeMessageEncryption.ps1
@@ -772,15 +772,15 @@ Select a task by number or Q to go back
 
 
 # Connect Workloads (split workloads by comma): "msol","exo","eop","sco","spo","sfb","AipService"
-$Workloads = "exo", "sco", "AIPService"
+$Workloads = "exo", "sco", "AIPService","msol"
 Connect-O365PS $Workloads
 
 $CurrentProperty = "Connecting to: $Workloads"
 $CurrentDescription = "Success"
 write-log -Function "Connecting to O365 workloads" -Step $CurrentProperty -Description $CurrentDescription 
 
 $ts = Get-Date -Format yyyyMMdd_HHmmss
-$pathOME=$global:WSPath+"\$($ts)_Config_AIP"
+$pathOME=$global:WSPath+"\OfficeMessageEncryption_$ts"
 mkdir "$pathOME"
 mkdir "$pathOME\Logs" 
 Start-transcript -Path "$pathOME\OMEv2Transcript_$ts.txt" -Verbose

diff --git a/ActionPlans/Start-RbacTools.ps1 b/ActionPlans/Start-RbacTools.ps1
@@ -0,0 +1,21 @@
+Function Get-SpecificRoleMembers {
+    param ([string[]]$roles)
+
+    if (!($roles)) {
+
+        $roles = (Get-ManagementRole | Select-Object name | Sort-Object name  |Out-GridView -PassThru -Title "List users that have the role you selected:").Name
+    }
+    $GetEffectiveUsers = Get-ManagementRoleAssignment -GetEffectiveUsers | Where-Object {(($_.Enabled -eq $True) -and ($roles -match $_.Role))} |`
+        Select-Object Role, RoleAssigneeName, RoleAssigneeType, RoleAssignmentDelegationtype, User, CustomRecipientWriteScope, CustomConfigWriteScope, RecipientWriteScope, ConfigWriteScope, Identity |`
+        export-csv "$ExportPath\RoleMembers_$ts.csv" -NoTypeInformation 
+    Write-Host "The list of user who have $roles assigned was exported to $ExportPath\RoleMembers_$ts.csv" -ForegroundColor Cyan
+    return $GetEffectiveUsers
+}
+
+Function Get-AllUsersWithAllRoles {
+
+    Get-ManagementRoleAssignment -GetEffectiveUsers -| Where-Object {($_.Enabled -eq $True)} |`
+         Select-Object Role, RoleAssigneeName, RoleAssigneeType, RoleAssignmentDelegationtype, User, CustomRecipientWriteScope, CustomConfigWriteScope, RecipientWriteScope, ConfigWriteScope, Identity |`
+         export-csv "$ExportPath\ManagementRoleAssignmentUsers_$ts.csv" -NoTypeInformation
+    Write-Host "Export all users with all the roles assigned to the file: $ExportPath\ManagementRoleAssignmentUsers_$ts.csv" -ForegroundColor Cyan
+}
diff --git a/O365Troubleshooters.psm1 b/O365Troubleshooters.psm1
@@ -170,7 +170,7 @@ Function Connect-O365PS { # Function to connecto to O365 services
                         $Global:banner = "Azure AD (MSOL) PowerShell"
                         $try++
                         # Creating the session for PS MSOL Service
-                        Connect-MsolService �Credential $O365Cred -ErrorVariable errordescr -ErrorAction SilentlyContinue  <### -ErrorAction SilentlyContinue  -> Update_Razvan: add this option at the end of each connection line after verifying that the function are ok #>
+                        Connect-MsolService -Credential $O365Cred -ErrorVariable errordescr -ErrorAction SilentlyContinue  <### -ErrorAction SilentlyContinue  -> Update_Razvan: add this option at the end of each connection line after verifying that the function are ok #>
                         $Global:Domain = get-msoldomain -ErrorAction SilentlyContinue | Where-Object {$_.name -like "*.onmicrosoft.com" } | Where-Object {$_.name -notlike "*mail.onmicrosoft.com"}  
                         $CurrentError = $errordescr.exception.message <### Update_Razvan: verify every error message on every connection endpoint and changed it accordingly: $errordescr | fl * -Force #>
                         # Connection Errors check (mostly for wrong credentials reasons)
@@ -223,7 +223,7 @@ Function Connect-O365PS { # Function to connecto to O365 services
                         }
                             try {
 
-                            $Global:EXOSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $O365Cred -Authentication "Basic" -AllowRedirection -SessionOption $PSsettings -ErrorVariable errordescr -ErrorAction Stop 
+                            $Global:EXOSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $global:O365Cred -Authentication "Basic" -AllowRedirection -SessionOption $PSsettings -ErrorVariable errordescr -ErrorAction Stop 
                             $CurrentError = $errordescr.exception  
                             Import-Module (Import-PSSession $EXOSession  -AllowClobber -DisableNameChecking) -Global -DisableNameChecking -ErrorAction SilentlyContinue
                             $CurrentDescription = "Success"
@@ -265,7 +265,7 @@ Function Connect-O365PS { # Function to connecto to O365 services
                 $try++
                 $CurrentError = $errordescr.exception
                 Import-Module ExchangeOnlineManagement -Global -DisableNameChecking  -ErrorAction SilentlyContinue
-                Connect-ExchangeOnline -Credential $O365Cred -PSSessionOption $PSsettings -ErrorVariable errordescr -ErrorAction Stop 
+                Connect-ExchangeOnline -Credential $global:O365Cred -PSSessionOption $PSsettings -ErrorVariable errordescr -ErrorAction Stop 
                 # Connection Errors check (mostly for wrong credentials reasons)
                 &$Global:CredentialValidation
     }
@@ -289,7 +289,7 @@ Function Connect-O365PS { # Function to connecto to O365 services
                         $Global:banner = "Exchange Online Protection PowerShell"
                         $try++
                         # Creating EOP PS session
-                        $Global:EOPSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.protection.outlook.com/powershell-liveid" -Credential $O365Cred -Authentication "Basic" -AllowRedirection -SessionOption $PSsettings -ErrorVariable errordescr -ErrorAction SilentlyContinue 
+                        $Global:EOPSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.protection.outlook.com/powershell-liveid" -Credential $global:O365Cred -Authentication "Basic" -AllowRedirection -SessionOption $PSsettings -ErrorVariable errordescr -ErrorAction SilentlyContinue 
                         $CurrentError = $errordescr.exception
                         Import-Module (Import-PSSession $EOPSession  -AllowClobber -DisableNameChecking ) -Global -DisableNameChecking  -ErrorAction SilentlyContinue
                         # Connection Errors check (mostly for wrong credentials reasons)
@@ -315,7 +315,7 @@ Function Connect-O365PS { # Function to connecto to O365 services
                         $Global:Error.Clear();
                         $Global:banner = "Security and Compliance Center Powershell"
                         $try++ 
-                        $Global:SCCSession = New-PSSession -ConfigurationName Microsoft.Compliance -ConnectionUri "https://ps.compliance.protection.outlook.com/powershell-liveid/" -Credential $O365Cred -Authentication "Basic" -AllowRedirection -SessionOption $PSsettings -ErrorVariable errordescr -ErrorAction SilentlyContinue
+                        $Global:SCCSession = New-PSSession -ConfigurationName Microsoft.Compliance -ConnectionUri "https://ps.compliance.protection.outlook.com/powershell-liveid/" -Credential $global:O365Cred -Authentication "Basic" -AllowRedirection -SessionOption $PSsettings -ErrorVariable errordescr -ErrorAction SilentlyContinue
                         $CurrentError = $errordescr.exception
                         Import-Module (Import-PSSession $SCCSession  -AllowClobber -DisableNameChecking) -Global -DisableNameChecking -Prefix CC -ErrorAction SilentlyContinue
                         #Credentials check
@@ -390,7 +390,7 @@ Function Connect-O365PS { # Function to connecto to O365 services
                         # Import SFB Online PS module
                         Import-Module LyncOnlineConnector
                         # Creating a new SFB Online PS Session
-                        $global:sfboSession = New-CsOnlineSession -Credential $O365Cred -ErrorVariable errordescr
+                        $global:sfboSession = New-CsOnlineSession -Credential $global:O365Cred -ErrorVariable errordescr
                         $CurrentError = $errordescr.exception
                         Import-Module (Import-PSSession $sfboSession -DisableNameChecking -AllowClobber) -Global -DisableNameChecking 
                         # Credentials check
@@ -417,13 +417,13 @@ Function Connect-O365PS { # Function to connecto to O365 services
                         # Import AIPService module
                         Import-Module AIPService
                         # Creating a new AIPService PS Session
-                        Connect-AIPService -Credential $O365Cred -ErrorVariable errordescr
+                        Connect-AIPService -Credential $global:O365Cred -ErrorVariable errordescr 
                         $CurrentError = $errordescr.exception
                         # Credentials check
                         &$Global:CredentialValidation
                     }
                  while (($Try -le 2) -and ($null -ne $Global:Error)) 
-                 &$Global:DisplayConnects
+                 &$Global:DisplayConnect
     }
   }
 #endregion Connection scripts region
@@ -726,7 +726,7 @@ function Disconnect-All {
     }
 
     write-log -Function "Disconnect - ExecutionPolicy" -Step $CurrentProperty -Description $CurrentDescription
-    Read-Host -Prompt "Please press [Enter] to continue"
+    # Read-Host -Prompt "Please press [Enter] to continue"
     }
 
 
@@ -739,16 +739,17 @@ Function    Start-O365Troubleshooters
 
 Function Start-O365TroubleshootersMenu {
     $menu=@"
-    1 Office Message Encryption General Troubleshooting
-    2 Analyze compromise account/tenant
-    3 SMTP Relay Test
-    4 Tools: Exchange Online Audit Search
-    5 Tools: Unified Logging Audit Search
-    6 Tools: Azure AD Audit Log Search
-    7 Tools: Find all users with a specific RBAC Role
-    8 Tools: Export All Available  Mailbox Diagnostic Logs for a given mailbox
-    9 Tools: Decode SafeLinks URL
-    Q Quit
+    1  Encryption: Office Message Encryption General Troubleshooting
+    2  Security: Analyze compromise account/tenant
+    3  Mail Flow: SMTP Relay Test
+    4  Tools: Exchange Online Audit Search
+    5  Tools: Unified Logging Audit Search
+    6  Tools: Azure AD Audit Log Search
+    7  Tools: Find all users with a specific RBAC Role
+    8  Tools: Find all users with a specific RBAC Role
+    9  Tools: Export All Available  Mailbox Diagnostic Logs for a given mailbox
+    10 Tools: Decode SafeLinks URL
+    Q  Quit
      
     Select a task by number or Q to quit
 "@
@@ -788,23 +789,31 @@ Switch ($r) {
         . $script:modulePath\ActionPlans\Start-FindUserWithSpecificRbacRole.ps1
     }
     "8" {
+        Write-Host "Tools: Find all users with all RBAC Role" -ForegroundColor Green
+        . $script:modulePath\ActionPlans\Start-AllUsersWithAllRoles.ps1
+    }
+
+    "9" {
         Write-Host "Tools: Export All Available  Mailbox Diagnostic Logs for a given mailbox" -ForegroundColor Green
         . $script:modulePath\ActionPlans\Start-MailboxDiagnosticLogs.ps1
     }
 
-    "9" {
+    "10" {
         Write-Host "Tools: Decode SafeLinks URL" -ForegroundColor Green
         . $script:modulePath\ActionPlans\Start-DecodeSafeLinksURL.ps1
     }
 
     "Q" {
         Write-Host "Quitting" -ForegroundColor Green
+        Start-Sleep -Seconds 2
         Disconnect-all 
         exit
     }
 
     default {
         Write-Host "I don't understand what you want to do. Will reload the menu!" -ForegroundColor Yellow
+        Start-Sleep -Seconds 2
+        Clear-Host
         Start-O365TroubleshootersMenu 
      }
     }