Skip to content

Instantly share code, notes, and snippets.

Avatar

Anton Staykov astaykov

View GitHub Profile
@astaykov
astaykov / AuditAzureADB2C.ps1
Last active Sep 4, 2020
Take out number of authentications and number of active users from Azure AD B2C for the last 7 days
View AuditAzureADB2C.ps1
## Use this script to quickly analyse your current Azure AD B2C Tenant
## Please use cloud only user (Global Admin) local to your B2C tenant
## This script uses Azure AD PowerShell for MS Graph + Azure AD PowerShell for Graph preview modeules
## https://docs.microsoft.com/en-us/powershell/azure/active-directory/overview?view=azureadps-2.0
## https://docs.microsoft.com/en-us/powershell/azure/active-directory/overview?view=azureadps-2.0-preview
## You must have both the modules to run this script
## The information is based on the Audit Logs of Azure AD B2C, which is only there for 7 days
## If you need to query data for more than 7 days, then you must export your Azure AD B2C Audit Logs
## Read More about how to export Azure AD B2C Audit Logs to Log Analytics Workspace:
## https://docs.microsoft.com/en-us/azure/active-directory-b2c/azure-monitor
@astaykov
astaykov / AddEmailVerifiedToIdTokensInAAD.ps1
Created Jun 19, 2020
Adding claims mapping policy for Azure AD to emit email_verified claim
View AddEmailVerifiedToIdTokensInAAD.ps1
Connect-AzureAD -Confirm
Import-Module AzeruADPreview
$appID = "...guid-of-the-AppID..."
$policyName = "Add email_verified to claims"
$sp = Get-AzureADServicePrincipal -Filter "servicePrincipalNames/any(n: n eq '$appID')"
$existingPolicies = Get-AzureADServicePrincipalPolicy -Id $sp.ObjectId `
| Where-Object { $_.Type -eq "ClaimsMappingPolicy" }
@astaykov
astaykov / httpsig-in-postman-pre-request-script.js
Last active May 6, 2020 — forked from DinoChiesa/httpsig-in-postman-pre-request-script.js
pre-request script for Postman, to perform HttpSignature calculation. Also SHA-256 message digest.
View httpsig-in-postman-pre-request-script.js
function computeHttpSignature(config, headerHash) {
var template = 'keyId="${keyId}",algorithm="${algorithm}",headers="${headers}",signature="${signature}"',
sig = template;
// compute sig here
var signingBase = '';
config.headers.forEach(function(h){
if (signingBase !== '') { signingBase += '\n'; }
signingBase += h.toLowerCase() + ": " + headerHash[h];
});
View tenantdependentresources.sh
#!/bin/bash
function check_directory_dependencies() {
echo "Checking for graph extension on Azure CLI..."
echo "--------------------------------------------"
PATTERN='resource-graph'
string=$(az extension list | grep 'resource-graph')
if [[ $string == *"resource-graph"* ]];
then
# az extension update --name resource-graph
echo 'Graph extension is already installed...'
View LDAP_Sample_Queries
// basically gets all data about organization
ldapsearch -x -h fqdn.of.the.domain -D "upn" -w "password" -b 'dc=idcxp,dc=site'
// get data about single user object
// make sure you get the DN correct
ldapsearch -x -h fqdn.of.the.domain -D "upn" -w "password" -b 'CN=bdm-user bdmou,OU=AADDC Users,DC=idcxp,DC=site'
@astaykov
astaykov / CopyFromMcd.ps1
Created May 2, 2017
Copy VHDs for VMs in Microsoft Cloud Deutschalnd to any other Azure location
View CopyFromMcd.ps1
param(
[String] $destinationUri = "https://[YOUR STORAGE ACCOUNT NAME].blob.core.windows.net/vhds",
[String] $destinationKey = "[YOUR STORAGE ACCOUNT KEY]",
[String] $sourceAccountPattern = "*disk*",
[String] $pathToAzCopy = "C:\Program Files (x86)\Microsoft SDKs\Azure\AzCopy\AzCopy.exe"
)
clear
Login-AzureRmAccount -EnvironmentName AzureGermanCloud
$storageAccounts = Get-AzureRmStorageAccount
@astaykov
astaykov / GetAzureVnetGateways.ps1
Last active Nov 8, 2016
Get the type of all Azure Virtual Network Gateways in your Azure subscriptions
View GetAzureVnetGateways.ps1
Login-AzureRmAccount
cls
$subs = Get-AzureRmSubscription
ForEach ($sub in $subs)
{
Write-Host 'ARM: VPN Gateways in subscription' $sub.SubscriptionName '(' $sub.SubscriptionId ')'
Select-AzureRmSubscription -SubscriptionName $sub.SubscriptionName -OutVariable out
$gwr = Find-AzureRmResource -ResourceType "Microsoft.Network/virtualNetworkGateways"
if ( $gwr -ne $null)
{
View GetErronousAzureLoigcAppConnections.ps1
$errConnections = Get-AzureRmResource -ResourceGroupName RG-Development `
-ResourceType "Microsoft.Web/connections" -ExpandProperties |
Where-Object { $_.Properties.Statuses.Status -eq "Error" }
$errConnections.Count
$errConnections[0].Properties
View DeleteAadObject.ps1
Function DeleteUser
{
param(
[String] $token,
[String] $upn
)
$headers = @{"Authorization" = "Bearer $($token)"; "Content-Type" = "application/json"}
$deleteUserUri = "https://graph.windows.net/<your.tenant.domain>/users/$($upn)?api-version=1.5"
$userDeleteResult = Invoke-WebRequest -Uri $deleteUserUri -Headers $headers -Method Delete
$userDeleteResult
View PromoteServicePrincipal.ps1
Connect-MsolService
# Get Service Principal to add the role to
$sp = Get-MsolServicePrincipal -ServicePrincipalName "<URI_OF_YOUR_AZURE_AD_APP>"
# Get role object ID
# Alternatively, you can list all the roles (in order to get a different role name) using just `Get-MsolRole`
$roleId = (Get-MsolRole -RoleName "Company Administrators").ObjectId
# Add role to service principal
You can’t perform that action at this time.