-
-
Save svarukala/64ade1ca6f73a9d18236582e8770d1d4 to your computer and use it in GitHub Desktop.
| # Requires Azure AD PowerShell Module | |
| #Prompts user to login using Azure Credentials | |
| Connect-AzureAD | |
| $results = @() | |
| Get-AzureADApplication -All $true | %{ | |
| $app = $_ | |
| $owner = Get-AzureADApplicationOwner -ObjectId $_.ObjectID -Top 1 | |
| $app.PasswordCredentials | | |
| %{ | |
| $results += [PSCustomObject] @{ | |
| CredentialType = "PasswordCredentials" | |
| DisplayName = $app.DisplayName; | |
| ExpiryDate = $_.EndDate; | |
| StartDate = $_.StartDate; | |
| KeyID = $_.KeyId; | |
| Type = 'NA'; | |
| Usage = 'NA'; | |
| Owners = $owner.UserPrincipalName; | |
| } | |
| } | |
| $app.KeyCredentials | | |
| %{ | |
| $results += [PSCustomObject] @{ | |
| CredentialType = "KeyCredentials" | |
| DisplayName = $app.DisplayName; | |
| ExpiryDate = $_.EndDate; | |
| StartDate = $_.StartDate; | |
| KeyID = $_.KeyId; | |
| Type = $_.Type; | |
| Usage = $_.Usage; | |
| Owners = $owner.UserPrincipalName; | |
| } | |
| } | |
| } | |
| $results | FT -AutoSize | |
| # Optionally export to a CSV file | |
| #$results | Export-Csv -Path "AppsInventory.csv" -NoTypeInformation |
In your script I am seeing ($).keycredentials.enddate instead of $_.keycredentials.enddate. The underscore is missing. Could that be the issue?
@Divyesh85. How abt using the script I provided above as is? Is it working in that case?
Since Azure AD PowerShell is being deprecated in favor of Microsoft Graph PowerShell SDK, I created a new MS Graph script that is equivalent to this script. You can find it here:
https://pnp.github.io/script-samples/aad-apps-expired-keys/README.html?tabs=graphps
//az ad sp list --all
az ad sp list --all --query "[?passwordCredentials[0].endDate<='$(date -d "+60 days" +%Y-%m-%d)'||keyCredentials[0].endDate<='$(date -d "+300 days" +%Y-%m-%d)'].{SP_AppId:appId,PwdExpiryDate:passwordCredentials[0].endDate, Key_Expiry_Date:keyCredentials[0].endDate,Display_Name:displayName,Account_Type: objectType}" -o table
Another option that leverages the newer Az.Resources module is available here:
https://gist.github.com/GuyPaddock/c3e0fbb1e3724822c77e35a83160af52
Hi @svarukala i was trying to run this script( only part of the code) and it seems the keycredentials are not getting any value
`# Check service principal expiry dates.
Get-AzureADApplication -All $:true | ForEach-Object {
$name = $ .displayname
$KeyCredExpiry = ($ ).keycredentials.enddate
$BodyTemplate = @"
{
"channel": "$CHANNELNAME",
"username": "SPN is expired",
"text": "$name is Expired $PassCredExpiry.",
"icon_emoji":":crossed_flags:"
}
"@
$BodyTemplate2 = @"
{
"channel": "$CHANNELNAME",
"username": "SPN is Almost expired",
"text": "$name Almost Expired $PassCredExpiry.",
"icon_emoji":":crossed_flags:"
}
"@
$AppID = $.AppId
$PassCredExpiry = ($).passwordcredentials.enddate
write-output "Today Date $todaysdate"
write-output "Future Date $futureCHeck"
write-output "Checkign KeyCredExpiry date $KeyCredExpiry and PassCredExpiry $PassCredExpiry"
If($KeyCredExpiry -ne $null)
{
write-output "checking $name"
If ($todaysdate -gt $KeyCredExpiry )
{
write-output "$name has expired at $KeyCredExpiry"
Invoke-RestMethod -uri $SlackChannelUri -Method Post -body $BodyTemplate -ContentType 'application/json'
$json3+= @([PSCustomObject]@{
AppDisplayName = $name;
AppID = $AppID;
CertificateExpireyDate = $KeyCredExpiry;
PasswordExpireyDate = $PassCredExpiry;
Reason = "Expired"
})
} `
when i run this piece i print the values as well with write-output, as you can see but it seems i am not getting any value for this " $KeyCredExpiry = ($_).keycredentials.enddate" any idea why?