darrenjrobinson/Create Self Signed Cert and AAD App.ps1

## Create Self Signed Cert and AAD App.ps1
# Create a new self signed cert
$currentDate = Get-Date
$endDate = $currentDate.AddYears(10)
$notAfter = $endDate.AddYears(10)
$pwd = "P@SSW0rd1"
$myCert= New-SelfSignedCertificate -CertStoreLocation Microsoft.PowerShell.Security\Certificate::currentuser\my -DnsName mydev.mim.azure -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter $notAfter
# get thumbprint from Cert generated in line above
$thumbprint = 'fa782440c99cf86063b93e690f6df0ffakefakefake'

$pwd = ConvertTo-SecureString -String $pwd -Force -AsPlainText
Export-PfxCertificate -cert "cert:\localmachine\my\$thumbprint" -FilePath C:\temp\oAuth\CertBased\AzureAppsCert.pfx -Password $pwd

# Get the certificate
$x509cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("C:\temp\oAuth\CertBased\AzureAppsCert.pfx", $pwd)
$keyValue = [System.Convert]::ToBase64String($x509cert.GetRawCertData())
$keyId = [guid]::NewGuid()
Import-Module AzureRM.Resources
$keyCreds = New-Object  Microsoft.Azure.Graph.RBAC.Version1_6.ActiveDirectory.PSADKeyCredential
$keyCreds.StartDate = $currentDate
$keyCreds.EndDate= $endDate
$keyCreds.KeyId = $keyId
$keyCreds.CertValue = $keyValue
$keyCreds

# Login to Azure PowerShell
Import-Module AzureRM
$user = "admin@my.aadtenant.com"
$pass = "P@ssw0rd1"
$pass = ConvertTo-SecureString -String $pass -Force -AsPlainText
$creds =  new-object -typename System.Management.Automation.PSCredential -argumentlist $user,$pass
$azureRM = Login-AzureRmAccount -Credential $creds

# Create the Azure AD App
$aadApp = New-AzureRmADApplication -DisplayName "AzureAD Scripts" -HomePage "https://localhost" -IdentifierUris "https://localhost" -KeyCredentials $keyCreds

# Create the Service Principal and connect it to the Application
New-AzureRmADServicePrincipal -ApplicationId $aadApp.ApplicationId

# Trigger GUI AuthN. Sign in as an Admin and accept the oAuth2 Permission Authorizations
Get-AzureADGraphAPIAccessTokenFromUser -ClientId $aadApp.ApplicationId -RedirectUri https://localhost -TenantDomain $azureRM.Context.Tenant.id

# Run these one by one to copy out the key variables to the clipboard to copy into our Connection Script.
$aadApp.ObjectId | clip
$aadApp.ApplicationId | clip
$thumbprint | clip
$azureRM.Context.Tenant.id | clip
	# Create a new self signed cert
	$currentDate = Get-Date
	$endDate = $currentDate.AddYears(10)
	$notAfter = $endDate.AddYears(10)
	$pwd = "P@SSW0rd1"
	$myCert= New-SelfSignedCertificate -CertStoreLocation Microsoft.PowerShell.Security\Certificate::currentuser\my -DnsName mydev.mim.azure -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter $notAfter
	# get thumbprint from Cert generated in line above
	$thumbprint = 'fa782440c99cf86063b93e690f6df0ffakefakefake'

	$pwd = ConvertTo-SecureString -String $pwd -Force -AsPlainText
	Export-PfxCertificate -cert "cert:\localmachine\my\$thumbprint" -FilePath C:\temp\oAuth\CertBased\AzureAppsCert.pfx -Password $pwd

	# Get the certificate
	$x509cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("C:\temp\oAuth\CertBased\AzureAppsCert.pfx", $pwd)
	$keyValue = [System.Convert]::ToBase64String($x509cert.GetRawCertData())
	$keyId = [guid]::NewGuid()
	Import-Module AzureRM.Resources
	$keyCreds = New-Object Microsoft.Azure.Graph.RBAC.Version1_6.ActiveDirectory.PSADKeyCredential
	$keyCreds.StartDate = $currentDate
	$keyCreds.EndDate= $endDate
	$keyCreds.KeyId = $keyId
	$keyCreds.CertValue = $keyValue
	$keyCreds

	# Login to Azure PowerShell
	Import-Module AzureRM
	$user = "admin@my.aadtenant.com"
	$pass = "P@ssw0rd1"
	$pass = ConvertTo-SecureString -String $pass -Force -AsPlainText
	$creds = new-object -typename System.Management.Automation.PSCredential -argumentlist $user,$pass
	$azureRM = Login-AzureRmAccount -Credential $creds

	# Create the Azure AD App
	$aadApp = New-AzureRmADApplication -DisplayName "AzureAD Scripts" -HomePage "https://localhost" -IdentifierUris "https://localhost" -KeyCredentials $keyCreds

	# Create the Service Principal and connect it to the Application
	New-AzureRmADServicePrincipal -ApplicationId $aadApp.ApplicationId

	# Trigger GUI AuthN. Sign in as an Admin and accept the oAuth2 Permission Authorizations
	Get-AzureADGraphAPIAccessTokenFromUser -ClientId $aadApp.ApplicationId -RedirectUri https://localhost -TenantDomain $azureRM.Context.Tenant.id

	# Run these one by one to copy out the key variables to the clipboard to copy into our Connection Script.
	$aadApp.ObjectId \| clip
	$aadApp.ApplicationId \| clip
	$thumbprint \| clip
	$azureRM.Context.Tenant.id \| clip