针对所有伙伴租户的运行脚本

时间:2018-10-31 20:39:13

标签: powershell office365 exchange-server

我是我们公司客户的Microsoft合作伙伴中心365的管理员。我们需要在所有租户上运行以下脚本。由于租户会添加和删除用户,我们的任务是每月在所有用户上运行一次,以确保我们获得所有新用户。

#This script will enable non-owner mailbox access auditing on every mailbox in your tenancy
#First, let's get us a cred!
$userCredential = Get-Credential

#This gets us connected to an Exchange remote powershell service
$ExoSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $userCredential -Authentication Basic -AllowRedirection
Import-PSSession $ExoSession

#Enable global audit logging
Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox" -or RecipientTypeDetails -eq "SharedMailbox" -or RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "DiscoveryMailbox"} | Set-Mailbox -AuditEnabled $true -AuditLogAgeLimit 180 -AuditAdmin Update, MoveToDeletedItems, SoftDelete, HardDelete, SendAs, SendOnBehalf, Create, UpdateFolderPermission -AuditDelegate Update, SoftDelete, HardDelete, SendAs, Create, UpdateFolderPermissions, MoveToDeletedItems, SendOnBehalf -AuditOwner UpdateFolderPermission, MailboxLogin, Create, SoftDelete, HardDelete, Update, MoveToDeletedItems 

#Double-Check It!
Get-Mailbox -ResultSize Unlimited | Select Name, AuditEnabled, AuditLogAgeLimit | Out-Gridview

我通过获取所有客户的管理员用户名和密码来手动运行此脚本,这非常耗时。

有没有一种方法可以为我们所有的租户运行此脚本,而不必从合作伙伴中心的Powershell或其他解决方案中以每个人的身份手动登录?

1 个答案:

答案 0 :(得分:0)

因此,根据我的评论,您正在寻找从Thycotic Server获得密码并将其传递到脚本的功能。

不久前,我为此编写了一个函数。它具有-WebService-Credential-SearchTerm

的必填字段 
function Get-Secret{
    Param (
        [Parameter(Mandatory=$False)]
        [string] $WebService,
        [Parameter(Mandatory=$True)]
        [pscredential] $Credential,
        [string] $Organization = $Null,
        [Parameter(Mandatory=$True)]
        [string] $SearchTerm = $Null,
        [Parameter(ParameterSetName='Only',Mandatory=$false)]
        [switch] $CountOnly,
        [Parameter(ParameterSetName='Only',Mandatory=$false)]
        [switch] $SummeryOnly,
        [switch] $Raw
    )

    $Service = New-WebServiceProxy -uri $WebService -UseDefaultCredential
    $LoginResult = $Service.Authenticate($($Credential.GetNetworkCredential().Username), $($Credential.GetNetworkCredential().Password), $Organization, $($Credential.GetNetworkCredential().Domain))
    if($LoginResult.errors){
        throw $LoginResult.errors
        return
    }

    $Secret_IDs = $Service.SearchSecrets($LoginResult.token, $searchTerm, $true, $true)
    if($Secret_IDs.errors){
        throw $Secret_IDs.errors
        return
    }

    if($CountOnly){
        return $Secret_IDs.SecretSummaries.count
    }
    if($SummeryOnly){
        return $Secret_IDs.SecretSummaries
    }

    $Response = @()
    foreach($Secret_ID in $Secret_IDs.SecretSummaries){
        $Secret = $Service.GetSecret($LoginResult.token, $Secret_ID.SecretID, $false, $null).secret
        $Response += $Secret
    }

    if($Raw){
        return $Response
    }else{
        return $Response | Foreach-object{
            Write-Output "$($_.Name)"
            Foreach($item in $_.Items){
                Write-Output "$($item.FieldDisplayName) : $($item.Value)"
            }
            Write-Output "`r`n"
        }
    }
}

具有最基本的用法

Get-Secret -WebService "PlaceWebServiceAddressHere" -Credential $(get-Credential)  -SearchTerm "SearchString"

该Web服务是Soap服务,将取决于您登录Thycotic的方式。 类似于https://{YourBaseThycoticAddress}/webservices/sswebservice.asmx

使用-raw参数,您可以获取Thycotic返回的直接对象

Get-Secret -WebService "PlaceWebServiceAddressHere" -Credential $(get-Credential)  -SearchTerm "SearchString" -raw

该对象可以缩小到您要查找的任何字段(在本例中为用户名)

Get-Secret -WebService "PlaceWebServiceAddressHere" -Credential $ThycoticCredentials  -SearchTerm $_ -Raw | select -ExpandProperty Items | ?{$_.fieldname -like 'username'}

甚至获得价值

Get-Secret -WebService "PlaceWebServiceAddressHere" -Credential $ThycoticCredentials  -SearchTerm $_ -Raw | select -ExpandProperty Items | ?{$_.fieldname -like 'username'} | Select -expandProperty Value

所以您的最终脚本应该看起来像

function Get-Secret{
    Param (
        [Parameter(Mandatory=$False)]
        [string] $WebService,
        [Parameter(Mandatory=$True)]
        [pscredential] $Credential,
        [string] $Organization = $Null,
        [Parameter(Mandatory=$True)]
        [string] $SearchTerm = $Null,
        [Parameter(ParameterSetName='Only',Mandatory=$false)]
        [switch] $CountOnly,
        [Parameter(ParameterSetName='Only',Mandatory=$false)]
        [switch] $SummeryOnly,
        [switch] $Raw
    )

    $Service = New-WebServiceProxy -uri $WebService -UseDefaultCredential
    $LoginResult = $Service.Authenticate($($Credential.GetNetworkCredential().Username), $($Credential.GetNetworkCredential().Password), $Organization, $($Credential.GetNetworkCredential().Domain))
    if($LoginResult.errors){
        throw $LoginResult.errors
        return
    }

    $Secret_IDs = $Service.SearchSecrets($LoginResult.token, $searchTerm, $true, $true)
    if($Secret_IDs.errors){
        throw $Secret_IDs.errors
        return
    }

    if($CountOnly){
        return $Secret_IDs.SecretSummaries.count
    }
    if($SummeryOnly){
        return $Secret_IDs.SecretSummaries
    }

    $Response = @()
    foreach($Secret_ID in $Secret_IDs.SecretSummaries){
        $Secret = $Service.GetSecret($LoginResult.token, $Secret_ID.SecretID, $false, $null).secret
        $Response += $Secret
    }

    if($Raw){
        return $Response
    }else{
        return $Response | Foreach-object{
            Write-Output "$($_.Name)"
            Foreach($item in $_.Items){
                Write-Output "$($item.FieldDisplayName) : $($item.Value)"
            }
            Write-Output "`r`n"
        }
    }
}


$SearchTerms = @("CompanyOne","CompanyTwo")
$ThycoticCredentials = Get-Credentials

$SearchTerms | %{
    Get-Secret -WebService "PlaceWebServiceAddressHere" -Credential $ThycoticCredentials  -SearchTerm $_ -Raw | select -ExpandProperty Items
    $Username = $Obj | ?{$_.fieldname -like 'username'} | select -ExpandProperty value
    $Password = $Obj | ?{$_.fieldname -like 'password'} | select -ExpandProperty value
    $UserCredential = New-Object pscredential($Username,$Password)

    $ExoSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $userCredential -Authentication Basic -AllowRedirection
    Import-PSSession $ExoSession

    #Enable global audit logging
    Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox" -or RecipientTypeDetails -eq "SharedMailbox" -or RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "DiscoveryMailbox"} | Set-Mailbox -AuditEnabled $true -AuditLogAgeLimit 180 -AuditAdmin Update, MoveToDeletedItems, SoftDelete, HardDelete, SendAs, SendOnBehalf, Create, UpdateFolderPermission -AuditDelegate Update, SoftDelete, HardDelete, SendAs, Create, UpdateFolderPermissions, MoveToDeletedItems, SendOnBehalf -AuditOwner UpdateFolderPermission, MailboxLogin, Create, SoftDelete, HardDelete, Update, MoveToDeletedItems 

    #Double-Check It!
    Get-Mailbox -ResultSize Unlimited | Select Name, AuditEnabled, AuditLogAgeLimit | Out-Gridview
}

这是假设您输入正确的搜索词将其范围缩小到一个用户。并且Thycotic中的字段是用户名和密码

相关问题
最新问题