Powershell Cheat sheet

Powershell Cheat sheet

List all mailboxes with a forwardingaddress set

Get-Mailbox | Where-Object {$_.ForwardingSMTPAddress -ne $null} | Select-Object DisplayName,PrimarySMTPAddress,ForwardingSMTPAddress,Whencreated

Get MFA status

Get-MsolUser -all | Select-Object DisplayName,UserPrincipalName,@{N="MFA Status"; E={ if( $_.StrongAuthenticationRequirements.State -ne $null){ $_.StrongAuthenticationRequirements.State} else { "Disabled"}}}

Teamsgroup export with membercount, owners, whencreated etc

Write-Output "DisplayName;Address;Owner;Members;WhenCreated;WhenChanged" | Out-File C:\temp\groups.csv
$groups = Get-UnifiedGroup 
foreach($group in $groups)
    {
        $owner = (Get-UnifiedGroupLinks "$($group.DisplayName)" -LinkType Owner).Name -join "|"
        $memberCount = (Get-UnifiedGroupLinks "$($group.DisplayName)" -LinkType member).count
        "$($group.DisplayName)" + ";" + "$($group.PrimarySMTPAddress)" + ";" + $owner + ";" + $memberCount + ";" + "$($group.WhenCreated)" + ";" + "$($group.WhenChanged)" | out-file C:\temp\groups.csv -Append
    }

List all users and the assigned plans including when it was assigned. Export to CSV

Get-AzureADUser | Select-Object displayName -ExpandProperty assignedplans | Export-Csv C:\slask\test2.csv -NoTypeInformation -Encoding UTF8

Or you can match one serviceplan from https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-service-plan-reference

Get-AzureADUser | Where-Object {$_.AssignedPlans.ServicePlanId -match "d5156635-0704-4f66-8803-93258f8b2678"} | Select-Object displayName -ExpandProperty assignedplans | Where-Object {$_.Serviceplanid -match "d5156635-0704-4f66-8803-93258f8b2678"} | Export-Csv C:\slask\test.csv -NoTypeInformationCheck when licenses were assigned (actually when the service was assigned)

List available Account SKUIDs (licenses)

Get-MsolAccountSku

List all services enabled for a user with a specific license

((Get-MsolUser -UserPrincipalName "[email protected]").Licenses | Where-Object {$_.AccountSkuId -match "<AccountSku>"}).ServiceStatus

Re-enable services for an account (all)

$licenseObject = New-MsolLicenseOptions -AccountSkuId "<AccountSku>" 
Set-MsolUserLicense -UserPrincipalName "[email protected]" -LicenseOptions $licenseObject

Convert GUID to ImmuteableId

And vice versa...

GUID -> ImmuteableId

[Convert]::ToBase64String([guid]::New("87475e6b-319f-431e-a283-cbba08afb1ee").ToByteArray())

ImmutableId -> GUID

[Guid]([Convert]::FromBase64String("a15Hh58xHkOig8u6CK+x7g=="))

Installing the module

Install-Module PowershellGet -Force
Install-Module Microsoft.Graph

Interactive Connection

This will open up your default browser and ask you to sign in. This will grant permission of the user

Connect-MgGraph

Interactive login with limited scope

For example, only requesting permissions for User.Read.All

Connect-MgGraph -Scopes User.Read.All

Non interactive with certificate

Starting the migrate from the old modules

Finding the right command

Finding the right command based on old cmdlet

Finding the right command based on URL from the Api

Searching user by UserPrincipalName

Get-Mguser -Search "userprincipalname:[email protected]" -ConsistencyLevel eventual
Previous1Password Github setupNextInstall Portainer

Last updated

Was this helpful?