Anton Staykov astaykov
astaykov
/ Useful links
Created
April 27, 2015 22:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Adding Service Principal (Application) to greater security groups | |
| https://support.microsoft.com/en-us/kb/3004133 |
astaykov
/ GetToken.ps1
Created
October 12, 2015 18:31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function GetToken | |
| { | |
| param( | |
| [String] $authority = "https://login.microsoftonline.com/lab09.onmicrosoft.com/oauth2/token", | |
| [String] $clientId = "0bc190c9-e84e-4df3-9ef8-xyxyxyxyxyxyxyx", | |
| [String] $clientSecret = "RJ30qUKSyRMhLICJRsqxxxCX01yyUMeF8xxyoo9xL7ltY=", | |
| [String] $resourceId = "https%3a%2f%2fgraph.windows.net" | |
| ) | |
| $body = "grant_type=client_credentials&resource=$($resourceId)&client_id=$($clientId)&client_secret=$($clientSecret)" |
astaykov
/ GetToken.ps1
Created
October 29, 2015 20:56
Get access token from Azure AD OAuth 2.0 endpoint
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function GetToken | |
| { | |
| param( | |
| [String] $authority = "https://login.microsoftonline.com/lab09.onmicrosoft.com/oauth2/token", | |
| [String] $clientId = "<your_client_id_here>", | |
| [String] $clientSecret = "<client_secret>", | |
| [String] $resourceId = "https%3a%2f%2fgraph.windows.net" | |
| ) | |
| $body = "grant_type=client_credentials&resource=$($resourceId)&client_id=$($clientId)&client_secret=$($clientSecret)" |
astaykov
/ GetAllUsersWithToken.ps1
Last active
October 29, 2015 21:13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function GetToken | |
| { | |
| param( | |
| [String] $authority = "https://login.microsoftonline.com/<your_tenant>/oauth2/token", | |
| [String] $clientId = "<client_id>", | |
| [String] $clientSecret = "<client_secret>", | |
| [String] $resourceId = "https%3a%2f%2fgraph.windows.net" | |
| ) | |
| $body = "grant_type=client_credentials&resource=$($resourceId)&client_id=$($clientId)&client_secret=$($clientSecret)" |
astaykov
/ UpdateUser.ps1
Created
October 29, 2015 23:48
Update user properties in Azure AD Graph API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function UpdateUser | |
| { | |
| param( | |
| [String] $token | |
| ) | |
| $headers = @{"Authorization" = "Bearer $($token)"; "Content-Type" = "application/json"} | |
| $updateUserUri = "https://graph.windows.net/dayzure.onmicrosoft.com/users/maxm@dayzure.onmicrosoft.com?api-version=1.5" | |
| $updateBody = @" | |
| { | |
| "department":"Super Devs" |
astaykov
/ PromoteServicePrincipal.ps1
Created
November 5, 2015 23:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Connect-MsolService | |
| # Get Service Principal to add the role to | |
| $sp = Get-MsolServicePrincipal -ServicePrincipalName "<URI_OF_YOUR_AZURE_AD_APP>" | |
| # Get role object ID | |
| # Alternatively, you can list all the roles (in order to get a different role name) using just `Get-MsolRole` | |
| $roleId = (Get-MsolRole -RoleName "Company Administrators").ObjectId | |
| # Add role to service principal |
astaykov
/ DeleteAadObject.ps1
Created
November 5, 2015 23:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function DeleteUser | |
| { | |
| param( | |
| [String] $token, | |
| [String] $upn | |
| ) | |
| $headers = @{"Authorization" = "Bearer $($token)"; "Content-Type" = "application/json"} | |
| $deleteUserUri = "https://graph.windows.net/<your.tenant.domain>/users/$($upn)?api-version=1.5" | |
| $userDeleteResult = Invoke-WebRequest -Uri $deleteUserUri -Headers $headers -Method Delete | |
| $userDeleteResult |
astaykov
/ gist:5038664
Created
February 26, 2013 14:09
Command line to use within Windows Azure Startup task (or any environemnt) to set 32bit Application Pool defaults, so that your Web App will run under 32bits. This must be run elevated.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %windir%\system32\inetsrv\appcmd set config -section:applicationPools -applicationPoolDefaults.enable32BitAppOnWin64:true |
astaykov
/ gist:5134934
Last active
December 14, 2015 19:09
Dealing with Context in WSFederation and ACS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [AllowAnonymous] | |
| [ValidateInput(false)] | |
| public class AcsResponseController : Controller | |
| { | |
| public ActionResult Index() | |
| { | |
| if (ControllerContext.HttpContext.Request.Form["wresult"] != null) | |
| { | |
| // This is a response from the ACS - you can further inspect the message if you will | |
| SignInResponseMessage message = |
astaykov
/ DeployAzureVMWithDns
Created
December 9, 2013 08:14
PowerShell to deploy DNS server VM to Windows Azure by specifying local DNS settings. Important are lines 6 and 11!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Add-AzureAccount | |
| Set-AzureSubscription "[Your Subscription Name]" -CurrentStorageAccountName "[StorageAccount_for_VHDs]" | |
| $adminPassword = "Super_Secret_Password!" | |
| $images = Get-AzureVMImage | where {$_.Label -match "Windows Server 2012 R2"} | |
| $vmImage = $images[2] | |
| $dnsServerLocal = New-AzureDns –Name "NameResolver" –IPAddress "127.0.0.1" | |
| New-AzureVMConfig -Name "NameResolver" -InstanceSize Large -ImageName $vmImage.ImageName ` | | |
| Add-AzureProvisioningConfig –Windows –Password $adminPassword -AdminUsername "astaykov" ` | | |
| Set-AzureSubnet "NSNet" ` | |