使用 RBAC 导出所有订阅但专注于 AAD 组和解决用户成员身份的最佳方式是什么?我似乎迷失在 if 语句中。
Get-AzSubscription |
foreach-object {
Write-Verbose -Message "Changing to Subscription $($_.Name)" -Verbose
Set-AzContext -TenantId $_.TenantId -SubscriptionId $_.Id -Force
$Name = $_.Name
$TenantId = $_.TenantId
$SubId = $_.SubscriptionId
Get-AzRoleAssignment -IncludeClassicAdministrators | Select-Object RoleDefinitionName,DisplayName,SignInName,ObjectType,Scope,
@{name="TenantId";expression = {$TenantId}},@{name="SubscriptionName";expression = {$Name}},@{name="SubscriptionId";expression = {$SubId}
}
if(Get-AzRoleAssignment.ObjectType -eq "Group")
{
Get-AzADGroup -ObjectId.Id | Select-Object DisplayName,SignInName,ObjectType,Scope | foreach-object { Get-AzADUser | Select-Object UserPrincipalName,ObjectType,Id
}
}
else { continue }
}
-OutVariable ra
$ra | Export-Csv -Path .\Export-SubAzRolesGroups-$Name.csv -NoTypeInformation
}