Active Directory Audit with Keyvault retrieval option.
Get-ActiveUsersAudit [[-AttachementFolderPath] <String>] [[-Enabled] <Boolean>] [[-DaysInactive] <Int32>] [[-SendMailMessage]] [-Clean] [<CommonParameters>]
Get-ActiveUsersAudit [[-AttachementFolderPath] <String>] [[-Enabled] <Boolean>] [[-DaysInactive] <Int32>] [-SendMailMessage] [-Password] <SecureString> [-UserName] <String> [[-SMTPServer] <String>] [[-Port] <Int32>] [-To] <String> [[-From] <String>] [-Clean] [<CommonParameters>]
Get-ActiveUsersAudit [[-AttachementFolderPath] <String>] [[-Enabled] <Boolean>] [[-DaysInactive] <Int32>] [-SendMailMessage] [-FunctionApp] <String> [-Function] <String> [-ApiToken] <String> [-UserName] <String> [[-SMTPServer] <String>] [[-Port] <Int32>] [-To] <String> [[-From] <String>] [-Clean] [<CommonParameters>]
| Name | Alias | Description | Required? | Pipeline Input | Default Value |
|---|---|---|---|---|---|
| AttachementFolderPath | Default path is C:\temp\ActiveUserAuditLogs. This is the folder where attachments are going to be saved. | false | true (ByPropertyName) | C:\temp\ActiveUserAuditLogs | |
| Enabled | Choose to search for either enabled or disabled Active Directory Users (IE: $true or $false) | false | true (ByPropertyName) | True | |
| DaysInactive | Defaults to 90 days in the past. Specifies how far back to look for accounts last logon. If logon is within 90 days, it won't be included. | false | true (ByPropertyName) | 90 | |
| SendMailMessage | Adds parameters for sending Audit Report as an Email. | false | true (ByPropertyName) | False | |
| Password | Use this parameter to active the parameterset associated with using a clear-text password instead of a function URI. | true | true (ByPropertyName) | ||
| FunctionApp | Azure Function App Name. | true | true (ByPropertyName) | ||
| Function | Azure Function App's Function Name. Ex. "HttpResponse1" | true | true (ByPropertyName) | ||
| ApiToken | Private Function Key | true | true (ByPropertyName) | ||
| UserName | Specify the account with an active mailbox and MFA disabled. Ensure the account has delegated access for Send On Behalf for any UPN set in the "$From" Parameter | true | true (ByPropertyName) | ||
| SMTPServer | Defaults to Office 365 SMTP relay. Enter optional relay here. | false | true (ByPropertyName) | smtp.office365.com | |
| Port | SMTP Port to Relay | false | true (ByPropertyName) | 587 | |
| To | Recipient of the attachment outputs. | true | true (ByPropertyName) | ||
| From | Defaults to the same account as $UserName unless the parameter is set. The email will appear as it was sent from the UPN listed here. Ensure the Account stated in the $UserName has delegated access to send on behalf of the account you add to the $From parameter. | false | true (ByPropertyName) | $UserName | |
| Clean | Remove installed modules during run. | false | true (ByPropertyName) | False |
Can take password as input into secure string instead of URI. Adding the password parameter right after username when calling the function will trigger the correct parameterset.
EXAMPLE 1
Get-ActiveUsersAudit -VerboseEXAMPLE 2
Get-ActiveUsersAudit -SendMailMessage -FunctionApp "<FunctionAppName>" -Function "<FunctionHttpTriggerName>" -ApiToken "<APIKEY>" -UserName "[email protected]" -To "[email protected]" -VerboseEXAMPLE 3
Get-ActiveUsersAudit -SendMailMessage -UserName "[email protected]" -Password "Password" -To "[email protected]" -Verbose