-
-
Save alastairtree/1f555c76f57f8a7be93d0c9e8a4e9beb to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Original code from https://github.com/slavizh/OMSSearch/blob/master/OMSSearch.psm1 | |
| # - Updated/fixed authentication method calls | |
| # - Ensure ADAL DLL is loaded | |
| Function Get-AADToken { | |
| <# | |
| .SYNOPSIS | |
| Get token from Azure AD so you can use the other cmdlets. | |
| .DESCRIPTION | |
| Get token from Azure AD so you can use the other cmdlets. | |
| .PARAMETER OMSConnection | |
| Object that contains all needed parameters for working | |
| with OMSSearch Module. You can create such object in | |
| OMS Automation as connection asset. | |
| .PARAMETER TenantADName | |
| Valid Azure AD Tenant name. | |
| Example: stanoutlook.onmicrosoft.com | |
| .PARAMETER TenantID | |
| Valid Azure Tenant ID. | |
| Example: eeb91fce-4be2-4a30-aad8-39e05fefde0 | |
| .PARAMETER Credential | |
| Valid user credentials to Azure AD. The Azure AD user must | |
| have at least user rights in OMS and administrator and | |
| Contributor rights on the Azure resource group where | |
| the OMS workspace is located. | |
| .EXAMPLE | |
| $token = Get-AADToken -TenantADName 'stanoutlook.onmicrosoft.com' -Credential $creds | |
| Description | |
| ----------- | |
| Grabs token from Azure AD by Tenant AD Name | |
| Example Variables | |
| ----------------- | |
| $creds = Get-Credential | |
| .EXAMPLE | |
| $token = Get-AADToken -TenantID 'eeb91fce-4be2-4a30-aad8-39e05fefde0' -Credential $creds | |
| Description | |
| ----------- | |
| Grabs token from Azure AD by Tenant ID | |
| Example Variables | |
| ----------------- | |
| $creds = Get-Credential | |
| .EXAMPLE | |
| $Token = Get-AADToken -OMSConnection $OMSCon | |
| Description | |
| ----------- | |
| Grabs token from Azure AD by using information from asset of type connection in OMS Automation | |
| Example Variables | |
| ----------------- | |
| $OMSCon = Get-AutomationConnection -Name 'stasoutlook' | |
| .OUTPUTS | |
| System.String. Returns token from Azure AD. | |
| #> | |
| [CmdletBinding(DefaultParameterSetName='LoginbyTenantADName')] | |
| [OutputType([string])] | |
| PARAM ( | |
| [Parameter(ParameterSetName='OMSConnection',Position=0,Mandatory=$true)] | |
| [Alias('Connection','c')] | |
| [Object]$OMSConnection, | |
| [Parameter(ParameterSetName='LoginbyTenantADName',Position=0,Mandatory=$true)] | |
| [Alias('t')] | |
| [String]$TenantADName, | |
| [Parameter(ParameterSetName='LoginByTenantID',Position=0,Mandatory=$true)] | |
| [ValidateScript({ | |
| try | |
| { | |
| [System.Guid]::Parse($_) | Out-Null | |
| $true | |
| } | |
| catch | |
| { | |
| $false | |
| } | |
| })] | |
| [Alias('tID')] | |
| [String]$TenantID, | |
| [Parameter(ParameterSetName='LoginbyTenantADName',Position=1,Mandatory=$true)] | |
| [Parameter(ParameterSetName='LoginByTenantID',Position=1,Mandatory=$true)] | |
| [Alias('cred')] | |
| [pscredential] | |
| [System.Management.Automation.CredentialAttribute()] | |
| $Credential | |
| ) | |
| Try | |
| { | |
| If ($OMSConnection) | |
| { | |
| $Username = $OMSConnection.Username | |
| $Password = $OMSConnection.Password | |
| If ($OMSConnection.TenantID) | |
| { | |
| $TenantID = $OMSConnection.TenantID | |
| } | |
| Else | |
| { | |
| $TenantADName = $OMSConnection.TenantADName | |
| } | |
| } | |
| Else | |
| { | |
| $Username = $Credential.Username | |
| $Password = $Credential.Password | |
| } | |
| # Set well-known client ID for Azure PowerShell | |
| $clientId = '1950a258-227b-4e31-a9cf-717495945fc2' | |
| # Set Resource URI to Azure Service Management API | |
| $resourceAppIdURI = 'https://management.azure.com/' | |
| # Set Authority to Azure AD Tenant | |
| If ($TenantID) | |
| { | |
| $authority = 'https://login.microsoftonline.com/common/' + $TenantID | |
| } | |
| Else | |
| { | |
| $authority = 'https://login.microsoftonline.com/' + $TenantADName | |
| } | |
| $AadModule = Get-Module -Name "AzureAD" -ListAvailable | |
| if ($AadModule.count -gt 1) { | |
| $Latest_Version = ($AadModule | Select-Object version | Sort-Object)[-1] | |
| $AadModule = $AadModule | Where-Object { $_.version -eq $Latest_Version.version } | |
| } | |
| $adal = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll" | |
| [System.Reflection.Assembly]::LoadFrom($adal) | Select-Object FullName | |
| $AADcredential = New-Object ` | |
| -TypeName 'Microsoft.IdentityModel.Clients.ActiveDirectory.UserPasswordCredential' ` | |
| -ArgumentList $Username,$Password | |
| # Create AuthenticationContext tied to Azure AD Tenant | |
| $authContext = New-Object ` | |
| -TypeName 'Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext' ` | |
| -ArgumentList $authority | |
| $authResult = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions]::AcquireTokenAsync($authContext, $resourceAppIdURI, $clientId, $AADcredential).Result | |
| $Token = $authResult.CreateAuthorizationHeader() | |
| } | |
| Catch | |
| { | |
| $ErrorMessage = 'Failed to aquire Azure AD token.' | |
| $ErrorMessage += " `n" | |
| $ErrorMessage += 'Error: ' | |
| $ErrorMessage += $_ | |
| Write-Error -Message $ErrorMessage ` | |
| -ErrorAction Stop | |
| } | |
| Return $Token | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment