Last active
March 7, 2025 16:07
-
-
Save FH-Inway/5a655609dcd9f90eef4402e02851b488 to your computer and use it in GitHub Desktop.
Check-AzureDevOpsLCSServiceConnections.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Description: This script checks all the service connections in all the projects in an Azure DevOps | |
| # organization and lists the service connections that are using the deprecated LCS authentication URL. | |
| # Usage: Run the script and enter your Personal Access Token (PAT) and Azure DevOps organization name | |
| # when prompted. | |
| # The PAT requires the following scopes: | |
| # - vso.profile (User Profile - Read) | |
| # - vso.project (Project and Team - Read) | |
| # - vso.serviceendpoint (Service Connections - Read & Query) | |
| # original gist: https://gist.github.com/FH-Inway/5a655609dcd9f90eef4402e02851b488 | |
| $token = Read-Host -Prompt "Enter your PAT" -AsSecureString | |
| $ORG_NAME = Read-Host -Prompt "Enter your Azure DevOps organization name" | |
| $tokenPlainText = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($token)) | |
| $tokenEncoded = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$tokenPlainText")) | |
| $tokenPlainText = "" | |
| $projectsURL = "https://dev.azure.com/$ORG_NAME/_apis/projects?api-version=7.1" | |
| $projects = Invoke-RestMethod -Uri $projectsURL -Method Get -Headers @{Authorization = "Basic $tokenEncoded"} | |
| $projects = $projects.value | |
| $endpointtype = "lcsserviceendpoint" | |
| $authenticationEndpoint = "https://login.microsoftonline.com/organizations" | |
| $projects | ForEach-Object { | |
| $projectName = $_.name | |
| $serviceConnectionsURL = "https://dev.azure.com/$ORG_NAME/$projectName/_apis/serviceendpoint/endpoints?type=$endpointtype&api-version=7.1" | |
| $serviceConnections = Invoke-RestMethod -Uri $serviceConnectionsURL -Method Get -Headers @{Authorization = "Basic $tokenEncoded"} | |
| $serviceConnections = $serviceConnections.value | |
| $serviceConnections | ForEach-Object { | |
| if ($PSItem.url -ne $authenticationEndpoint) { | |
| $serviceConnectionName = $PSItem.name | |
| Write-Host "Project $projectName has LCS service connection $serviceConnectionName with deprecated authentication url $($PSItem.url)" | |
| } | |
| } | |
| } | |
| $tokenEncoded = "" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment