Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save darrenjrobinson/483e6930a58b96c549553b864e22e633 to your computer and use it in GitHub Desktop.
Save darrenjrobinson/483e6930a58b96c549553b864e22e633 to your computer and use it in GitHub Desktop.
An AI Agent for Entra ID using PowerShell
<#
From an Admin Powershell Session install the following PowerShell Modules that are dependancies.
Install-Module -Name PShell-AI
Install-Module -Name PSAI
Install-Module Microsoft.Graph
#>
Import-Module -Name PShell-AI
Import-Module -Name PSAI
Import-Module Microsoft.Graph.Authentication
Import-Module Microsoft.Graph.Users
Import-Module Microsoft.Graph.Groups
# Enter your OpenAI API Key and export to a local file that is encrypted and secure to the user running the command and the computer it is run on.
# Use any text for the Username (e.g. OpenAIAPIKey) and the API Key as the password.
$apiKeyFile = get-item -Path .\openAIcred.xml
if (-not $apiKeyFile.Exists) {
$cred = Get-Credential
$cred | Export-Clixml .\openAIcred.xml
$env:OpenAIKey = (Import-Clixml .\openAIcred.xml).GetNetworkCredential().password
}
else {
$env:OpenAIKey = (Import-Clixml .\openAIcred.xml).GetNetworkCredential().password
}
# Create Entra ID Application Registration using app (application) permissions to Microsoft Graph API with Directory.Read.All, User.Read.All and Group.Read.All
# Enter the ClientID of the Application registration and the Client Secret created for the application registration as configured in the Azure Portal.
$entraIDKeyFile = get-item -Path .\entraIDAppCred.xml
if (-not $entraIDKeyFile.Exists) {
$entraIDcred = Get-Credential
$entraIDcred | Export-Clixml .\entraIDAppCred.xml
}
else {
$entraIDcred = Import-Clixml .\entraIDAppCred.xml
}
Try {
$tenantID = 'yourEntraIDTenantID'
Connect-MgGraph -ClientSecretCredential $entraIDcred -TenantId $tenantID
(Get-MgContext).Scopes
}
catch {
Write-Host "Failed to connect to Azure AD. Check the credentials and try again."
Write-Debug $_.Exception.Message
Exit
}
# Create an Agent to use for the Entra ID queries
# Pass Query to the Agent, analyse/display the response and execute it.
function Query-EntraID {
[CmdletBinding()]
[Alias("Entra")]
Param (
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[string]$query
)
if (-not $agent.Instructions){
$agent = New-Agent -Instructions "An agent that performs Entra ID/Azure AD queries with PowerShell for User Accounts and Groups using the Microsoft.Graph PowerShell Module. There is no need to install the module, connect to MgGraph or disconnect, just the query to get the result."
}
try {
$agentResponse = $agent | Get-AgentResponse $query
$resultMatches = [regex]::Matches($agentResponse, '(?s)powershell(.*?)```')
if ($resultMatches.count -eq 1) {
$query = $resultMatches.value.replace('powershell', '').trim()
$query = $query.replace('```', '').trim()
Clear-Host
Write-Host "Generated query ...." -ForegroundColor DarkMagenta
Write-Host -ForegroundColor Blue $query
$graphResult = Invoke-Expression $query
return $graphResult
}
else {
write-output $resultMatches.value
}
} catch {
write-host $_.Exception.Message
}
}
# Entra is an alias for Query-EntraID
Query-EntraID "Find all the accounts that have a first name that starts with A and return their ID, mail, UPN"
Entra "How many Groups are there?"
Entra "List each group and how many members they have"
Entra "how many user accounts are guests"
Entra "show the accounts that are guests"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment