Last active
July 9, 2020 21:08
-
-
Save darrenjrobinson/9014e0557029c10a7f9abd278689f80d to your computer and use it in GitHub Desktop.
Connect to AAD via a AAD Registered WebApp leveraging AzureADUtils or AzureAD PS ADAL Modules and a Certificate. Associated blogpost https://blog.darrenjrobinson.com/creating-an-azuread-webapp-using-powershell-to-leverage-certificate-based-authentication/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# AzureAD Tenant, WebApp and Cert details | |
$appId = 'a8659035-d8ac-4c5a-a6f2-copiedfromApp&CertCreationScript' | |
$appObjectId = 'e85499b7-a46e-44c5-9716-copiedfromApp&CertCreationScript' | |
$resource = "https://graph.windows.net" | |
$tenantId = "ba7d6538-9c5f-4561-a189-copiedfromApp&CertCreationScript" | |
$certThumbprint = "5258B9B417A12F211E579D5236BD6C57DEDC7BB7" | |
$x509cert = Get-ChildItem "cert:\localmachine\my" | ? { $_.Thumbprint -eq $certThumbprint } | Select-Object -First 1 | |
Import-Module AzureADUtils | |
Import-Module AzureAD | |
# Connect using PowerShell Modules with the Certificate via the App | |
Connect-AzureAD -TenantId $tenantId -ApplicationId $appId -CertificateThumbprint $certThumbprint | |
$AADusers = Get-AzureADUser | |
$AADusers.Count | |
# Connect to GraphAPI via the AzureADUtils PS Module | |
$accesstoken = Get-AzureADGraphAPIAccessTokenFromCert -Certificate $x509cert -ClientId $appId -TenantDomain $tenantId | |
# Query via GraphAPI and the AzureADUtils PS Module | |
$users = Invoke-AzureADGraphAPIQuery -AccessToken $accesstoken -TenantDomain $tenantId -GraphQuery "/users?api-version=1.6" | |
$users.count | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment