Help - Azure AD Clean Up Convert to Microsoft Graph

tus · March 28, 2023, 8:32pm

Hello,

I am currently attempting to update an older script to Microsoft.Graph (MG cmdlets), but struggling as I am not great at writing PS scripts. The original script (GitHub - mzmaili/AzureADDeviceCleanup: AzureADDeviceCleanup PowerShell script helps to manage the stale devices in Azure AD in an efficient way by giving different options to deal with stale devices in Azure AD.) used MSOL cmdlets, and then was forked/updated to AzureAD cmdlets (GitHub - Sumanjit092/AzureADDeviceCleanup: AzureADDeviceCleanup PowerShell script helps to manage the stale devices in Azure AD in an efficient way by giving different options to deal with stale devices in Azure AD.). I am unable to find anyone that has already updated this script despite the old cmdlets being deprecated tin a few days according to Microsoft.

If anyone can help me figure out how to update it, I would greatly appreciate it. Plus, I’m sure others in the community will find it useful.

I am currently running “Import-Module Microsoft.Graph”, which then loads the full module which breaks the Excel module:

Export-Excel : The ‘Export-Excel’ command was found in the module ‘ImportExcel’, but the module could not be loaded. For more information,
run ‘Import-Module ImportExcel’

I can’t figure out which part of the graph moduel I need despite looking at the Graph Explorer page.

Thank you

neemobeer · March 28, 2023, 8:36pm

If you have specific questions we can help with those, but we do not update scripts for people.

tus · March 28, 2023, 10:37pm

I think the part that is getting messed up in the conversion is from placing Get_MgDevice in this section here:

$Global:LastLogon = datetime.AddDays(- $ThresholdDays)

$Date=(“{0:s}” -f (get-date)).Split(“T”)[0] -replace “-”, “”
$Time=(“{0:s}” -f (get-date)).Split(“T”)[1] -replace “:”, “”

$LastLogin = (“{0:s}” -f ($LastLogon)).Split(“T”)[0] -replace “-”, “”

$WorkSheetName = “AADDevicesOlderthan-” + $LastLogin

if ($Verify){
Write-Host “Verifing stale devices older than”$Global:LastLogon -ForegroundColor Yellow
$FileReport = “AzureADDevicesList_” + $Date + $Time + “.xlsx”
$DeviceReport = Get-MgDevice -All:$true | Where {($.ApproximateLastLogonTimeStamp -le $Global:LastLogon) -and ($.ApproximateLastLogonTimeStamp -ne $Null)} | Select-Object -Property DisplayName, AccountEnabled, ObjectId, DeviceOSType, DeviceOSVersion, DeviceTrustType, ApproximateLastLogonTimestamp
$DeviceReport | Export-Excel -workSheetName $WorkSheetName -path $FileReport -ClearSheet -TableName “AADDevicesTable” -AutoSize
$Global:AffectedDevices = $DeviceReport.Count
Write-Host “Verification Completed.” -ForegroundColor Green -BackgroundColor Black
}elseif ($VerifyDisabledDevices){
Write-Host “Verifing stale disabled devices older than”$Global:LastLogon -ForegroundColor Yellow
$FileReport = “DisabledDevices_” + $Date + $Time + “.xlsx”
$DeviceReport = Get-MgDevice -All:$true | Where {($.ApproximateLastLogonTimeStamp -le $Global:LastLogon) -and ($.ApproximateLastLogonTimeStamp -ne $Null) -and ($.AccountEnabled -eq $false)} | Select-Object -Property DisplayName, AccountEnabled, ObjectId, DeviceOSType, DeviceOSVersion, DeviceTrustType, ApproximateLastLogonTimestamp
$DeviceReport | Export-Excel -workSheetName $WorkSheetName -path $FileReport -ClearSheet -TableName “AADDevicesTable” -AutoSize
$Global:AffectedDevices = $DeviceReport.Count
Write-Host “Task Completed Successfully.” -ForegroundColor Green -BackgroundColor Black
}elseif ($DisableDevices){
Write-Host “Disabling stale devices older than”$Global:LastLogon -ForegroundColor Yellow
$FileReport = "DisabledDevices" + $Date + $Time + “.xlsx”
$DeviceReport = Get-MgDevice -All:$true | Where {($.ApproximateLastLogonTimeStamp -le $Global:LastLogon) -and ($.ApproximateLastLogonTimeStamp -ne $Null) -and ($.AccountEnabled -eq $true)} | Select-Object -Property DisplayName, AccountEnabled, ObjectId, DeviceOSType, DeviceOSVersion, DeviceTrustType, ApproximateLastLogonTimestamp
foreach ($Device in $DeviceReport) {
Update-MgDevice -ObjectId $Device.ObjectId -AccountEnabled $false
}
$DeviceReport | Export-Excel -workSheetName $WorkSheetName -path $FileReport -ClearSheet -TableName “AADDevicesTable” -AutoSize
$Global:AffectedDevices = $DeviceReport.Count
Write-Host “Task Completed Successfully.” -ForegroundColor Green -BackgroundColor Black
}elseif ($CleanDisabledDevices){
Write-Host “Cleaning STALE DISABLED devices older than”$Global:LastLogon -ForegroundColor Yellow
$FileReport = "CleanedDevices" + $Date + $Time + “.xlsx”
$DeviceReport = Get-MgDevice -All:$true | Where {($.ApproximateLastLogonTimeStamp -le $Global:LastLogon) -and ($.ApproximateLastLogonTimeStamp -ne $Null) -and ($_.AccountEnabled -eq $false)} | Select-Object -Property DisplayName, AccountEnabled, ObjectId, DeviceOSType, DeviceOSVersion, DeviceTrustType, ApproximateLastLogonTimestamp
foreach ($Device in $DeviceReport) {
Remove-MgDevice -ObjectId $Device.ObjectId
}
$DeviceReport | Export-Excel -workSheetName $WorkSheetName -path $FileReport -ClearSheet -TableName “AADDevicesTable” -AutoSize
$Global:AffectedDevices = $DeviceReport.Count
Write-Host “Task Completed Successfully.” -ForegroundColor Green -BackgroundColor Black

}elseif ($CleanDevices){
Write-Host “Cleaning STALE devices older than”$Global:LastLogon -ForegroundColor Yellow
$FileReport = “CleanedDevices_” + $Date + $Time + “.xlsx”
$DeviceReport = Get-MgDevice -All:$true | Where {($.ApproximateLastLogonTimeStamp -le $Global:LastLogon) -and ($.ApproximateLastLogonTimeStamp -ne $Null)} | Select-Object -Property DisplayName, AccountEnabled, ObjectId, DeviceOSType, DeviceOSVersion, DeviceTrustType, ApproximateLastLogonTimestamp
foreach ($Device in $DeviceReport) {
Remove-MgDevice -ObjectId $Device.ObjectId
}
$DeviceReport | Export-Excel -workSheetName $WorkSheetName -path $FileReport -ClearSheet -TableName “AADDevicesTable” -AutoSize
$Global:AffectedDevices = $DeviceReport.Count
Write-Host “Task Completed Successfully.” -ForegroundColor Green -BackgroundColor Black
}else{
Write-Host “Operation aborted. You have not select any parameter, please make sure to select any of the following parameters:” -ForegroundColor Red

Write-Host "

Matt · March 29, 2023, 4:20am

The current retire date for the azureAD module is June 30, 2023.
Azure AD PowerShell overview | Microsoft Learn

tus · March 29, 2023, 2:08pm

Good to know, but I will need it for thousands of devices after July as well. Device refresh and all that this summer. Trying to get ahead of things.

rvertrees · March 29, 2023, 5:05pm

This is just a guess but I would bet that Get-MGDevice output is different from Get-AzureADDevice output. You might actually have to rewrite a good portion of the logic and use multiple MGGraph commands.

If I were you I would build a smaller portion of the original and then build up the same thing just with MGGraph. This will allow you to see the process differences between the two modules

Topic		Replies	Views
Powershell for azure PowerShell Help	2	148	December 14, 2022
Managing O365/Intune/AAD PowerShell Help	0	182	June 3, 2020
Need powershell script to uninstall CD-ROM device from device manager PowerShell Help	6	212	June 15, 2015
Issues with AzureADPreview Module and PowerShell 7 PowerShell Help	0	510	October 13, 2020
Problems with gpo & ps1 ... PowerShell Help	7	209	May 21, 2022

Help - Azure AD Clean Up Convert to Microsoft Graph

Related Topics