Created
August 9, 2016 11:10
-
-
Save darrenjrobinson/5ff68dcc5485b6e15ea2d8b2d532718a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Adding the AD AuthN library to your PowerShell Session. | |
# the default path to where the ADAL GraphAPI PS Module puts the Libs | |
Add-Type -Path 'C:\Program Files\WindowsPowerShell\Modules\AzureADPreview\1.1.143.0\Microsoft.IdentityModel.Clients.ActiveDirectory.dll' | |
# Your Azure tenant name | |
$tenantID = "mydomain.com.au" | |
$authString = "https://login.microsoftonline.com/$tenantID" | |
# username and password. The username must be MFA disabled user Admin at least, and must not be a live id. | |
$username = "doc@mydomain.com.au" | |
$password = "S3cretSqu1rr3l" | |
# The resource URI for your token. | |
$resource = "https://graph.windows.net/" | |
# Object Type (eg. Users, Groups, Contacts) | |
$object = "users" | |
# Account Enabled is False | |
# $Searchfilter ="`$filter=accountEnabled eq false" | |
# Account Enabled is True | |
# $Searchfilter ="`$filter=accountEnabled eq true" | |
# Account Enabled is true AND displayName starts with Darren | |
$Searchfilter ="`$filter=accountEnabled eq true and startswith(displayName,'Darren')" | |
# This is the powershell common client id. | |
$client_id = "1950a258-227b-4e31-a9cf-717495945fc2" | |
# Create a client credential with the above common client id, username and password. | |
$creds = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" ` | |
-ArgumentList $username,$password | |
# Create a authentication context with the above authentication string. | |
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" ` | |
-ArgumentList $authString | |
# Acquire access token from server. | |
$authenticationResult = $authContext.AcquireToken($resource,$client_id,$creds) | |
# Use the access token to setup headers for your http request. | |
$authHeader = $authenticationResult.AccessTokenType + " " + $authenticationResult.AccessToken | |
$headers = @{"Authorization"=$authHeader; "Content-Type"="application/json"} | |
# URI to get first 999 objects | |
$url = "https://graph.windows.net/{0}/$($object)?`$top=999&$($Searchfilter)&api-version=1.6" | |
# URI to page remainder of objects | |
$url2 = "$resource$tenantId/" | |
# Get the first 999 objects | |
$query = Invoke-RestMethod -Method Get -Headers @{ | |
Authorization = $authenticationResult.CreateAuthorizationHeader() | |
'Content-Type' = "application/json" | |
} -Uri ($url -f $authenticationResult.TenantId) | |
# An Array for the retuned objects to go into | |
$tenantObjects = @() | |
# Add in our first 999 objects | |
$tenantObjects += $query.value | |
$moreObjects = $query | |
$query.value.Count | |
# Get all the remaining objects in 999 batches | |
if ($query.'odata.nextLink'){ | |
$moreObjects.'odata.nextLink' = $query.'odata.nextLink' | |
do | |
{ | |
$moreObjects = Invoke-RestMethod -Method Get -Headers @{ | |
Authorization = $authenticationResult.CreateAuthorizationHeader() | |
'Content-Type' = "application/json" | |
} -Uri ($url2+$moreObjects.'odata.nextLink'+'&$top=999&api-version=1.6' -f $authenticationResult.TenantId) | |
$moreObjects.value.count | |
$tenantObjects += $moreObjects.value | |
$tenantObjects.Count | |
} while ($moreObjects.'odata.nextLink') | |
} | |
$tenantObjects.Count | |
$tenantObjects | Out-GridView |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment