This week, I dusted off an old script that’s saved me more times than I can count. Naturally, I figured it was time to share it because if it’s helped me, it might just help you too.
The Challenge: CIS Pilots and Ghost Groups
When I’m rolling out CIS Benchmarks with customers, the first step is usually figuring out who our pilot users and devices are. Ideally, the customer already has a few go-to device groups. Often, when I peek inside the group… crickets. No users listed. In a big environment, this can feel like finding a needle in a haystack.
Why User Info Matters
That’s when knowing who uses each device becomes a game changer. So, we start hunting for those “IT-friendly” users the ones who don’t mind being guinea pigs. If the device group doesn’t give us much to go on, like the example below, we’re basically flying blind.
The Script to the Rescue
To save the day (and my sanity), I created a script that digs up user info—as long as a Primary User is assigned to the device.
You can grab the script from my repo here: Device_upn.ps1. Don’t worry, I’ll walk you through what it does first.
What Does This Magical Script Do?
Step 1: Authentication Made Easy
If you haven’t already authenticated to Graph, the script will take care of it for you.
Step 2: Specify the Group
Use the -group Parameter to specify your group.
Step 3: Two Handy Options
Quick Check Mode: Want to just peek at the UPNs tied to the devices in a group? Use the -list parameter. This is your go-to. Great for a fast review.
Export Mode: Working with a larger group and need to sift through the details? Use the -outputfile. This will give you a neat CSV with everything you need.
Bonus Option: Can’t decide? You can do both!
A Peek at the Output
Here’s a preview of what the script output looks like when it lists device-user info…
Here is what you get when exporting it to a CSV. Perfect for sharing or highlighting who owns what.
Final Thoughts: Your Device Group Detective
I hope this little script helps bring some clarity to your device groups. Whether you’re troubleshooting, planning a pilot, or just trying to match a name to a machine, it’s a handy tool to have in your toolkit.
