Mike Swanson
fa15b03180
Synced files: - Quote wizard frontend (all components, hooks, types, config) - API updates (config, models, routers, schemas, services) - Client work (bg-builders, gurushow) - Scripts (BGB Lesley termination, CIPP, Datto, migration) - Temp files (Bardach contacts, VWP investigation, misc) - Credentials and session logs - Email service, PHP API, session logs Machine: ACG-M-L5090 Timestamp: 2026-03-10 19:11:00 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
82 lines
3.2 KiB
PowerShell
82 lines
3.2 KiB
PowerShell
Import-Module Microsoft.Graph.Authentication
|
|
Import-Module Microsoft.Graph.Users
|
|
Import-Module Microsoft.Graph.Groups
|
|
Import-Module Microsoft.Graph.Sites
|
|
|
|
$tenantId = "ededa4fb-f6eb-4398-851d-5eb3e11fab27"
|
|
$lesleyUPN = "lesley@bgbuildersllc.com"
|
|
|
|
Write-Output "========================================="
|
|
Write-Output " BG Builders - Lesley Roth Ownership Audit"
|
|
Write-Output " $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')"
|
|
Write-Output "========================================="
|
|
|
|
Connect-MgGraph -TenantId $tenantId -Scopes 'User.Read.All','Group.Read.All','Sites.Read.All','TeamSettings.Read.All' -NoWelcome
|
|
|
|
$lesley = Get-MgUser -UserId $lesleyUPN -Property Id,DisplayName
|
|
Write-Output "[OK] Lesley ID: $($lesley.Id)"
|
|
|
|
# --- Check Teams/M365 Group ownership ---
|
|
Write-Output "`n--- Teams / M365 Group Ownership ---"
|
|
$ownedGroups = Get-MgUserOwnedObject -UserId $lesley.Id -All
|
|
if ($ownedGroups) {
|
|
foreach ($obj in $ownedGroups) {
|
|
$group = Get-MgGroup -GroupId $obj.Id -Property DisplayName,GroupTypes,Mail -ErrorAction SilentlyContinue
|
|
if ($group) {
|
|
$isTeam = $group.GroupTypes -contains "Unified"
|
|
$type = if ($isTeam) { "M365 Group/Team" } else { "Group" }
|
|
Write-Output " [OWNER] $type : $($group.DisplayName) ($($group.Mail))"
|
|
|
|
# Check if sole owner
|
|
$owners = Get-MgGroupOwner -GroupId $obj.Id -All
|
|
if ($owners.Count -le 1) {
|
|
Write-Output " [WARNING] SOLE OWNER - needs transfer before termination"
|
|
} else {
|
|
Write-Output " [OK] Has $($owners.Count) owners total"
|
|
}
|
|
}
|
|
}
|
|
} else {
|
|
Write-Output " [INFO] Lesley does not own any groups or teams"
|
|
}
|
|
|
|
# --- Check group memberships ---
|
|
Write-Output "`n--- Group / Team Memberships ---"
|
|
$memberships = Get-MgUserMemberOf -UserId $lesley.Id -All
|
|
foreach ($mem in $memberships) {
|
|
$group = Get-MgGroup -GroupId $mem.Id -Property DisplayName,GroupTypes,Mail -ErrorAction SilentlyContinue
|
|
if ($group) {
|
|
$isTeam = $group.GroupTypes -contains "Unified"
|
|
$type = if ($isTeam) { "M365 Group/Team" } else { "Security/DL Group" }
|
|
Write-Output " [MEMBER] $type : $($group.DisplayName) ($($group.Mail))"
|
|
}
|
|
}
|
|
|
|
# --- Check SharePoint site ownership ---
|
|
Write-Output "`n--- SharePoint Sites ---"
|
|
try {
|
|
$sites = Get-MgSite -Search "*" -All -Property DisplayName,WebUrl 2>$null
|
|
if ($sites) {
|
|
foreach ($site in $sites) {
|
|
try {
|
|
$sitePermissions = Get-MgSitePermission -SiteId $site.Id -ErrorAction SilentlyContinue 2>$null
|
|
} catch {
|
|
# Fall through - permissions API may not be available on all sites
|
|
}
|
|
Write-Output " [SITE] $($site.DisplayName) - $($site.WebUrl)"
|
|
}
|
|
}
|
|
} catch {
|
|
Write-Output " [INFO] Could not enumerate SharePoint sites (may need SharePoint admin role)"
|
|
}
|
|
|
|
# --- Check distribution group membership via Exchange ---
|
|
Write-Output "`n--- Distribution List Memberships (requires Exchange connection) ---"
|
|
Write-Output " [INFO] Run separately via Exchange Online to check DL memberships"
|
|
|
|
Write-Output "`n========================================="
|
|
Write-Output " Audit Complete"
|
|
Write-Output "========================================="
|
|
|
|
Disconnect-MgGraph
|