Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
PowerShell-UI-O365Utils
/**
* getO365PSInitCommands()
*
* Returns an array of Powershell initialization commands suitable
* for setting up shells spawned with StatefulProcessCommandProxy
* to be able to establish a remote PSSession with o365
*
* @see https://github.com/bitsofinfo/powershell-credential-encryption-tools
*
* This function takes the full path to:
* - decryptUtil.ps1 from the project above
* - path the encrypted credentials file generated with decryptUtil.ps1
* - path to the secret key needed to decrypt the credentials
*
* In addition there are parameter to define the PSSessionOption timeouts
*
* Note this is just an example (which works) however you may want to
* replace this with your own set of init command tailored to your specific
* use-case
*
* @see the getO365PSDestroyCommands() below for the corresponding cleanup
* commands for these init commands
*/
module.exports.getO365PSInitCommands = function(pathToDecryptUtilScript,
pathToCredsFile,
pathToRPSCredsFile,
pathToKeyFile,
openTimeout,
operationTimeout,
idleTimeout) {
return [
// #0 Encoding UTF8
'chcp 65001',
'$OutputEncoding = [System.Text.Encoding]::GetEncoding(65001)',
// #1 import some basics
'Import-Module AzureADPreview',
'Import-Module lithnetrma',
// #2 source the decrypt utils script
// https://github.com/bitsofinfo/powershell-credential-encryption-tools/blob/master/decryptUtil.ps1
('. ' + pathToDecryptUtilScript),
// #3 invoke decrypt2PSCredential to get the PSCredential object
// this function is provided by the sourced file above
('$PSCredential = decrypt2PSCredential ' + pathToCredsFile + ' ' + pathToKeyFile),
('$RPSPSCredential = decrypt2PSCredential ' + pathToRPSCredsFile + ' ' + pathToKeyFile),
// #4+ establish the session to the MIM Sync Server
('$sessionOpt = New-PSSessionOption –SkipCACheck –SkipCNCheck –SkipRevocationCheck -OpenTimeout '+openTimeout+' -OperationTimeout '+operationTimeout+' -IdleTimeout ' + idleTimeout),
'$session = New-PSSession -ConnectionUri "https://mymimsyncserver:5986/WSMAN" -SessionOption $sessionOpt -Credential $RPSPSCredential',
// Connect to the MIM Service
'Set-ResourceManagementClient -BaseAddress "http://mymimserviceserver:5725" -Credentials $RPSPSCredential',
// #5 import the LithnetMIISAutomation Module
'Import-PSSession $session -module LithnetMiisAutomation',
// #6 connect to AzureAD
'Login-AzureRmAccount -Credential $PSCredential',
'Connect-AzureAD -Credential $PSCredential',
// #7 cleanup
'Remove-Variable -Force -ErrorAction SilentlyContinue $PSCredential',
'Remove-Variable -Force -ErrorAction SilentlyContinue $RPSPSCredential'
]
}
/**
* Destroy commands that correspond to the session
* established w/ the initCommands above
*/
module.exports.getO365PSDestroyCommands = function() {
return [
'Get-PSSession | Remove-PSSession',
'Remove-PSSession -Session $session'
// 'Remove-Module MIISAutomation'
]
}
/**
* Some example blacklisted commands
*/
module.exports.getO365BlacklistedCommands = function() {
return [
{'regex':'.*Invoke-Expression.*', 'flags':'i'},
{'regex':'.*ScriptBlock.*', 'flags':'i'},
{'regex':'.*Get-Acl.*', 'flags':'i'},
{'regex':'.*Set-Acl.*', 'flags':'i'},
{'regex':'.*Get-Content.*', 'flags':'i'},
{'regex':'.*-History.*', 'flags':'i'},
{'regex':'.*Out-File.*', 'flags':'i'}
]
}
/**
* Configuration auto invalidation, checking PSSession availability
* @param checkIntervalMS
*/
module.exports.getO365AutoInvalidationConfig = function(checkIntervalMS) {
return {
'checkIntervalMS': checkIntervalMS,
'commands': [
// no remote pssession established? invalid!
{ 'command': 'Get-PSSession',
'regexes': {
'stdout' : [ {'regex':'.*Opened.*', 'flags':'i', 'invalidOn':'noMatch'}]
}
}]
};
}
/**
* Defines a registry of Powershell commands
* that can be injected into the PSCommandService
* instance.
*
* Note these are just some example configurations specifically for a few
* o365 functions and limited arguments for each, (they work) however you may want to
* replace this with your own set of init command tailored to your specific
* use-case
*/
var o365CommandRegistry = {
/*******************************
*
* o365 Powershell Command registry
*
* argument properties (optional):
* - quoted: true|false, default true
* - valued: true|false, default true
* - default: optional default value (only if valued..)
*
* return properties:
* type: none, text or json are valid values
*
********************************/
/*******************************
* AzureADPreview
********************************/
'Get-AzureADGroup': {
'command': 'Get-AzureADGroup {{{arguments}}} | ConvertTo-Json',
'arguments': {
'searchstring': {},
'objectID': {},
'top': {},
'filter': {}
},
'return': { type: 'json' }
},
'Get-AzureADUser': {
'command': 'Get-AzureADUser {{{arguments}}} | ConvertTo-Json',
'arguments': {
'searchstring': {},
'objectID': {},
'top': {},
'filter': {}
},
'return': { type: 'json' }
},
/*******************************
* Lithnet Resource Management
********************************/
'Get-Resource': {
'command': 'Get-Resource {{{arguments}}} | ConvertTo-Json',
'arguments': {
'ObjectType': {'string': 'Person'},
'AttributeName': {'string': 'FirstName'},
'AttributeValue': {'string': 'Darren'},
'AttributesToGet': {'string': 'displayname,location'},
'Locale': {}
},
'return': { type: 'json' }
},
/*******************************
* Lithnet MIIS Automation
********************************/
'Get-MAStatistics': {
'command': 'Get-MAStatistics {{{arguments}}} | ConvertTo-Json',
'arguments': {
'MA ': {'string': 'AD MA'}
},
'return': { type: 'json' }
},
'Get-MVObject': {
'command': 'Get-MVObject {{{arguments}}} | ConvertTo-Json',
'arguments': {
'ObjectType ': {'string': 'Person'},
'Attribute ': {'string': 'uid'},
'Value ': {'string': 'darrenjrobinson'},
'ID ': {},
'Queries ': {},
'Collation ': {}
},
'return': { type: 'json' }
},
};
module.exports.o365CommandRegistry = o365CommandRegistry;
/**
* Some example whitelisted commands
* (only permit) what is in the registry
*/
module.exports.getO365WhitelistedCommands = function() {
var whitelist = [];
for (var cmdName in o365CommandRegistry) {
var config = o365CommandRegistry[cmdName];
var commandStart = config.command.substring(0,config.command.indexOf(' ')).trim();
whitelist.push({'regex':'^'+commandStart+'\\s+.*', 'flags':'i'});
}
return whitelist;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment