search

SysManSquad / sysmansquadblog

1 stars 3 forks source link

Find Microsoft Accounts on Company Domains-SysManSquad | Systems Management Squad #23

Open utterances-bot opened 1 year ago

utterances-bot commented 1 year ago

Find Microsoft Accounts on Company Domains-SysManSquad | Systems Management Squad

A community blog and subsidiary of WinAdmins.io

https://sysmansquad.com/2020/11/23/find-microsoft-accounts/

BrentNewland commented 1 year ago

I had to make a few tweaks for it to work for us. I adjusted the filter to only show our primary domain, and sorted the resulting list alphabetically by email.

Exchange Online version:

$emailAddresses = Get-EXORecipient -RecipientTypeDetails UserMailbox -PropertySets Minimum | select -ExpandProperty Emailaddresses | where {$_ -like "SMTP:*@mydomain.com"} | foreach {$_ -replace '^smtp:'} 
$ApplicationID  = 'bd53bb89-0cc1-4eb3-90b7-ba008b1f2a2c'
$scope          = 'user.read'
$results = [System.Collections.ArrayList]::new()
$emailAddresses | foreach -Begin { $i = 1} -Process {
Write-Progress -Activity 'Checking Email Addresses for Microsoft Accounts' -CurrentOperation ("Checking {0} - {1}/{2}" -f $_,$i,$emailAddresses.Count) -PercentComplete ($i/($emailAddresses.count)*100)
$UserURL  = 'https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id={0}&scope={1}&response_type=code&state=23424&login_hint={2}' -f $ApplicationID,$scope,$_
$response = Invoke-WebRequest -Uri $UserURL 
$results.Add( 
[psCustomobject]@{
EmailAddress = $_
HasMSAccount = $response -match '"HasPassword":1' 
#Result       = $response.StatusCode
}
) | Out-Null
$i++
} 
$results | Sort-Object -Property EmailAddress

Exchange On-Prem version:

Our on-prem Exchange server has an older version of powershell, had to change the System.Collections.ArrayList, adjust the Get-Recipient command, and add a line enabling TLS 1.0, 1.1, and 1.2.

$emailAddresses = Get-Recipient -RecipientTypeDetails UserMailbox | select -ExpandProperty Emailaddresses | where {$_ -like "SMTP:*@mydomain.com"} | foreach {$_ -replace '^smtp:'} 
$ApplicationID  = 'bd53bb89-0cc1-4eb3-90b7-ba008b1f2a2c'
$scope          = 'user.read'
$results = New-Object System.Collections.ArrayList
$emailAddresses | foreach -Begin { $i = 1} -Process {
Write-Progress -Activity 'Checking Email Addresses for Microsoft Accounts' -CurrentOperation ("Checking {0} - {1}/{2}" -f $_,$i,$emailAddresses.Count) -PercentComplete ($i/($emailAddresses.count)*100)
$UserURL  = 'https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id={0}&scope={1}&response_type=code&state=23424&login_hint={2}' -f $ApplicationID,$scope,$_
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12
$response = Invoke-WebRequest -Uri $UserURL -UseBasicParsing
$results.Add( 
[psCustomobject]@{
EmailAddress = $_
HasMSAccount = $response -match '"HasPassword":1' 
#Result       = $response.StatusCode
}
) | Out-Null
$i++
} 
$results | Sort-Object -Property EmailAddress
PsychoData commented 1 year ago

Glad to see it's working for you Brent! Funnily enough, I am at a new company and was just coming back to reference this myself, and told my coworker "I HAVE a thing, but it's a few years old now, let's hope everything is still working the same!"

I'll definitely look over yours as well, and if it looks like there are fixes or anything would be helpful, I'll try to update the blog, thanks!

gblass commented 12 months ago

Has something changed. I followed the instructions above and all results how False. But i am almost positive we have duplicate accounts