Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Goodbye Set-MsolUser, Hello Set-AzureADUser & Azure Graph API. Associated blog post is located here https://blog.darrenjrobinson.com/goodbye-set-msoluser-hello-set-azureaduser-azure-graph-api/
<#
Get the AD AuthN Lib
Load the Active Directory Authentication Library
Microsoft.IdentityModel.Clients.ActiveDirectory.dll
#>
# the default path to where the ADAL GraphAPI PS Module puts the Libs
Add-Type -Path 'C:\Program Files\WindowsPowerShell\Modules\AzureADPreview\1.1.143.0\Microsoft.IdentityModel.Clients.ActiveDirectory.dll'
<#
Create the AuthenticationContext object
#>
$authenticationContext = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext -ArgumentList @(
'https://login.windows.net/common' #authority
$false #validateAuthority
)
<#
Create the AuthenticationResult object
Resource is the Graph API Endpoint
Client ID is for Azure PowerShell ("1950a258-227b-4e31-a9cf-717495945fc2"). It's hard coded in the Azure Powershell module and can be used to authenticate PowerShell scripts to Azure AD when they invoke the Azure Management APIs directly
Redirect URI is for Azure PowerShell
#>
$resource = "https://graph.windows.net"
$clientId = "1950a258-227b-4e31-a9cf-717495945fc2"
$redirectUri = [uri]"urn:ietf:wg:oauth:2.0:oob"
$authenticationResult = $authenticationContext.AcquireToken($resource, $clientId, $redirectUri)
<#
Get all users
#>
$users = Invoke-RestMethod -Method Get -Headers @{
Authorization = $authenticationResult.CreateAuthorizationHeader()
'Content-Type' = "application/json"
} -Uri ('https://graph.windows.net/{0}/users?api-version=1.6' -f $authenticationResult.TenantId)
<#
Get a user by UPN
#>
$upnuser = Invoke-RestMethod -Method Get -Headers @{
Authorization = $authenticationResult.CreateAuthorizationHeader()
'Content-Type' = "application/json"
} -Uri ('https://graph.windows.net/{0}/users/skollegger@live.darrenjrobinson.info?api-version=1.6' -f $authenticationResult.TenantId)
# Get User by UPN and by Variable
$userupnurl = "https://graph.windows.net/{0}/users/"+$upnuser.userPrincipalName+'?api-version=1.6'
$user = Invoke-RestMethod -Method Get -Headers @{
Authorization = $authenticationResult.CreateAuthorizationHeader()
'Content-Type' = "application/json"
} -Uri ($userupnurl -f $authenticationResult.TenantId)
# Change a users Country and Department Attrs
$body = @{
country = 'Australia'
department = 'Science'
}
$postbody = $body | ConvertTo-Json
# Update User by UPN and by Variable
$userupnurl = "https://graph.windows.net/{0}/users/"+$upnuser.userPrincipalName+'?api-version=1.6'
$user = Invoke-RestMethod -Method Patch -Headers @{
Authorization = $authenticationResult.CreateAuthorizationHeader()
'Content-Type' = "application/json"
} -body $postbody -Uri ($userupnurl -f $authenticationResult.TenantId)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.