Skip to content

Instantly share code, notes, and snippets.

@craig-martin
Created December 28, 2016 18:30
Show Gist options
  • Save craig-martin/4d37f41d3b2698f4b897c4d10ca7c43c to your computer and use it in GitHub Desktop.
Save craig-martin/4d37f41d3b2698f4b897c4d10ca7c43c to your computer and use it in GitHub Desktop.
Demo-AzureADModuleV2.ps1
### Server management tools preview (next month): https://blogs.technet.microsoft.com/servermanagement/2016/02/09/introducing-server-management-tools/
### View the online docs
start https://docs.microsoft.com/en-us/powershell/azuread/v2/azureactivedirectory
### Find the module
Find-Module AzureAD | Select-Object *
<#
Version Name Repository Description
------- ---- ---------- -----------
2.0.0.33 AzureAD PSGallery This is the General Availability release of Azure Active Directory V2 PowerShell Module.
#>
 
### Install the module
Install-Module AzureAD
### Use 'Show Commands' Add-On to view the commands for AzureAD
### Helper function to show Manadatory parameters
function Get-ManatoryParameters ($FunctionName)
{
Get-Command $FunctionName | Select -expand ParameterSets | Select -expand Parameters | Where IsMandatory | Select Name
}
### Use Get-Command to show the commands
Get-Command -Module AzureAD
Get-Command -Module AzureAD | Measure-Object
Get-Command -Module AzureAD | Group-Object Verb | Sort-Object Count -Descending
Get-Command -Module AzureAD | Group-Object Noun | Sort-Object Count -Descending
### Connect to Azure AD
Connect-AzureAD
### Create a new Azure AD User
Get-Help -Name New-AzureADUser -ShowWindow
Get-ManatoryParameters New-AzureADUser
$newUserParams = @{
GivenName = 'James'
SurName = 'Bond'
DisplayName = 'James Bond'
MailNickname = 'JamesBond'
UserPrincipalName = '[email protected]'
AccountEnabled = $false
PasswordProfile = New-Object Microsoft.Open.AzureAD.Model.PasswordProfile 'HoofHearted?'
}
New-AzureADUser @newUserParams
### Get Azure AD Users
Get-AzureADUser -SearchString JamesBond | select *
Get-AzureADUser
### Create a new Azure AD Group
Get-Help New-AzureADGroup -ShowWindow
Get-ManatoryParameters New-AzureADGroup
$newGroupParams = @{
DisplayName = 'Octonauts'
MailNickname = 'Octonauts'
MailEnabled = $false
SecurityEnabled = $true
}
New-AzureADGroup @newGroupParams -Verbose
### Get a Group
Get-AzureADGroup | select *
### Add a member to a group
Get-Help Add-AzureADGroupMember -ShowWindow
Add-AzureADGroupMember -ObjectId (Get-AzureADGroup -SearchString Octonauts | select -ExpandProperty OBjectID) -RefObjectId (Get-AzureADUser -SearchString JamesBond | select -ExpandProperty OBjectID)
#Add-AzureADGroupMember -Group Octonauts -Member JamesBond
#Add-AzureADGroupMember -Group (Get-AzureADGroup -SearchString Octonauts) -Members (Get-AzureADUser -SearchString JamesBond)
Get-AzureADGroup -SearchString Octonauts | Get-AzureADGroupMember
### Remove a group member
Get-Help Remove-AzureADGroupMember -ShowWindow
Remove-AzureADGroupMember -ObjectId (Get-AzureADGroup -SearchString Octonauts | select -ExpandProperty OBjectID) -MemberId (Get-AzureADUser -SearchString JamesBond | select -ExpandProperty OBjectID)
Remove-AzureADGroupMember -ObjectId 85afc2a7-e87a-40ad-aebd-7beffc48f82f -MemberId f273aa98-5117-415a-9bdf-88d78fcf5408
### Add ALL Azure AD Users to a group
Get-AzureADUser | select @{Name='RefObjectId';Expression={$_.OBjectId}} |
Add-AzureADGroupMember -ObjectId (Get-AzureADGroup -SearchString Octonauts | select -ExpandProperty OBjectID)
### Remove ALL group members
Get-AzureADGroup -SearchString Octonauts |
Get-AzureADGroupMember |
select @{Name='MemberId ';Expression={$_.OBjectId}} |
Remove-AzureADGroupMember -ObjectId (Get-AzureADGroup -SearchString Octonauts | select -ExpandProperty OBjectID)
<#
Fails with:
Remove-AzureADGroupMember : Error occurred while executing RemoveGroupMember
StatusCode: BadRequest
ErrorCode: Request_UnsupportedQuery
Message: Unsupported referenced-object resource identifier for link property 'members'.
At line:4 char:1
+ Remove-AzureADGroupMember -ObjectId b4da04f0-8616-416e-96bf-9a3305a50 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Remove-AzureADGroupMember], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.RemoveGroupMember
#>
Get-AzureADGroup -SearchString Octonauts |
Get-AzureADGroupMember |
ForEach-Object {
Write-host "Removing " -NoNewline
Write-host "$(Get-AzureADUser -ObjectId $PSItem.ObjectID | Select -expand DisplayName)" -ForegroundColor Green -NoNewline
Write-Host " from group Octonauts..."
Remove-AzureADGroupMember -ObjectId (Get-AzureADGroup -SearchString Octonauts | select -ExpandProperty OBjectID) -MemberId $PSItem.ObjectId
}
 
Get-AzureADGroup -SearchString Octonauts |
Get-AzureADGroupMember |
ForEach-Object {
$PSItem
}
Get-Process | Where {$PSITem.Company -ne 'Microsoft Corporation'} | Select Company
Get-Process | Where Company -NE 'Microsoft Corporation' | Select Company
Get-Service | Where Name -NE Foo
### Check group membership using Select-AzureADGroupIdsUserIsMemberOf
Get-Help Select-AzureADGroupIdsUserIsMemberOf -ShowWindow
$GroupIdsForMembershipCheck = New-Object Microsoft.Open.AzureAD.Model.GroupIdsForMembershipCheck ,(Get-AzureADGroup | select -expand ObjectId)
$GroupIdsForMembershipCheck = New-Object Microsoft.Open.AzureAD.Model.GroupIdsForMembershipCheck '85afc2a7-e87a-40ad-aebd-7beffc48f82f'
$GroupIdsForMembershipCheck.GroupIds.Add('b4da04f0-8616-416e-96bf-9a3305a5051a')
Get-AzureADUser -SearchString JamesBond | Select-AzureADGroupIdsUserIsMemberOf -GroupIdsForMembershipCheck $GroupIdsForMembershipCheck
<#
OdataMetadata Value
------------- -----
https://graph.windows.net/eebeeeef-e2cd-4286-bce7-5dba0e648af6/$metadata#Collection(Edm.String) {b4da04f0-8616-416e-96bf-9a3305a5051a}
#>
 
### Create a new Azure AD Application
Get-Help New-AzureADApplication -ShowWindow
Get-ManatoryParameters New-AzureADApplication
New-AzureADApplication -DisplayName FooApp -IdentifierUris http://fooApp
### Get an Azure AD Application
Get-AzureADApplication
Get-AzureADApplication -SearchString FooApp
Get-AzureADApplication -SearchString FooApp | gm
Get-AzureADApplication -SearchString FooApp | select *
### Create Azure AD Application credentials
Get-Help New-AzureADApplicationPasswordCredential -ShowWindow
Get-ManatoryParameters New-AzureADApplicationPasswordCredential
<#
Get-AzureADApplication -SearchString FooApp | New-AzureADApplicationPasswordCredential
New-AzureADApplicationPasswordCredential : Error occurred while executing SetApplication
StatusCode: BadRequest
ErrorCode: Request_BadRequest
Message: Encrypted secret cannot be empty and can be at most 1024 bytes. Current length is 1267
Parameter name: encryptedSecretValue
At line:1 char:47
+ ... ation -SearchString FooApp | New-AzureADApplicationPasswordCredential
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureADApplicationPasswordCredential], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD.Graph.PowerShell.Custom.NewAzureADApplicationPasswordCredential
#>
New-AzureADApplicationPasswordCredential -ObjectId (Get-AzureADApplication -SearchString FooApp | Select -expand ObjectId)
New-AzureADApplicationPasswordCredential -ObjectId 662d91fd-87bd-4538-a3d7-90e92f5c1fee
get-help New-AzureADApplicationKeyCredential -ShowWindow
<#
Fails intermittently with:
New-AzureADApplicationPasswordCredential : Error occurred while executing SetApplication
StatusCode: BadRequest
ErrorCode: Request_BadRequest
Message: Encrypted secret cannot be empty and can be at most 1024 bytes. Current length is 1267
Parameter name: encryptedSecretValue
At line:1 char:47
+ ... ation -SearchString FooApp | New-AzureADApplicationPasswordCredential
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureADApplicationPasswordCredential], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD.Graph.PowerShell.Custom.NewAzureADApplicationPasswordCredential
#>
### TODO: Connect to Azure AD with other creds
Connect-AzureAD -ApplicationId c0cf206f-2a53-407a-a8aa-769efc4a2ed2 -TenantId eebeeeef-e2cd-4286-bce7-5dba0e648af6 -CertificateThumbprint
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment