我已经编写了一个PowerShell脚本,它将生成一个报告,其中包含分配给Azure中的用户的所有组。最后一部分是一个按组的报告,其中包含每个订阅中的所有组以及分配给这些组的用户总数。我遇到的问题是订阅ID,我想用订阅名称替换ID,并在其中创建了一个自定义对象。如果我可以将订阅名称而不是ID附加到它,这将允许我使用group-object
,这意味着获取订阅名称的工作只需要完成一次。对于报表的用户来说,获取订阅名称要容易得多,因为这更容易作为报表的一部分阅读,而且group-object
。
我都做了些什么?
根据我的研究,哈希表是一种可行的方法。我实际上需要的是一个查找表或一个函数,如果我提供订阅ID,它将返回订阅名称。然后在生成csv的第一个报表中使用它,也可以在group-object部分使用它。
我已经尝试了这里的散列,但不确定其实现
$subscription_hash = @{}
$subscription_hash = Get-Azsubscription | Select-Object Id, Name
字符串
完整的代码可以在下面找到。
# Set the output CSV file path
$outputFilePath = "C:\output\Report.csv"
# Create an empty array to store the results
$all_results = @()
# Function to retrieve role assignments for a subscription
function Get-RoleAssignmentsForSubscription {
param (
[string]$subscriptionId
)
try {
$all_results2 = @()
$roleAssignments = Get-AzRoleAssignment -Scope "/subscriptions/$subscriptionId"
foreach ($assignment in $roleAssignments) {
if ($null -ne $assignment.DisplayName -or $null -ne $assignment.SignInName ){
$result_object = New-Object PSObject
Add-Member -inputObject $result_object -memberType NoteProperty -name "Subscription" -value $subscriptionId
Add-Member -inputObject $result_object -memberType NoteProperty -name "Subscription_Name" -value "Unknown"
Add-Member -inputObject $result_object -memberType NoteProperty -name "Display Name" -value $assignment.DisplayName
Add-Member -inputObject $result_object -memberType NoteProperty -name "SignIn Name" -value $assignment.SignInName
Add-Member -inputObject $result_object -memberType NoteProperty -name "Object Type" -value $assignment.ObjectType
Add-Member -inputObject $result_object -memberType NoteProperty -name "Object ID" -value $assignment.ObjectId
Add-Member -inputObject $result_object -memberType NoteProperty -name "assignment" -value $assignment.RoleDefinitionName
Add-Member -inputObject $result_object -memberType NoteProperty -name "RoleDefinition ID" -value $assignment.RoleDefinitionId
Add-Member -inputObject $result_object -memberType NoteProperty -name "Scope" -value $assignment.Scope
Add-Member -inputObject $result_object -memberType NoteProperty -name "Description" -value $assignment.Description
Add-Member -inputObject $result_object -memberType NoteProperty -name "CanDelegate" -value $assignment.CanDelegate
}
$all_results2 += $result_object
}
Write-Output $all_results2
return $all_results2
}
catch {
Write-Host "Error retrieving role assignments for subscription $subscriptionId -Error detail $_"
}
}
# Get all subscriptions in the Azure account
$subscriptions = Get-AzSubscription
# Loop through each subscription
foreach ($subscription in $subscriptions) {
$subscriptionId = $subscription.Id
$all_results_get_assignment = Get-RoleAssignmentsForSubscription -subscriptionId $subscriptionId
$all_results += $all_results_get_assignment
}
# Export the results to a CSV file
Write-Host "Script execution completed. Results exported to $outputFilePath."
# $all_results | Export-Csv -Path $outputFilePath -NoTypeInformation
$subscription_hash = @{}
$subscription_hash = Get-Azsubscription | Select-Object Id, Name
#breakdown using subscription ID
$all_results | Group-Object -Property assignment, subscription | Select-Object subscription,Name, Count | sort Count -Descending
$all_results | Group-Object -Property assignment, subscription | Select-Object $subscription_hash[subscription],Name, Count | sort Count -Descending
型
1条答案
按热度按时间ljsrvy3e1#
你要做的是 join
Get-AzSubscription
输出的对象和Get-AzRoleAssignment
输出的每个对象,所有的代码都可以简化为:字符串
Get-RoleAssignmentsForSubscription
是低效的,不需要,它只会让事情变得更难。