Powershell : Cross reference IDs / UPNs with Azure Active Directory

Recently I needed to check that Moodle was suspending the correct users when allowing full control over accounts to the brilliant bit of Microsoft code plugins suite Office365 integration

As of the October 2021 release it still does odd things when running for the first time with the following setting switched on, if you use Transitive / Nested AD security group to control the access

So I wrote this piece of Powershell script to check each of the returned suspended IDs with whether those were still active in AAD or not.

#Connect-AzureAD
#Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
#C:\ad-test\aad-crossreference.ps1 | Out-File C:\AD-Test\results.txt -width 132

$list = import-csv "c:\AD-Test\Moodle-Azure-AD-sync-run-231221.csv"

$i = 0
foreach($item in $list){

try
	{
	Get-AzureADUser -ObjectId $item.upn | select userprincipalname,accountenabled
	$i++
	} catch

		{
		#Write-Host $_.Exception.Message
		Write-Host -ForegroundColor Yellow $item.upn "not found"
		}
}

Write-Host "Found $i accounts"

The top 3 lines are commented out, they are just should you need them then run them separately at the powershell command prompt. The top two are required to use the script and the 3rd is the line I use to run the script itself, which is saved as aad-crossreference.ps1 and it outputs the result to a file ‘results.txt’.

In the file to check, make sure it starts with a column name of ‘upn’, like so

Hope this helps you out if you ever need to do something similar.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s