I am trying to create a script that locates a user, group, application, or service principal using an object id and application id (for application and service principal). I would like the script to be able to run with or without a switch parameter. I would like for it to be able to search all or be specific where to search. For example:
Search all: ./test.ps1 -ObjectId "xxxx-xxxx-xxxx-xxxxxx"
users and groups only: ./test.ps1 -ObjectId "xxxx-xxxx-xxxx-xxxxxx" -User -Group
applications only: ./test.ps1 -ObjectId "xxxx-xxxx-xxxx-xxxxxx" -App
If someone could check my work and provide feedback and/or suggestions, it would be very much appreciated! Thank you!
[CmdletBinding(DefaultParameterSetName='SearchAll')]
param(
[Parameter(Mandatory=$true)]
[ValidatePattern("^[a-z_0-9]{8}[-][a-z_0-9]{4}[-][a-z_0-9]{4}[-][a-z_0-9]{4}[-][a-z_0-9]{12}")]
$objectID,
[Parameter(ParameterSetName = 'Switches')]
[switch]$User,
[Parameter(ParameterSetName = 'Switches')]
[switch]$Group,
[Parameter(ParameterSetName = 'Switches')]
[switch]$sp,
[Parameter(ParameterSetName = 'Switches')]
[switch]$App
)
if($PSCmdlet.ParameterSetName -eq 'Switches')
{
if ($user.IsPresent) {
Get-AzADUser -ObjectId $objectID | Select-Object Mail, DisplayName
$found = $true }
if ($group.IsPresent) {
Get-AzADGroup -ObjectId $objectID | Select-Object DisplayName, Description, Id
$found = $true }
if ($app.IsPresent) {
Get-AzADApplication -ObjectId $objectID | Select-Object ObjectType, DisplayName, Id, Type, ApplicationId
Get-AzADApplication -ApplicationId $objectID | Select-Object ObjectType, DisplayName, Id, Type, ApplicationId
$found = $true }
if ($sp.IsPresent) {
Get-AzADServicePrincipal -ObjectId $objectID | Select-Object ObjectType, DisplayName, Id, Type, ApplicationId
Get-AzADServicePrincipal -ApplicationId $objectID | Select-Object ObjectType, DisplayName, Id, Type, ApplicationId
$found = $true }
if (-not $found) { Write-Warning "Not found." }
}
else{
$user = Get-AzADUser -ObjectId $objectID
if ($user)
{
$user | Format-List Mail, DisplayName
}
else
{
$group = Get-AzADGroup -ObjectId $objectID
if ($group)
{
$group | Format-List DisplayName, Description, Id
}
else
{
$appO = Get-AzADApplication -ObjectId $objectID
if ($appO)
{
Write-Host "ObjectID"
$appO | Format-List ObjectType, DisplayName, Id, Type, ApplicationId
}
else
{
$appA = Get-AzADApplication -ApplicationId $objectID
if ($appA)
{
Write-Host "Application ID"
$appA | Format-List ObjectType, DisplayName, Id, Type, ApplicationId
}
else
{
$spO = Get-AzADServicePrincipal -ObjectId $objectID
if ($spO)
{
$spO | Format-List ObjectType, DisplayName, Id, Type, ApplicationId
}
else
{
$spA = Get-AzADServicePrincipal -ApplicationId $objectID
if ($spA)
{
$spA | Format-List ObjectType, DisplayName, Id, Type, ApplicationId
}
else
{
Write-Warning "Object does not exist."
}
}
}
}
}
}
}
Also, the
if (-not $found) { Write-Warning "Not found." }
line does not seem to work. Any advice?
$found. I left some pointers for the code review of your question. But I think there is another forum for code review. Let me know, because I'd like to take some of the fluff out of the answer.