Reorganize repo: compartmentalize scripts by client/project
Move 150+ scripts from root and scripts/ into client/project directories: - clients/dataforth/scripts/ (110 files: AD2, sync, SSH, DB, DOS scripts) - clients/bg-builders/scripts/ (14 files: Lesley mgmt, Exchange, termination) - clients/internal-infrastructure/scripts/ (10 files: GDAP, Gitea, backups) - projects/msp-tools/scripts/ (9 files: CIPP, MSP onboarding, Datto) - projects/gururmm-agent/scripts/ (3 files: API test, JWT, record counts) - clients/glaztech/scripts/ (1 file: CentraStage removal) Also reorganized: - VPN scripts → infrastructure/vpn-configs/ - Retrieved API/JS files → api/ - Forum posts → projects/community-forum/forum-posts/ - SSH docs → clients/internal-infrastructure/docs/ - NWTOC/CTONW docs → projects/wrightstown-smarthome/docs/ - ACG website files → projects/internal/acg-website-2025/ - Dataforth docs → clients/dataforth/docs/ - schema-retrieved.sql → docs/database/ Deleted 24 tmp_*.ps1 one-off debug scripts (preserved in git history). Root reduced from 220+ files to 62 items (docs + directories only). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
81
clients/bg-builders/scripts/bgb-check-lesley-ownership.ps1
Normal file
81
clients/bg-builders/scripts/bgb-check-lesley-ownership.ps1
Normal file
@@ -0,0 +1,81 @@
|
||||
Import-Module Microsoft.Graph.Authentication
|
||||
Import-Module Microsoft.Graph.Users
|
||||
Import-Module Microsoft.Graph.Groups
|
||||
Import-Module Microsoft.Graph.Sites
|
||||
|
||||
$tenantId = "ededa4fb-f6eb-4398-851d-5eb3e11fab27"
|
||||
$lesleyUPN = "lesley@bgbuildersllc.com"
|
||||
|
||||
Write-Output "========================================="
|
||||
Write-Output " BG Builders - Lesley Roth Ownership Audit"
|
||||
Write-Output " $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')"
|
||||
Write-Output "========================================="
|
||||
|
||||
Connect-MgGraph -TenantId $tenantId -Scopes 'User.Read.All','Group.Read.All','Sites.Read.All','TeamSettings.Read.All' -NoWelcome
|
||||
|
||||
$lesley = Get-MgUser -UserId $lesleyUPN -Property Id,DisplayName
|
||||
Write-Output "[OK] Lesley ID: $($lesley.Id)"
|
||||
|
||||
# --- Check Teams/M365 Group ownership ---
|
||||
Write-Output "`n--- Teams / M365 Group Ownership ---"
|
||||
$ownedGroups = Get-MgUserOwnedObject -UserId $lesley.Id -All
|
||||
if ($ownedGroups) {
|
||||
foreach ($obj in $ownedGroups) {
|
||||
$group = Get-MgGroup -GroupId $obj.Id -Property DisplayName,GroupTypes,Mail -ErrorAction SilentlyContinue
|
||||
if ($group) {
|
||||
$isTeam = $group.GroupTypes -contains "Unified"
|
||||
$type = if ($isTeam) { "M365 Group/Team" } else { "Group" }
|
||||
Write-Output " [OWNER] $type : $($group.DisplayName) ($($group.Mail))"
|
||||
|
||||
# Check if sole owner
|
||||
$owners = Get-MgGroupOwner -GroupId $obj.Id -All
|
||||
if ($owners.Count -le 1) {
|
||||
Write-Output " [WARNING] SOLE OWNER - needs transfer before termination"
|
||||
} else {
|
||||
Write-Output " [OK] Has $($owners.Count) owners total"
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
Write-Output " [INFO] Lesley does not own any groups or teams"
|
||||
}
|
||||
|
||||
# --- Check group memberships ---
|
||||
Write-Output "`n--- Group / Team Memberships ---"
|
||||
$memberships = Get-MgUserMemberOf -UserId $lesley.Id -All
|
||||
foreach ($mem in $memberships) {
|
||||
$group = Get-MgGroup -GroupId $mem.Id -Property DisplayName,GroupTypes,Mail -ErrorAction SilentlyContinue
|
||||
if ($group) {
|
||||
$isTeam = $group.GroupTypes -contains "Unified"
|
||||
$type = if ($isTeam) { "M365 Group/Team" } else { "Security/DL Group" }
|
||||
Write-Output " [MEMBER] $type : $($group.DisplayName) ($($group.Mail))"
|
||||
}
|
||||
}
|
||||
|
||||
# --- Check SharePoint site ownership ---
|
||||
Write-Output "`n--- SharePoint Sites ---"
|
||||
try {
|
||||
$sites = Get-MgSite -Search "*" -All -Property DisplayName,WebUrl 2>$null
|
||||
if ($sites) {
|
||||
foreach ($site in $sites) {
|
||||
try {
|
||||
$sitePermissions = Get-MgSitePermission -SiteId $site.Id -ErrorAction SilentlyContinue 2>$null
|
||||
} catch {
|
||||
# Fall through - permissions API may not be available on all sites
|
||||
}
|
||||
Write-Output " [SITE] $($site.DisplayName) - $($site.WebUrl)"
|
||||
}
|
||||
}
|
||||
} catch {
|
||||
Write-Output " [INFO] Could not enumerate SharePoint sites (may need SharePoint admin role)"
|
||||
}
|
||||
|
||||
# --- Check distribution group membership via Exchange ---
|
||||
Write-Output "`n--- Distribution List Memberships (requires Exchange connection) ---"
|
||||
Write-Output " [INFO] Run separately via Exchange Online to check DL memberships"
|
||||
|
||||
Write-Output "`n========================================="
|
||||
Write-Output " Audit Complete"
|
||||
Write-Output "========================================="
|
||||
|
||||
Disconnect-MgGraph
|
||||
Reference in New Issue
Block a user