-
-
Save nordineb/69da1bd39c7ac30af06fdb34206d3279 to your computer and use it in GitHub Desktop.
Demo-AzureADModuleV2.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Server management tools preview (next month): https://blogs.technet.microsoft.com/servermanagement/2016/02/09/introducing-server-management-tools/ | |
| ### View the online docs | |
| start https://docs.microsoft.com/en-us/powershell/azuread/v2/azureactivedirectory | |
| ### Find the module | |
| Find-Module AzureAD | Select-Object * | |
| <# | |
| Version Name Repository Description | |
| ------- ---- ---------- ----------- | |
| 2.0.0.33 AzureAD PSGallery This is the General Availability release of Azure Active Directory V2 PowerShell Module. | |
| #> | |
| ### Install the module | |
| Install-Module AzureAD | |
| ### Use 'Show Commands' Add-On to view the commands for AzureAD | |
| ### Helper function to show Manadatory parameters | |
| function Get-ManatoryParameters ($FunctionName) | |
| { | |
| Get-Command $FunctionName | Select -expand ParameterSets | Select -expand Parameters | Where IsMandatory | Select Name | |
| } | |
| ### Use Get-Command to show the commands | |
| Get-Command -Module AzureAD | |
| Get-Command -Module AzureAD | Measure-Object | |
| Get-Command -Module AzureAD | Group-Object Verb | Sort-Object Count -Descending | |
| Get-Command -Module AzureAD | Group-Object Noun | Sort-Object Count -Descending | |
| ### Connect to Azure AD | |
| Connect-AzureAD | |
| ### Create a new Azure AD User | |
| Get-Help -Name New-AzureADUser -ShowWindow | |
| Get-ManatoryParameters New-AzureADUser | |
| $newUserParams = @{ | |
| GivenName = 'James' | |
| SurName = 'Bond' | |
| DisplayName = 'James Bond' | |
| MailNickname = 'JamesBond' | |
| UserPrincipalName = '[email protected]' | |
| AccountEnabled = $false | |
| PasswordProfile = New-Object Microsoft.Open.AzureAD.Model.PasswordProfile 'HoofHearted?' | |
| } | |
| New-AzureADUser @newUserParams | |
| ### Get Azure AD Users | |
| Get-AzureADUser -SearchString JamesBond | select * | |
| Get-AzureADUser | |
| ### Create a new Azure AD Group | |
| Get-Help New-AzureADGroup -ShowWindow | |
| Get-ManatoryParameters New-AzureADGroup | |
| $newGroupParams = @{ | |
| DisplayName = 'Octonauts' | |
| MailNickname = 'Octonauts' | |
| MailEnabled = $false | |
| SecurityEnabled = $true | |
| } | |
| New-AzureADGroup @newGroupParams -Verbose | |
| ### Get a Group | |
| Get-AzureADGroup | select * | |
| ### Add a member to a group | |
| Get-Help Add-AzureADGroupMember -ShowWindow | |
| Add-AzureADGroupMember -ObjectId (Get-AzureADGroup -SearchString Octonauts | select -ExpandProperty OBjectID) -RefObjectId (Get-AzureADUser -SearchString JamesBond | select -ExpandProperty OBjectID) | |
| #Add-AzureADGroupMember -Group Octonauts -Member JamesBond | |
| #Add-AzureADGroupMember -Group (Get-AzureADGroup -SearchString Octonauts) -Members (Get-AzureADUser -SearchString JamesBond) | |
| Get-AzureADGroup -SearchString Octonauts | Get-AzureADGroupMember | |
| ### Remove a group member | |
| Get-Help Remove-AzureADGroupMember -ShowWindow | |
| Remove-AzureADGroupMember -ObjectId (Get-AzureADGroup -SearchString Octonauts | select -ExpandProperty OBjectID) -MemberId (Get-AzureADUser -SearchString JamesBond | select -ExpandProperty OBjectID) | |
| Remove-AzureADGroupMember -ObjectId 85afc2a7-e87a-40ad-aebd-7beffc48f82f -MemberId f273aa98-5117-415a-9bdf-88d78fcf5408 | |
| ### Add ALL Azure AD Users to a group | |
| Get-AzureADUser | select @{Name='RefObjectId';Expression={$_.OBjectId}} | | |
| Add-AzureADGroupMember -ObjectId (Get-AzureADGroup -SearchString Octonauts | select -ExpandProperty OBjectID) | |
| ### Remove ALL group members | |
| Get-AzureADGroup -SearchString Octonauts | | |
| Get-AzureADGroupMember | | |
| select @{Name='MemberId ';Expression={$_.OBjectId}} | | |
| Remove-AzureADGroupMember -ObjectId (Get-AzureADGroup -SearchString Octonauts | select -ExpandProperty OBjectID) | |
| <# | |
| Fails with: | |
| Remove-AzureADGroupMember : Error occurred while executing RemoveGroupMember | |
| StatusCode: BadRequest | |
| ErrorCode: Request_UnsupportedQuery | |
| Message: Unsupported referenced-object resource identifier for link property 'members'. | |
| At line:4 char:1 | |
| + Remove-AzureADGroupMember -ObjectId b4da04f0-8616-416e-96bf-9a3305a50 ... | |
| + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
| + CategoryInfo : NotSpecified: (:) [Remove-AzureADGroupMember], ApiException | |
| + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.RemoveGroupMember | |
| #> | |
| Get-AzureADGroup -SearchString Octonauts | | |
| Get-AzureADGroupMember | | |
| ForEach-Object { | |
| Write-host "Removing " -NoNewline | |
| Write-host "$(Get-AzureADUser -ObjectId $PSItem.ObjectID | Select -expand DisplayName)" -ForegroundColor Green -NoNewline | |
| Write-Host " from group Octonauts..." | |
| Remove-AzureADGroupMember -ObjectId (Get-AzureADGroup -SearchString Octonauts | select -ExpandProperty OBjectID) -MemberId $PSItem.ObjectId | |
| } | |
| Get-AzureADGroup -SearchString Octonauts | | |
| Get-AzureADGroupMember | | |
| ForEach-Object { | |
| $PSItem | |
| } | |
| Get-Process | Where {$PSITem.Company -ne 'Microsoft Corporation'} | Select Company | |
| Get-Process | Where Company -NE 'Microsoft Corporation' | Select Company | |
| Get-Service | Where Name -NE Foo | |
| ### Check group membership using Select-AzureADGroupIdsUserIsMemberOf | |
| Get-Help Select-AzureADGroupIdsUserIsMemberOf -ShowWindow | |
| $GroupIdsForMembershipCheck = New-Object Microsoft.Open.AzureAD.Model.GroupIdsForMembershipCheck ,(Get-AzureADGroup | select -expand ObjectId) | |
| $GroupIdsForMembershipCheck = New-Object Microsoft.Open.AzureAD.Model.GroupIdsForMembershipCheck '85afc2a7-e87a-40ad-aebd-7beffc48f82f' | |
| $GroupIdsForMembershipCheck.GroupIds.Add('b4da04f0-8616-416e-96bf-9a3305a5051a') | |
| Get-AzureADUser -SearchString JamesBond | Select-AzureADGroupIdsUserIsMemberOf -GroupIdsForMembershipCheck $GroupIdsForMembershipCheck | |
| <# | |
| OdataMetadata Value | |
| ------------- ----- | |
| https://graph.windows.net/eebeeeef-e2cd-4286-bce7-5dba0e648af6/$metadata#Collection(Edm.String) {b4da04f0-8616-416e-96bf-9a3305a5051a} | |
| #> | |
| ### Create a new Azure AD Application | |
| Get-Help New-AzureADApplication -ShowWindow | |
| Get-ManatoryParameters New-AzureADApplication | |
| New-AzureADApplication -DisplayName FooApp -IdentifierUris http://fooApp | |
| ### Get an Azure AD Application | |
| Get-AzureADApplication | |
| Get-AzureADApplication -SearchString FooApp | |
| Get-AzureADApplication -SearchString FooApp | gm | |
| Get-AzureADApplication -SearchString FooApp | select * | |
| ### Create Azure AD Application credentials | |
| Get-Help New-AzureADApplicationPasswordCredential -ShowWindow | |
| Get-ManatoryParameters New-AzureADApplicationPasswordCredential | |
| <# | |
| Get-AzureADApplication -SearchString FooApp | New-AzureADApplicationPasswordCredential | |
| New-AzureADApplicationPasswordCredential : Error occurred while executing SetApplication | |
| StatusCode: BadRequest | |
| ErrorCode: Request_BadRequest | |
| Message: Encrypted secret cannot be empty and can be at most 1024 bytes. Current length is 1267 | |
| Parameter name: encryptedSecretValue | |
| At line:1 char:47 | |
| + ... ation -SearchString FooApp | New-AzureADApplicationPasswordCredential | |
| + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
| + CategoryInfo : NotSpecified: (:) [New-AzureADApplicationPasswordCredential], ApiException | |
| + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD.Graph.PowerShell.Custom.NewAzureADApplicationPasswordCredential | |
| #> | |
| New-AzureADApplicationPasswordCredential -ObjectId (Get-AzureADApplication -SearchString FooApp | Select -expand ObjectId) | |
| New-AzureADApplicationPasswordCredential -ObjectId 662d91fd-87bd-4538-a3d7-90e92f5c1fee | |
| get-help New-AzureADApplicationKeyCredential -ShowWindow | |
| <# | |
| Fails intermittently with: | |
| New-AzureADApplicationPasswordCredential : Error occurred while executing SetApplication | |
| StatusCode: BadRequest | |
| ErrorCode: Request_BadRequest | |
| Message: Encrypted secret cannot be empty and can be at most 1024 bytes. Current length is 1267 | |
| Parameter name: encryptedSecretValue | |
| At line:1 char:47 | |
| + ... ation -SearchString FooApp | New-AzureADApplicationPasswordCredential | |
| + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
| + CategoryInfo : NotSpecified: (:) [New-AzureADApplicationPasswordCredential], ApiException | |
| + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD.Graph.PowerShell.Custom.NewAzureADApplicationPasswordCredential | |
| #> | |
| ### TODO: Connect to Azure AD with other creds | |
| Connect-AzureAD -ApplicationId c0cf206f-2a53-407a-a8aa-769efc4a2ed2 -TenantId eebeeeef-e2cd-4286-bce7-5dba0e648af6 -CertificateThumbprint |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment