Taken directly from Dmitry's blog the details are as follows:
1. “Which tokens has which users assigned?”
foreach ($token in (Get-QADObject -IncludeAllProperties -Type "defender-tokenClass"))
{ Write-Output $token.Name $token."defender-tokenUsersDNs" }
foreach ($token in (Get-QADObject -IncludeAllProperties -Type "defender-tokenClass"))3. “Who can log in based on (direct) group membership allowed on the DAN (defender Access Node?”:
{
Write-Output $token.Name;
foreach ($user in $token."defender-TokenUsersDNs" | Where-Object{$token."defender-TokenUsersDNs".Count -gt 0})
{
Get-QADUser -Identity $user -IncludeAllProperties | Format-List samAccountName, "defender-violationCount",
"defender-resetCount", "defender-lockoutTime" ;
}
}
foreach ($dan in Get-QADObject -Type "defender-danClass" -IncludeAllProperties)I'm hoping that the simple yet effective examples Dmitry has provided for Defender will encourage others to embrace using PowerShell with Defender.
{
write-output "---";
Write-Output $dan.Name;
foreach ($ADGroup in Get-QADGroup -Identity $dan."defender-DANMembers")
{
Write-Host $ADGroup;
$ADGroup.Members | Get-QADUser | Format-List sAMAccountName;
}
}
Which brings me to my next question, when are the other two factor authentication players going to join the PowerShell party? ;)