Last active
November 28, 2024 09:37
-
-
Save hansgafriedzal/caef587d62b21eb611230e58715e1ff6 to your computer and use it in GitHub Desktop.
Gets the service principal auth token using AzureAD module and then get the user and its custom attribute.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param | |
| ( | |
| [Parameter(Mandatory = $true)][string]$clientId, | |
| [Parameter(Mandatory = $true)][string]$tenantId, | |
| [Parameter(Mandatory = $true)][string[]]$upn | |
| ) | |
| Install-Module AzureAD | |
| Update-Module AzureAD | |
| $AadModule = Import-Module -Name AzureADPreview -ErrorAction Stop -PassThru | |
| function Get-MSGraphToken | |
| { | |
| Param([string]$clientId, [string]$tenantId) | |
| $resourceURI = 'https://graph.microsoft.com/' | |
| $authority = "https://login.microsoftonline.com/$tenantId" | |
| $redirectUri = 'https://login.microsoftonline.com/common/oauth2/nativeclient' | |
| $adal = Join-Path $AadModule.ModuleBase 'Microsoft.IdentityModel.Clients.ActiveDirectory.dll' | |
| $adalforms = Join-Path $AadModule.ModuleBase 'Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll' | |
| #$scope = 'scope=user.read.all auditLog.read.all directory.read.all' | |
| [System.Reflection.Assembly]::LoadFrom($adal) | Out-Null | |
| [System.Reflection.Assembly]::LoadFrom($adalforms) | Out-Null | |
| $authContext = New-Object 'Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext' -ArgumentList $authority | |
| $user = [Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier]::AnyUser | |
| $platformParameters = New-Object 'Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters' -ArgumentList 'Always' | |
| $authResult = $authContext.AcquireTokenAsync($resourceURI, $clientId, $redirectUri, $platformParameters) | |
| $token = $authResult.result.AccessToken | |
| return $token | |
| } | |
| function Get-User | |
| { | |
| Param([string]$accessToken, [string[]]$upn) | |
| foreach ($identity in $upn) | |
| { | |
| $uri = "https://graph.microsoft.com/v1.0/users/$identity" + '?$select=id,userPrincipalName,createdDateTime,onPremisesExtensionAttributes'; | |
| $headers = @{ | |
| Authorization = 'Bearer ' + $accessToken | |
| } | |
| $response = Invoke-RestMethod -Method Get -Uri $uri -Headers $headers | |
| $selectedData = $response | select Id, UserPrincipalName, CreatedDateTime, @{Name = 'ExtensionAttribute4'; Expression = { $_.onPremisesExtensionAttributes.extensionAttribute4 } } | |
| Write-Host $selectedData; | |
| } | |
| } | |
| function Get-EA4 | |
| { | |
| Param([string]$clientId, [string]$tenantId, [string[]]$upn) | |
| $accessToken = Get-MSGraphToken -clientId $clientId -tenantId $tenantId | |
| if (!$accessToken) | |
| { | |
| Write-Host 'Missing Token' | |
| return | |
| } | |
| Get-User -accessToken $accessToken -upn $upn | |
| } | |
| #$clientId = '07ea3c4b-c6e7-4fe9-b5eb-8b56ebdd2184'; | |
| #$tenantId = 'af038be2-7929-453f-b50d-cd5c2c1c9b87'; | |
| Get-EA4 -clientId $clientId -tenantId $tenantId -upn $upn |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment