watahani · January 14, 2020 00:17
diff --git a/get-all-oauth-scopes.ps1 b/get-all-oauth-scopes.ps1
 # Get all OAuth scopes

 try {
 $allAuth2PermissionsGrants = Get-AzureADOAuth2PermissionGrant -All $true

 $allServicePrincipals = Get-AzureADServicePrincipal -All $true

 $allUsers = Get-AzureADUser -All $true

 $servicePrincipalScope  = New-Object System.Collections.ArrayList

 # Get Service Principal Name
 foreach ($permissions in $allAuth2PermissionsGrants) {
    $sp = $allServicePrincipals | Where-Object { $_.ObjectId -eq $permissions.clientId }
    $resource = $allServicePrincipals | Where-Object { $_.ObjectId -eq $permissions.ResourceId }
    $upn = $null
    if ($permissions.PrincipalId){
        $upn = $($allUsers | Where-Object { $_.ObjectId -eq $permissions.PrincipalId}).UserPrincipalName
    }
    $scopeResult = New-Object -TypeName PSObject -Property @{
        'DisplayName' = $sp.DisplayName
        'ObjectId' = $sp.ObjectId
        'AppId' = $sp.AppId
        'AppOwnerTenantId' = $sp.AppOwnerTenantId
        'PublisherName' = $sp.PublisherName
        'ResourceId' = $permissions.ResourceId
        'ResourceDisplayName' = $resource.DisplayName
        'ConsentType' = $permissions.ConsentType
        'PrincipalId' = $permissions.PrincipalId
        'Upn' = $upn
        'scope' = $permissions.scope
    }
    $servicePrincipalScope.add($scopeResult) | Out-Null
 }

 # Output csv
 $servicePrincipalScope |  Select-Object DisplayName, ObjectId, AppId, AppOwnerTenantId, PublisherName, ConsentType, Upn, PrincipalId, ResourceDisplayName, ResourceId, scope | ConvertTo-Csv | Out-File -Encoding utf8 -PSPath "servicePrincipalScope.csv"
 }
 catch {
    $ErrorMessage = $_.Exception.Message
    Write-Error "Get Tenant Details failed. Please Check You have permissions or signed in.\n\r $ErrorMessage"
 }
	# Get all OAuth scopes

	try {
	$allAuth2PermissionsGrants = Get-AzureADOAuth2PermissionGrant -All $true

	$allServicePrincipals = Get-AzureADServicePrincipal -All $true

	$allUsers = Get-AzureADUser -All $true

	$servicePrincipalScope = New-Object System.Collections.ArrayList

	# Get Service Principal Name
	foreach ($permissions in $allAuth2PermissionsGrants) {
	$sp = $allServicePrincipals \| Where-Object { $_.ObjectId -eq $permissions.clientId }
	$resource = $allServicePrincipals \| Where-Object { $_.ObjectId -eq $permissions.ResourceId }
	$upn = $null
	if ($permissions.PrincipalId){
	$upn = $($allUsers \| Where-Object { $_.ObjectId -eq $permissions.PrincipalId}).UserPrincipalName
	}
	$scopeResult = New-Object -TypeName PSObject -Property @{
	'DisplayName' = $sp.DisplayName
	'ObjectId' = $sp.ObjectId
	'AppId' = $sp.AppId
	'AppOwnerTenantId' = $sp.AppOwnerTenantId
	'PublisherName' = $sp.PublisherName
	'ResourceId' = $permissions.ResourceId
	'ResourceDisplayName' = $resource.DisplayName
	'ConsentType' = $permissions.ConsentType
	'PrincipalId' = $permissions.PrincipalId
	'Upn' = $upn
	'scope' = $permissions.scope
	}
	$servicePrincipalScope.add($scopeResult) \| Out-Null
	}

	# Output csv
	$servicePrincipalScope \| Select-Object DisplayName, ObjectId, AppId, AppOwnerTenantId, PublisherName, ConsentType, Upn, PrincipalId, ResourceDisplayName, ResourceId, scope \| ConvertTo-Csv \| Out-File -Encoding utf8 -PSPath "servicePrincipalScope.csv"
	}
	catch {
	$ErrorMessage = $_.Exception.Message
	Write-Error "Get Tenant Details failed. Please Check You have permissions or signed in.\n\r $ErrorMessage"
	}