Darren Robinson darrenjrobinson
darrenjrobinson
/ Interactive MSAL AAD Delegated AuthN.py
Last active Jul 27, 2021
Interactive Authentication to Microsoft Graph using MSAL with Python and Delegated Permissions. See associated blogpost https://blog.darrenjrobinson.com/interactive-authentication-to-microsoft-graph-using-msal-with-python-and-delegated-permissions/
View Interactive MSAL AAD Delegated AuthN.py
| import msal | |
| import jwt | |
| import json | |
| import sys | |
| import requests | |
| from datetime import datetime | |
| from msal_extensions import * | |
| # Microsoft Azure PowerShell Client ID | |
| clientID = '1950a258-227b-4e31-a9cf-717495945fc2' |
darrenjrobinson
/ AAD User B2B Guest Federation Report.ps1
Last active Jul 13, 2021
Query Azure Service Management with an Azure AD Member Account to report on tenants the AAD User is federated to as a B2B Guest User. Associated blogpost https://blog.darrenjrobinson.com/azure-ad-user-account-federation-report
View AAD User B2B Guest Federation Report.ps1
| Import-Module MSAL.PS | |
| Import-Module AzureADTenantID | |
| # Use the Azure PowerShell Well-Known Client ID | |
| $clientID = "1950a258-227b-4e31-a9cf-717495945fc2" | |
| # Get UserUPN | |
| $userUPN = Read-Host -Prompt "Please enter Azure AD User UPN" | |
| $tenantName = $userUPN.Split("@")[1] | |
| $tenantID = Get-AzureADTenantId -domain $tenantName |
darrenjrobinson
/ run.ps1
Last active Jun 1, 2021
Azure AD PowerShell Function to query Azure AD for a User to get their full object and their group memberships then send a summary email via SendGrid. Associated Blogpost https://blog.darrenjrobinson.com/subscribing-to-azure-ad-change-notifications-with-powershell/
View run.ps1
| using namespace System.Net | |
| # Input bindings are passed in via param block. | |
| param($Request, $TriggerMetadata) | |
| # Write to the Azure Functions log stream. | |
| Write-Host "PowerShell AzureAD Query HTTP trigger function received a request." | |
| Write-Host $Request.Body | |
| # Write-Host $Request.Query |
darrenjrobinson
/ run.ps1
Last active Jun 1, 2021
Azure PowerShell Function to renew a Azure AD Change Notification Subscription. Associated Blogpost https://blog.darrenjrobinson.com/subscribing-to-azure-ad-change-notifications-with-powershell/
View run.ps1
| # Input bindings are passed in via param block. | |
| param($Timer) | |
| # Get the current universal time in the default string format | |
| $currentUTCtime = (Get-Date).ToUniversalTime() | |
| # The 'IsPastDue' porperty is 'true' when the current function invocation is later than scheduled. | |
| if ($Timer.IsPastDue) { | |
| Write-Host "PowerShell timer is running late!" | |
| } |
darrenjrobinson
/ run.ps1
Last active Jun 1, 2021
Azure PowerShell Function to receive and validate Azure AD Change Notification Subscriptions. Associated Blogpost https://blog.darrenjrobinson.com/subscribing-to-azure-ad-change-notifications-with-powershell/
View run.ps1
| using namespace System.Net | |
| # Input bindings are passed in via param block. | |
| param($Request, $TriggerMetadata) | |
| # Write to the Azure Functions log stream. | |
| Write-Host "PowerShell HTTP trigger function received a new Azure AD Change Notification." | |
| # Convert Notification Details to a PSObject | |
| $objNotification = ($Request.RawBody | convertfrom-json).value |
darrenjrobinson
/ Create Azure AD Change Notification Subscription.ps1
Last active Jun 1, 2021
Create a new Azure AD Change Notification Subscription for the 'User' ObjectClass and forward events to an Azure PowerShell Function. Associated Blogpost https://blog.darrenjrobinson.com/subscribing-to-azure-ad-change-notifications-with-powershell/
View Create Azure AD Change Notification Subscription.ps1
| # Notifidcation Configuration | |
| $expiryMaxLength = 3 | |
| $expiryHours = ($expiryMaxLength * 24) / 2 | |
| $clientStateValue = New-Guid | |
| $notificationExpiry = (get-date).addHours($expiryHours).ToUniversalTime() | |
| $utcExpiry = get-date $notificationExpiry -Format yyyy-MM-ddThh:mm:ss.0000000Z | |
| # AAD User and Application Configuration | |
| $graphAutomationClientID = "azureADApplicationClientID" | |
| $graphAutomationSecret = "azureADApplicationSecret" |
darrenjrobinson
/ ValidateYubiKey-SingleFactor v2.ps1
Created Apr 14, 2021
v2 PowerShell Script to validate YubiKey using Single Factor. Associated Blogpost https://blog.darrenjrobinson.com/validating-a-yubico-yubikeys-one-time-password-otp-using-single-factor-authentication-and-powershell/
View ValidateYubiKey-SingleFactor v2.ps1
| Clear-Host | |
| # Client ID obtained after registering here https://upgrade.yubico.com/getapikey/ | |
| $clientID = '12345' | |
| # Read in the key | |
| $getKey = Read-Host 'Insert your YubiKey and touch it until the OTP is received (~2 seconds)' | |
| $credentialID = $getKey.Substring(0, 12) | |
| # Generate a Nonce | |
| $nonce = -join ((65..90) + (97..122) | Get-Random -Count 32 | ForEach-Object { [char]$_ }) | |
| $nonce = $nonce.ToLower() |
darrenjrobinson
/ AADAuth_MSAL_Python.py
Last active Apr 15, 2021
Microsoft Graph using MSAL with Python and Certificate Authentication. Associated blogpost https://blog.darrenjrobinson.com/microsoft-graph-using-msal-with-python-and-certificate-authentication/
View AADAuth_MSAL_Python.py
| import msal | |
| import jwt | |
| import json | |
| import sys | |
| import requests | |
| from datetime import datetime | |
| global accessToken | |
| global requestHeaders | |
| global tokenExpiry |
darrenjrobinson
/ import.ps1
Last active Apr 1, 2021
Using the new Granfeldt FIM/MIM PowerShell Management Features - Import Script. Associated Blogpost https://blog.darrenjrobinson.com/using-the-new-granfeldt-fim-mim-powershell-management-features/
View import.ps1
| param ( | |
| $Username, | |
| $Password, | |
| $Credentials, | |
| $AuxUsername, | |
| $AuxPassword, | |
| $AuxCredentials, | |
| $ConfigurationParameter, | |
| $OperationType, | |
| [bool] $usepagedimport, |
darrenjrobinson
/ schema.ps1
Last active Apr 1, 2021
Using the new Granfeldt FIM/MIM PowerShell Management Features - Schema Script. Associated Blogpost https://blog.darrenjrobinson.com/using-the-new-granfeldt-fim-mim-powershell-management-features/
View schema.ps1
| $obj = New-Object -Type PSCustomObject | |
| $obj | Add-Member -Type NoteProperty -Name "Anchor-Employee ID|String" -Value "" | |
| $obj | Add-Member -Type NoteProperty -Name "objectClass|String" -Value "person" | |
| $obj | Add-Member -Type NoteProperty -Name "First Name|string" -Value "string" | |
| $obj | Add-Member -Type NoteProperty -Name "Last Name|string" -Value "string" | |
| $obj | Add-Member -Type NoteProperty -Name "Title|string" -Value "string" | |
| $obj | Add-Member -Type NoteProperty -Name "Department|string" -Value "string" | |
| $obj | Add-Member -Type NoteProperty -Name "Employee Type|string" -Value "string" | |
| $obj | Add-Member -Type NoteProperty -Name "Employment Start Date|string" -Value "string" | |
| $obj | Add-Member -Type NoteProperty -Name "Employment End Date|string" -Value "string" |
NewerOlder