You can use this script to query the HaveIBeenPwned database with your on-premises and Office 365 Active Directory user accounts. It's based on the reference API, and allows you to output a CSV of potentially breached accounts. When querying your accounts, you can select AD, Office 365, or both. Additionally, you can choose whether or not to include Azure AD guests (when querying AAD).
You can see examples of usage and more at:
Updates:
<# .SYNOPSIS Check accounts in Active Directory and Office 365 against haveibeenpwned.com database .PARAMETER ActiveDirectory Choose to run against Active Directory. .PARAMETER ApiKey Your HaveIBeenPwned API key. This is an authenticated API, so this is now required. You can obtain a key from https://haveibeenpwned.com/API/. .PARAMETER Credential Standard Credential Object generated via Get-Credential .PARAMETER Identity Single identity (in the form of user@domain.tld). .PARAMETER IncludeGuests If querying Office 365, choose if you want to include external guests. Otherwise only objects with type MEMBER are selected. .PARAMETER IncludeUnverifiedResults If set to $true, will return breaches that don't have credential content (such as mailing lists that contain only public information). .PARAMETER ImportUsers Import a list of users to check against database. .PARAMETER InstallModules Choose if you want to install MSOnline and supporting modules. .PARAMETER Logfile Output log file name. .PARAMETER Office365 Choose to run against Office 365. .PARAMETER Output CSV filename for any potentially breached accounts .PARAMETER PerUserSummaryDisplay Use this switch to turn on console output for per-user breach summary. Summary will be logged regardless. .PARAMETER StartDate Use a standard PowerShell DateTime object to filter on breaches reported after a specified date. .PARAMETER Timeout Set the sleep time in milliseconds between API query attempts. Default is 1500. .EXAMPLE .\pwncheck.ps1 -Identity user@domain.com -apikey "asdfghjklHIBP" Run Pwncheck on a particular identity. .EXAMPLE .\pwncheck.ps1 -Office365 -Credential $cred -apikey "asdfghjklHIBP" Run Pwncheck against an Office 365 tenant with the credential stored in $cred. .EXAMPLE .\pwncheck.ps1 -Office365 -IncludeGuests -Credential $cred -apikey "asdfghjklHIBP" Run Pwncheck against an Office 365 tenant (including guest accounts) with the credential stored in $cred. .EXAMPLE .\pwncheck.ps1 -ActiveDirectory -Office365 -Credential $cred -apikey "asdfghjklHIBP" Run Pwncheck against Active Directory and Office 365 tenant with credentials stored in $cred. .EXAMPLE .\pwncheck.ps1 -ImportUsers userlist.txt -apikey "asdfghjklHIBP" Run Pwncheck against imported user list. You can specify a file with either a header of 'userprincipalname' or a file with no header at all. .NOTES 2019-10-09 - Added ApiKey support for v3. An API Key is required. - Added StartDate parameter. - Renamed parameter BreachedAccountOutput to Output. - Added IncludeUnverifiedResults parameter. - Added PerUserSummaryDisplay parameter. 2019-08-01 - Added init for $ImportedUsers var. H/t @itpro_tipscom 2019-06-11 - Updated header check. Updated to add Identity parameter. Added examples. Updated default parameter to identity, and configured to display Get-Help $($MyInvovation.Line).ToString() -Examples to show help data if no identity was specified. 2019-05-10 - Updated header check and output. 2019-05-09 - Updated to allow importing users from CSV and customizable timeout. 2019-02-09 - Updated console output wording. 2018-12-19 - Original release. #>
<#
.SYNOPSIS
Check accounts in Active Directory and Office 365 against
haveibeenpwned.com database
.PARAMETER ActiveDirectory
Choose to run against Active Directory.
.PARAMETER ApiKey
Your HaveIBeenPwned API key. This is an authenticated API, so this is now
required. You can obtain a key from https://haveibeenpwned.com/API/.
.PARAMETER Credential
Standard Credential Object generated via Get-Credential
.PARAMETER Identity
Single identity (in the form of user@domain.tld).
.PARAMETER IncludeGuests
If querying Office 365, choose if you want to include external guests. Otherwise
only objects with type MEMBER are selected.
.PARAMETER IncludeUnverifiedResults
If set to $true, will return breaches that don't have credential content (such
as mailing lists that contain only public information).
.PARAMETER ImportUsers
Import a list of users to check against database.
.PARAMETER InstallModules
Choose if you want to install MSOnline and supporting modules.
.PARAMETER Logfile
Output log file name.
.PARAMETER Office365
Choose to run against Office 365.
.PARAMETER Output
CSV filename for any potentially breached accounts
.PARAMETER PerUserSummaryDisplay
Use this switch to turn on console output for per-user breach summary. Summary
will be logged regardless.
.PARAMETER StartDate
Use a standard PowerShell DateTime object to filter on breaches reported after a
specified date.
.PARAMETER Timeout
Set the sleep time in milliseconds between API query attempts. Default is 1500.
.EXAMPLE
.\pwncheck.ps1 -Identity user@domain.com -apikey "asdfghjklHIBP"
Run Pwncheck on a particular identity.
.EXAMPLE
.\pwncheck.ps1 -Office365 -Credential $cred -apikey "asdfghjklHIBP"
Run Pwncheck against an Office 365 tenant with the credential stored in $cred.
.EXAMPLE
.\pwncheck.ps1 -Office365 -IncludeGuests -Credential $cred -apikey "asdfghjklHIBP"
Run Pwncheck against an Office 365 tenant (including guest accounts) with the
credential stored in $cred.
.EXAMPLE
.\pwncheck.ps1 -ActiveDirectory -Office365 -Credential $cred -apikey "asdfghjklHIBP"
Run Pwncheck against Active Directory and Office 365 tenant with credentials
stored in $cred.
.EXAMPLE
.\pwncheck.ps1 -ImportUsers userlist.txt -apikey "asdfghjklHIBP"
Run Pwncheck against imported user list. You can specify a file with either a
header of 'userprincipalname' or a file with no header at all.
.NOTES
2019-10-09 - Added ApiKey support for v3. An API Key is required.
- Added StartDate parameter.
- Renamed parameter BreachedAccountOutput to Output.
- Added IncludeUnverifiedResults parameter.
- Added PerUserSummaryDisplay parameter.
2019-08-01 - Added init for $ImportedUsers var. H/t @itpro_tipscom
2019-06-11 - Updated header check.
Updated to add Identity parameter.
Added examples.
Updated default parameter to identity, and configured to display
Get-Help $($MyInvovation.Line).ToString() -Examples to show help
data if no identity was specified.
2019-05-10 - Updated header check and output.
2019-05-09 - Updated to allow importing users from CSV and customizable timeout.
2019-02-09 - Updated console output wording.
2018-12-19 - Original release.
#>