我想导出带有过期机密和证书的应用程序注册,并在 30 天内过期时在团队中发送警报,我可以在此处获取带有脚本的应用程序列表
正如 @Peter Bons 提到的,您的 PowerShell 脚本已经具有 输入参数,要求用户输入机密过期前的天数。
当我从此 MS Doc 运行相同的脚本时,它提示我输入天数并在 30 天之前成功导出包含过期机密和证书的 csv 文件,如下所示:
apps.csv:
您还可以使用下面的modified脚本添加额外的列,指定机密和证书到期的剩余天数:
Connect-MgGraph -Scopes 'Application.Read.All'
$DaysUntilExpiration = 30
$Now = Get-Date
$Logs = @()
Write-Host "Retrieving all applications... This may take a while." -ForegroundColor Yellow
$Applications = Get-MgApplication -all
foreach ($App in $Applications) {
$AppName = $App.DisplayName
$AppID = $App.Id
$ApplID = $App.AppId
$AppCreds = Get-MgApplication -ApplicationId $AppID | Select-Object PasswordCredentials, KeyCredentials
$Secrets = $AppCreds.PasswordCredentials
$Certs = $AppCreds.KeyCredentials
foreach ($Secret in $Secrets) {
$StartDate = $Secret.StartDateTime
$EndDate = $Secret.EndDateTime
$SecretName = $Secret.DisplayName
$RemainingDaysCount = ($EndDate - $Now).Days
if ($RemainingDaysCount -lt 30 -and $RemainingDaysCount -ge 0) {
$Owner = Get-MgApplicationOwner -ApplicationId $App.Id
$Username = $Owner.AdditionalProperties.userPrincipalName -join ';'
$OwnerID = $Owner.Id -join ';'
if ($null -eq $Owner.AdditionalProperties.userPrincipalName) {
$Username = $Owner.AdditionalProperties.displayName + ' **<This is an Application>**'
}
if ($null -eq $Owner.AdditionalProperties.displayName) {
$Username = '<<No Owner>>'
}
$Logs += [PSCustomObject]@{
'ApplicationName' = $AppName
'ApplicationID' = $ApplID
'Secret Name' = $SecretName
'Secret Start Date' = $StartDate
'Secret End Date' = $EndDate
'ExpiresInDays' = $RemainingDaysCount
'Certificate Name' = $Null
'Certificate Start Date' = $Null
'Certificate End Date' = $Null
'Owner' = $Username
'Owner_ObjectID' = $OwnerID
}
}
}
foreach ($Cert in $Certs) {
$StartDate = $Cert.StartDateTime
$EndDate = $Cert.EndDateTime
$CertName = $Cert.DisplayName
$RemainingDaysCount = ($EndDate - $Now).Days
if ($RemainingDaysCount -lt 30 -and $RemainingDaysCount -ge 0) {
$Owner = Get-MgApplicationOwner -ApplicationId $App.Id
$Username = $Owner.AdditionalProperties.userPrincipalName -join ';'
$OwnerID = $Owner.Id -join ';'
if ($null -eq $Owner.AdditionalProperties.userPrincipalName) {
$Username = $Owner.AdditionalProperties.displayName + ' **<This is an Application>**'
}
if ($null -eq $Owner.AdditionalProperties.displayName) {
$Username = '<<No Owner>>'
}
$Logs += [PSCustomObject]@{
'ApplicationName' = $AppName
'ApplicationID' = $ApplID
'Secret Name' = $Null
'Certificate Name' = $CertName
'Certificate Start Date' = $StartDate
'Certificate End Date' = $EndDate
'ExpiresInDays' = $RemainingDaysCount
'Owner' = $Username
'Owner_ObjectID' = $OwnerID
}
}
}
}
$Path = "C:\test\ExpiringAppSecretsCertificates.csv"
$Logs | Export-Csv $Path -NoTypeInformation -Encoding UTF8
Write-Host "Export completed successfully. File saved at: $Path" -ForegroundColor Green
回复:
即将到期的AppSecretsCertificates.csv: