Last active
December 1, 2018 22:13
-
-
Save darrenjrobinson/4b3bb59fa759b0b4468b7c0c2d32f2aa to your computer and use it in GitHub Desktop.
Goodbye Set-MsolUser, Hello Set-AzureADUser & Azure Graph API. Associated blog post is located here https://blog.darrenjrobinson.com/goodbye-set-msoluser-hello-set-azureaduser-azure-graph-api/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Get the AD AuthN Lib | |
Load the Active Directory Authentication Library | |
Microsoft.IdentityModel.Clients.ActiveDirectory.dll | |
#> | |
# the default path to where the ADAL GraphAPI PS Module puts the Libs | |
Add-Type -Path 'C:\Program Files\WindowsPowerShell\Modules\AzureADPreview\1.1.143.0\Microsoft.IdentityModel.Clients.ActiveDirectory.dll' | |
<# | |
Create the AuthenticationContext object | |
#> | |
$authenticationContext = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext -ArgumentList @( | |
'https://login.windows.net/common' #authority | |
$false #validateAuthority | |
) | |
<# | |
Create the AuthenticationResult object | |
Resource is the Graph API Endpoint | |
Client ID is for Azure PowerShell ("1950a258-227b-4e31-a9cf-717495945fc2"). It's hard coded in the Azure Powershell module and can be used to authenticate PowerShell scripts to Azure AD when they invoke the Azure Management APIs directly | |
Redirect URI is for Azure PowerShell | |
#> | |
$resource = "https://graph.windows.net" | |
$clientId = "1950a258-227b-4e31-a9cf-717495945fc2" | |
$redirectUri = [uri]"urn:ietf:wg:oauth:2.0:oob" | |
$authenticationResult = $authenticationContext.AcquireToken($resource, $clientId, $redirectUri) | |
<# | |
Get all users | |
#> | |
$users = Invoke-RestMethod -Method Get -Headers @{ | |
Authorization = $authenticationResult.CreateAuthorizationHeader() | |
'Content-Type' = "application/json" | |
} -Uri ('https://graph.windows.net/{0}/users?api-version=1.6' -f $authenticationResult.TenantId) | |
<# | |
Get a user by UPN | |
#> | |
$upnuser = Invoke-RestMethod -Method Get -Headers @{ | |
Authorization = $authenticationResult.CreateAuthorizationHeader() | |
'Content-Type' = "application/json" | |
} -Uri ('https://graph.windows.net/{0}/users/skollegger@live.darrenjrobinson.info?api-version=1.6' -f $authenticationResult.TenantId) | |
# Get User by UPN and by Variable | |
$userupnurl = "https://graph.windows.net/{0}/users/"+$upnuser.userPrincipalName+'?api-version=1.6' | |
$user = Invoke-RestMethod -Method Get -Headers @{ | |
Authorization = $authenticationResult.CreateAuthorizationHeader() | |
'Content-Type' = "application/json" | |
} -Uri ($userupnurl -f $authenticationResult.TenantId) | |
# Change a users Country and Department Attrs | |
$body = @{ | |
country = 'Australia' | |
department = 'Science' | |
} | |
$postbody = $body | ConvertTo-Json | |
# Update User by UPN and by Variable | |
$userupnurl = "https://graph.windows.net/{0}/users/"+$upnuser.userPrincipalName+'?api-version=1.6' | |
$user = Invoke-RestMethod -Method Patch -Headers @{ | |
Authorization = $authenticationResult.CreateAuthorizationHeader() | |
'Content-Type' = "application/json" | |
} -body $postbody -Uri ($userupnurl -f $authenticationResult.TenantId) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment