This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Require the Active Directory PowerShell Module, installed with AD RSAT tools | |
Import-Module ActiveDirectory | |
# Group count of all UPN suffixes in your Active Directory | |
Get-ADUser -Filter * | Select UserPrincipalName, @{Name="UPNSuffix"; Expression={($_.UserPrincipalName.Split("@",2)[1])}} | Group UPNSuffix |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Require the Azure Active Directory PowerShell Module | |
Import-Module MSOnline | |
# Credential and Connect | |
$msolcred = Get-Credential | |
Connect-MsolService -Credential $msolcred | |
# Group count of all UPN suffixes in your Azure AD | |
Get-MsolUser -All | Select UserPrincipalName, @{Name="UPNSuffix"; Expression={($_.UserPrincipalName.Split("@",2)[1])}} | Group UPNSuffix |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Azure AD v2 PowerShell Quickstart module install | |
# Azure AD has a GA version: AzureAD and Preview version: AzureADPreview | |
# Check available versions installed | |
Get-Module AzureAD -ListAvailable | |
Get-Module AzureADPreview -ListAvailable | |
# Install from PowerShell Gallery | |
Install-Module AzureAD | |
Install-Module AzureADPreview |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This Application is for accessing the Azure AD Graph Api | |
# Log in to Azure AD with Global Admin | |
Connect-AzureAD | |
# Create the Azure AD API Application | |
$azureAdApp = New-AzureADApplication -DisplayName "Elven Azure AD Reporting Api App" -Homepage "https://localhost" -IdentifierUris "https://localhost/azureadreportingapi" -ReplyUrls "https://localhost" | |
$keyStartDate = "{0:s}" -f (get-date).AddHours(-1) + "Z" | |
$keyEndDate = "{0:s}" -f (get-date).AddYears(1) + "Z" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# PowerShell for calling the Azure AD Graph Reporting REST API, https://msdn.microsoft.com/en-us/library/azure/ad/graph/howto/azure-ad-reports-and-events-preview | |
# Getting Self Service Password Reset Registrations | |
# This script will require registration of a Web Application in Azure Active Directory | |
# Method 1: Use steps here for manually creating required Web App: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-api-prerequisites | |
# Method 2: Use Azure AD PowerShell as documented here: https://gist.github.com/skillriver/b46c51e2902a331a91221c6828bd320c#file-azureadapiapplication-ps1 | |
$loginURL = "https://login.microsoftonline.com" | |
$tenantdomain = "<yourtenant>.onmicrosoft.com" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Create a Dynamic Group for my test users of Seinfeld characters | |
New-AzureADMSGroup -DisplayName "Seinfeld Users" -Description "Dynamic groups with all Seinfeld users" -MailEnabled $false -SecurityEnabled $true -MailNickname "seinfeld" -GroupTypes "DynamicMembership" -MembershipRule "(user.department -eq ""Seinfeld"")" -MembershipRuleProcessingState "Paused" | |
# Get Group and members | |
$AADGroup = Get-AzureADMSGroup -SearchString "Seinfeld Users" | |
Get-AzureADGroupMember -ObjectId $AADGroup.Id | |
# Set Membership Processing | |
$AADGroup | Set-AzureADMSGroup -MembershipRuleProcessingState On |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# PowerShell CmdLets for Assigning EMS Licenses with Azure AD v2 PowerShell Module | |
# Read blog post for details: https://gotoguy.blog/2017/02/17/assign-ems-license-with-azure-ad-v2-powershell-and-dynamic-groups/ | |
# Connect to Azure AD with Global Administrator | |
Connect-AzureAD | |
# List Subscriptions | |
Get-AzureADSubscribedSku | Select SkuId, SkuPartNumber | |
# EMS E3 license Service Plans |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Log in to Azure AD with Global Admin | |
Connect-AzureAD | |
# Get the Service Principal for the Function App | |
$faSpn = Get-AzureADServicePrincipal -SearchString "faElvenGraph" | |
# Get some properties for the Service Principal | |
$faSpn | Select-Object ObjectId, ObjectType, AlternativeNames, | |
AppId, DisplayName, ServicePrincipalType |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Get Managed Service Identity info from Azure Functions Application Settings | |
$msiEndpoint = $env:MSI_ENDPOINT | |
$msiSecret = $env:MSI_SECRET | |
Write-Output $msiEndpoint | |
Write-Output $msiSecret | |
# Specify URI and Token AuthN Request Parameters | |
$apiVersion = "2017-09-01" | |
$resourceURI = "https://graph.microsoft.com" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This script will shutdown the Azure VM it's running on | |
# Requirements: Azure Managed Service Identity (MSI) configured on the VMs in question. | |
# Permissions: The MSI service principal for the VM needs to be added as Virtual Machine Contributor for it's own VM | |
# Kudos: This script is inspired from Marcel Meurer's script for shutting down VM from itself: https://www.sepago.de/blog/2018/01/16/deallocate-an-azure-vm-from-itself | |
# Read VM details from Azure VM Instance Metadata | |
$md = Invoke-RestMethod -Headers @{"Metadata"="true"} -URI http://169.254.169.254/metadata/instance?api-version=2017-08-01 | |
# Save variables from metadata | |
$subscriptionId = $md.compute.subscriptionId |
OlderNewer