Last active
June 1, 2021 21:06
-
-
Save darrenjrobinson/2785b17783a041a6809046583ec09afd to your computer and use it in GitHub Desktop.
Azure PowerShell Function to renew a Azure AD Change Notification Subscription. Associated Blogpost https://blog.darrenjrobinson.com/subscribing-to-azure-ad-change-notifications-with-powershell/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Input bindings are passed in via param block. | |
param($Timer) | |
# Get the current universal time in the default string format | |
$currentUTCtime = (Get-Date).ToUniversalTime() | |
# The 'IsPastDue' porperty is 'true' when the current function invocation is later than scheduled. | |
if ($Timer.IsPastDue) { | |
Write-Host "PowerShell timer is running late!" | |
} | |
write-host "AUTHSTRING: grant_type=password&resource=https://graph.microsoft.com&client_id=$($env:graphAutomationClientID)&username=$($env:graphAutomationUserUPN)&password=$($env:graphAutomationUserPWD)&client_secret=$($env:graphAutomationSecret)" | |
# Get a new Access Token | |
$delegatedToken = (Invoke-RestMethod -uri "https://login.microsoftonline.com/$($env:graphAutomationTenantID)/oauth2/token" ` | |
-Method Post ` | |
-Headers @{"Content-Type" = "application/x-www-form-urlencoded"} ` | |
-Body "grant_type=password&resource=https://graph.microsoft.com&client_id=$($env:graphAutomationClientID)&username=$($env:graphAutomationUserUPN)&password=$($env:graphAutomationUserPWD)&client_secret=$($env:graphAutomationSecret)").access_token | |
write-host "DELEGATEDTOKEN: `r`n $($delegatedToken)" | |
# Get AAD Change Notification Subscription | |
$usersNotificationSubscription = Invoke-RestMethod -method GET ` | |
-uri "https://graph.microsoft.com/v1.0/subscriptions/$($env:notificationSubscriptionID)" ` | |
-Headers @{Authorization = "Bearer $($delegatedToken)"; "content-type" = "application/json" } | |
write-host "SUBSCRIPTIONExpiry: $($usersNotificationSubscription.expirationDateTime)" | |
write-host "SUBSCRIPTIONClientState: $($usersNotificationSubscription.clientState)" | |
# Update Subscription | |
$expiryMaxLength = 3 | |
$expiryHours = ($expiryMaxLength * 24) / 2 | |
$notificationExpiry = (get-date).addHours($expiryHours).ToUniversalTime() | |
$utcExpiry = get-date $notificationExpiry -Format yyyy-MM-ddThh:mm:ss.0000000Z | |
$updateSubscriptionBody = @{ | |
expirationDateTime = $utcExpiry | |
} | |
$extendUserNotificationSubscription = Invoke-RestMethod -method PATCH ` | |
-Uri "https://graph.microsoft.com/v1.0/subscriptions/$($env:notificationSubscriptionID)" ` | |
-body ($updateSubscriptionBody | convertTo-json) ` | |
-Headers @{Authorization = "Bearer $($delegatedToken)"; "content-type" = "application/json"} | |
write-host "NEW_SUBSCRIPTIONExpiry: $($extendUserNotificationSubscription.expirationDateTime)" | |
write-host "VALIDATE_SUBSCRIPTIONClientState: $($extendUserNotificationSubscription.clientState)" | |
# Write an information log with the current time. | |
Write-Host "PowerShell timer trigger function ran! TIME: $currentUTCtime" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment