Jan Vidar Elven JanVidarElven

## GroupADUPNSuffix.ps1
# Require the Active Directory PowerShell Module, installed with AD RSAT tools
Import-Module ActiveDirectory

# Group count of all UPN suffixes in your Active Directory
Get-ADUser -Filter * | Select UserPrincipalName, @{Name="UPNSuffix"; Expression={($_.UserPrincipalName.Split("@",2)[1])}} | Group UPNSuffix

## GroupAzureADUPNSuffix.ps1
# Require the Azure Active Directory PowerShell Module
Import-Module MSOnline

# Credential and Connect
$msolcred = Get-Credential
Connect-MsolService -Credential $msolcred

# Group count of all UPN suffixes in your Azure AD
Get-MsolUser -All | Select UserPrincipalName, @{Name="UPNSuffix"; Expression={($_.UserPrincipalName.Split("@",2)[1])}} | Group UPNSuffix

## AzureADPowerShellQuickstartInstall.ps1
# Azure AD v2 PowerShell Quickstart module install
# Azure AD has a GA version: AzureAD and Preview version: AzureADPreview

# Check available versions installed
Get-Module AzureAD -ListAvailable
Get-Module AzureADPreview -ListAvailable

# Install from PowerShell Gallery
Install-Module AzureAD
Install-Module AzureADPreview

## AzureADAPIApplication.ps1
# This Application is for accessing the Azure AD Graph Api

# Log in to Azure AD with Global Admin
Connect-AzureAD

# Create the Azure AD API Application
$azureAdApp = New-AzureADApplication -DisplayName "Elven Azure AD Reporting Api App" -Homepage "https://localhost" -IdentifierUris "https://localhost/azureadreportingapi" -ReplyUrls "https://localhost"

$keyStartDate = "{0:s}" -f (get-date).AddHours(-1) + "Z"
$keyEndDate = "{0:s}" -f (get-date).AddYears(1) + "Z"

## AzureADReportingAPI_SSPR.ps1
# PowerShell for calling the Azure AD Graph Reporting REST API, https://msdn.microsoft.com/en-us/library/azure/ad/graph/howto/azure-ad-reports-and-events-preview
# Getting Self Service Password Reset Registrations

# This script will require registration of a Web Application in Azure Active Directory

# Method 1: Use steps here for manually creating required Web App: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-api-prerequisites
# Method 2: Use Azure AD PowerShell as documented here: https://gist.github.com/skillriver/b46c51e2902a331a91221c6828bd320c#file-azureadapiapplication-ps1

$loginURL = "https://login.microsoftonline.com"
$tenantdomain = "<yourtenant>.onmicrosoft.com"

## AzureADPowerShellQuickstartAdmin.ps1

# Create a Dynamic Group for my test users of Seinfeld characters
New-AzureADMSGroup -DisplayName "Seinfeld Users" -Description "Dynamic groups with all Seinfeld users" -MailEnabled $false -SecurityEnabled $true -MailNickname "seinfeld" -GroupTypes "DynamicMembership" -MembershipRule "(user.department -eq ""Seinfeld"")" -MembershipRuleProcessingState "Paused"

# Get Group and members
$AADGroup = Get-AzureADMSGroup -SearchString "Seinfeld Users"
Get-AzureADGroupMember -ObjectId $AADGroup.Id

# Set Membership Processing
$AADGroup | Set-AzureADMSGroup -MembershipRuleProcessingState On

## EMSAssignLicense.ps1
# PowerShell CmdLets for Assigning EMS Licenses with Azure AD v2 PowerShell Module
# Read blog post for details: https://gotoguy.blog/2017/02/17/assign-ems-license-with-azure-ad-v2-powershell-and-dynamic-groups/

# Connect to Azure AD with Global Administrator
Connect-AzureAD

# List Subscriptions
Get-AzureADSubscribedSku | Select SkuId, SkuPartNumber

# EMS E3 license Service Plans

## AzureADSPN.ps1

# Log in to Azure AD with Global Admin
Connect-AzureAD

# Get the Service Principal for the Function App
$faSpn = Get-AzureADServicePrincipal -SearchString "faElvenGraph"

# Get some properties for the Service Principal
$faSpn | Select-Object ObjectId, ObjectType, AlternativeNames,
    AppId, DisplayName, ServicePrincipalType

## AzureFunctionMSGraphMSI.ps1
# Get Managed Service Identity info from Azure Functions Application Settings
$msiEndpoint = $env:MSI_ENDPOINT
$msiSecret = $env:MSI_SECRET

Write-Output $msiEndpoint
Write-Output $msiSecret

# Specify URI and Token AuthN Request Parameters
$apiVersion = "2017-09-01"
$resourceURI = "https://graph.microsoft.com"

## AzureVMShutDownInlineWithMSI.ps1
# This script will shutdown the Azure VM it's running on
# Requirements: Azure Managed Service Identity (MSI) configured on the VMs in question.
# Permissions: The MSI service principal for the VM needs to be added as Virtual Machine Contributor for it's own VM
# Kudos: This script is inspired from Marcel Meurer's script for shutting down VM from itself: https://www.sepago.de/blog/2018/01/16/deallocate-an-azure-vm-from-itself

# Read VM details from Azure VM Instance Metadata
$md = Invoke-RestMethod -Headers @{"Metadata"="true"} -URI http://169.254.169.254/metadata/instance?api-version=2017-08-01

# Save variables from metadata
$subscriptionId = $md.compute.subscriptionId
	# Require the Active Directory PowerShell Module, installed with AD RSAT tools
	Import-Module ActiveDirectory

	# Group count of all UPN suffixes in your Active Directory
	Get-ADUser -Filter * \| Select UserPrincipalName, @{Name="UPNSuffix"; Expression={($_.UserPrincipalName.Split("@",2)[1])}} \| Group UPNSuffix
	# Require the Azure Active Directory PowerShell Module
	Import-Module MSOnline

	# Credential and Connect
	$msolcred = Get-Credential
	Connect-MsolService -Credential $msolcred

	# Group count of all UPN suffixes in your Azure AD
	Get-MsolUser -All \| Select UserPrincipalName, @{Name="UPNSuffix"; Expression={($_.UserPrincipalName.Split("@",2)[1])}} \| Group UPNSuffix
	# Azure AD v2 PowerShell Quickstart module install
	# Azure AD has a GA version: AzureAD and Preview version: AzureADPreview

	# Check available versions installed
	Get-Module AzureAD -ListAvailable
	Get-Module AzureADPreview -ListAvailable

	# Install from PowerShell Gallery
	Install-Module AzureAD
	Install-Module AzureADPreview
	# This Application is for accessing the Azure AD Graph Api

	# Log in to Azure AD with Global Admin
	Connect-AzureAD

	# Create the Azure AD API Application
	$azureAdApp = New-AzureADApplication -DisplayName "Elven Azure AD Reporting Api App" -Homepage "https://localhost" -IdentifierUris "https://localhost/azureadreportingapi" -ReplyUrls "https://localhost"

	$keyStartDate = "{0:s}" -f (get-date).AddHours(-1) + "Z"
	$keyEndDate = "{0:s}" -f (get-date).AddYears(1) + "Z"
	# PowerShell for calling the Azure AD Graph Reporting REST API, https://msdn.microsoft.com/en-us/library/azure/ad/graph/howto/azure-ad-reports-and-events-preview
	# Getting Self Service Password Reset Registrations

	# This script will require registration of a Web Application in Azure Active Directory

	# Method 1: Use steps here for manually creating required Web App: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-api-prerequisites
	# Method 2: Use Azure AD PowerShell as documented here: https://gist.github.com/skillriver/b46c51e2902a331a91221c6828bd320c#file-azureadapiapplication-ps1

	$loginURL = "https://login.microsoftonline.com"
	$tenantdomain = "<yourtenant>.onmicrosoft.com"

	# Create a Dynamic Group for my test users of Seinfeld characters
	New-AzureADMSGroup -DisplayName "Seinfeld Users" -Description "Dynamic groups with all Seinfeld users" -MailEnabled $false -SecurityEnabled $true -MailNickname "seinfeld" -GroupTypes "DynamicMembership" -MembershipRule "(user.department -eq ""Seinfeld"")" -MembershipRuleProcessingState "Paused"

	# Get Group and members
	$AADGroup = Get-AzureADMSGroup -SearchString "Seinfeld Users"
	Get-AzureADGroupMember -ObjectId $AADGroup.Id

	# Set Membership Processing
	$AADGroup \| Set-AzureADMSGroup -MembershipRuleProcessingState On
	# PowerShell CmdLets for Assigning EMS Licenses with Azure AD v2 PowerShell Module
	# Read blog post for details: https://gotoguy.blog/2017/02/17/assign-ems-license-with-azure-ad-v2-powershell-and-dynamic-groups/

	# Connect to Azure AD with Global Administrator
	Connect-AzureAD

	# List Subscriptions
	Get-AzureADSubscribedSku \| Select SkuId, SkuPartNumber

	# EMS E3 license Service Plans

	# Log in to Azure AD with Global Admin
	Connect-AzureAD

	# Get the Service Principal for the Function App
	$faSpn = Get-AzureADServicePrincipal -SearchString "faElvenGraph"

	# Get some properties for the Service Principal
	$faSpn \| Select-Object ObjectId, ObjectType, AlternativeNames,
	AppId, DisplayName, ServicePrincipalType
	# Get Managed Service Identity info from Azure Functions Application Settings
	$msiEndpoint = $env:MSI_ENDPOINT
	$msiSecret = $env:MSI_SECRET

	Write-Output $msiEndpoint
	Write-Output $msiSecret

	# Specify URI and Token AuthN Request Parameters
	$apiVersion = "2017-09-01"
	$resourceURI = "https://graph.microsoft.com"
	# This script will shutdown the Azure VM it's running on
	# Requirements: Azure Managed Service Identity (MSI) configured on the VMs in question.
	# Permissions: The MSI service principal for the VM needs to be added as Virtual Machine Contributor for it's own VM
	# Kudos: This script is inspired from Marcel Meurer's script for shutting down VM from itself: https://www.sepago.de/blog/2018/01/16/deallocate-an-azure-vm-from-itself

	# Read VM details from Azure VM Instance Metadata
	$md = Invoke-RestMethod -Headers @{"Metadata"="true"} -URI http://169.254.169.254/metadata/instance?api-version=2017-08-01

	# Save variables from metadata
	$subscriptionId = $md.compute.subscriptionId