ForensiT · kDylanHayes · Oct 7, 2023 · Oct 7, 2023 · Oct 13, 2023
diff --git a/Save-AzureADUser.ps1 b/Save-AzureADUser.ps1
@@ -1,90 +1,58 @@
-
-# Check that AzureAD is installed
-if (-Not (Get-Module -ListAvailable -Name AzureAD)) {
-
-    $install = Read-Host 'The AzureAD PowerShell module is not installed. Do you want to install it now? (Y/n)'
-
-    if($install -eq '' -Or $install -eq 'Y' -Or $install -eq 'Yes'){
-        If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
-        {
-            Write-Warning "Administrator permissions are needed to install the AzureAD PowerShell module.`nPlease re-run this script as an Administrator."
+# Check that the needed Microsoft Graph Modules are installed and install only if needed
+$Modules = "Microsoft.Graph.Authentication", "Microsoft.Graph.Identity.DirectoryManagement", "Microsoft.Graph.Users"
+$CurrentModules = Get-Module -ListAvailable -Name $Modules
+$ToInstall = Compare-Object -ReferenceObject @($CurrentModules | Select-Object) -DifferenceObject $Modules
+if ($ToInstall) {
+    $Install = Read-Host 'The Microsoft Graph PowerShell module is not installed. Do you want to install it now? (Y/n)'
+    if ($Install -eq '' -Or $Install -eq 'Y' -Or $Install -eq 'Yes') {
+        If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
+            Write-Warning "Administrator permissions are needed to install the Microsoft Graph PowerShell module.`nPlease re-run this script as an Administrator."
             Exit
         }
-
-        write-host "Installing"
-        Install-Module -Name AzureAD
+        Write-Host "Installing: $($ToInstall.InputObject)"
+        Install-Module $ToInstall.InputObject
     }
     else {
-        exit
+        Exit
     }
 }
-
-# Create a temporary file to hold the unformatted results of our Get-AzureADUser query
-$TempFile = New-TemporaryFile
-
-#Go ahead and attempt to get the Azure AD user IDs, but catch the error if there is no existing connection to Azure AD
-Try
-{
-    Get-AzureADUser -All:$true | Export-Csv -Path $TempFile -NoTypeInformation -encoding Utf8
-}
-Catch [Microsoft.Open.Azure.AD.CommonLibrary.AadNeedAuthenticationException]
-{
-    #Connect to Azure AD. This will show a prompt.
-    Connect-AzureAD | Out-Null
-
-    #Try again
-    Get-AzureADUser -All:$true | Export-Csv -Path $TempFile -NoTypeInformation -encoding Utf8
-}
-
-
-# Get the tennant details
-$Tenant = Get-AzureADTenantDetail
-
-# Get the unformatted data from the temporary file
-$azureADUsers = import-csv $TempFile
+#Connect to Microsoft Graph and get all users
+Connect-MgGraph -Scopes Directory.Read.All -NoWelcome
+$EntraUsers = Get-MgUser -All
 
 # Create the XML file
-$xmlsettings = New-Object System.Xml.XmlWriterSettings
-$xmlsettings.Indent = $true
-$xmlsettings.IndentChars = "    "
-
-$XmlWriter = [System.XML.XmlWriter]::Create("$((Get-Location).Path)\ForensiTAzureID.xml", $xmlsettings)
+$XMLSettings = New-Object System.Xml.XmlWriterSettings
+$XMLSettings.Indent = $true
+$XMLSettings.IndentChars = "    "
+$XMLWriter = [System.XML.XmlWriter]::Create("$((Get-Location).Path)\ForensiTAzureID.xml", $XMLSettings)
 
 # Write the XML Declaration and set the XSL
-$xmlWriter.WriteStartDocument()
-$xmlWriter.WriteProcessingInstruction("xml-stylesheet", "type='text/xsl' href='style.xsl'")
+$XMLWriter.WriteStartDocument()
+$XMLWriter.WriteProcessingInstruction("xml-stylesheet", "type='text/xsl' href='style.xsl'")
 
 # Start the Root Element 
-$xmlWriter.WriteStartElement("ForensiTAzureID")
-
-# Write the Azure AD domain details as attributes
-$xmlWriter.WriteAttributeString("ObjectId", $($Tenant.ObjectId))
-$xmlWriter.WriteAttributeString("Name", $($Tenant.VerifiedDomains.Name));
-$xmlWriter.WriteAttributeString("DisplayName", $($Tenant.DisplayName));
+$XMLWriter.WriteStartElement("ForensiTAzureID")
 
+# Write the Entra ID domain details as attributes
+$Context = Get-MgContext
+$XMLWriter.WriteAttributeString("ObjectId", $Context.TenantId)
+$XMLWriter.WriteAttributeString("Name", (Get-MgDomain).Id);
+$TenantName = (Invoke-RestMethod -UseBasicParsing -Uri ("https://login.microsoftonline.com/GetUserRealm.srf?login=$($Context.Account)")).FederationBrandName
+$XMLWriter.WriteAttributeString("DisplayName", $TenantName);
 
 #Parse the data
-ForEach ($azureADUser in $azureADUsers){
+ForEach ($EntraUser in $EntraUsers) {
 
-    $xmlWriter.WriteStartElement("User")
-
-        $xmlWriter.WriteElementString("UserPrincipalName",$($azureADUser.UserPrincipalName))
-        $xmlWriter.WriteElementString("ObjectId",$($azureADUser.ObjectId))
-        $xmlWriter.WriteElementString("DisplayName",$($azureADUser.DisplayName))
-
-    $xmlWriter.WriteEndElement()
-    }
-
-$xmlWriter.WriteEndElement()
+    $XMLWriter.WriteStartElement("User")
+    $XMLWriter.WriteElementString("UserPrincipalName", $($EntraUser.UserPrincipalName))
+    $XMLWriter.WriteElementString("ObjectId", $($EntraUser.Id))
+    $XMLWriter.WriteElementString("DisplayName", $($EntraUser.DisplayName))
+    $XMLWriter.WriteEndElement()
+}
 
+$XMLWriter.WriteEndElement()
 # Close the XML Document
-$xmlWriter.WriteEndDocument()
-$xmlWriter.Flush()
-$xmlWriter.Close()
-
-
-# Clean up
-Remove-Item $TempFile
-
-write-host "Azure user ID file created: $((Get-Location).Path)\ForensiTAzureID.xml"
-
+$XMLWriter.WriteEndDocument()
+$XMLWriter.Flush()
+$XMLWriter.Close()
+write-host "Entra ID user file created: $((Get-Location).Path)\ForensiTAzureID.xml"