Darren Robinson darrenjrobinson
darrenjrobinson
/ AAD User B2B Guest Federation Report.ps1
Last active
July 13, 2021 20:52
Query Azure Service Management with an Azure AD Member Account to report on tenants the AAD User is federated to as a B2B Guest User. Associated blogpost https://blog.darrenjrobinson.com/azure-ad-user-account-federation-report
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Import-Module MSAL.PS | |
| Import-Module AzureADTenantID | |
| # Use the Azure PowerShell Well-Known Client ID | |
| $clientID = "1950a258-227b-4e31-a9cf-717495945fc2" | |
| # Get UserUPN | |
| $userUPN = Read-Host -Prompt "Please enter Azure AD User UPN" | |
| $tenantName = $userUPN.Split("@")[1] | |
| $tenantID = Get-AzureADTenantId -domain $tenantName |
darrenjrobinson
/ run.ps1
Last active
June 1, 2021 21:06
Azure AD PowerShell Function to query Azure AD for a User to get their full object and their group memberships then send a summary email via SendGrid. Associated Blogpost https://blog.darrenjrobinson.com/subscribing-to-azure-ad-change-notifications-with-powershell/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using namespace System.Net | |
| # Input bindings are passed in via param block. | |
| param($Request, $TriggerMetadata) | |
| # Write to the Azure Functions log stream. | |
| Write-Host "PowerShell AzureAD Query HTTP trigger function received a request." | |
| Write-Host $Request.Body | |
| # Write-Host $Request.Query |
darrenjrobinson
/ run.ps1
Last active
June 1, 2021 21:06
Azure PowerShell Function to renew a Azure AD Change Notification Subscription. Associated Blogpost https://blog.darrenjrobinson.com/subscribing-to-azure-ad-change-notifications-with-powershell/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Input bindings are passed in via param block. | |
| param($Timer) | |
| # Get the current universal time in the default string format | |
| $currentUTCtime = (Get-Date).ToUniversalTime() | |
| # The 'IsPastDue' porperty is 'true' when the current function invocation is later than scheduled. | |
| if ($Timer.IsPastDue) { | |
| Write-Host "PowerShell timer is running late!" | |
| } |
darrenjrobinson
/ run.ps1
Last active
June 1, 2021 21:07
Azure PowerShell Function to receive and validate Azure AD Change Notification Subscriptions. Associated Blogpost https://blog.darrenjrobinson.com/subscribing-to-azure-ad-change-notifications-with-powershell/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using namespace System.Net | |
| # Input bindings are passed in via param block. | |
| param($Request, $TriggerMetadata) | |
| # Write to the Azure Functions log stream. | |
| Write-Host "PowerShell HTTP trigger function received a new Azure AD Change Notification." | |
| # Convert Notification Details to a PSObject | |
| $objNotification = ($Request.RawBody | convertfrom-json).value |
darrenjrobinson
/ Create Azure AD Change Notification Subscription.ps1
Last active
June 1, 2021 21:07
Create a new Azure AD Change Notification Subscription for the 'User' ObjectClass and forward events to an Azure PowerShell Function. Associated Blogpost https://blog.darrenjrobinson.com/subscribing-to-azure-ad-change-notifications-with-powershell/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Notifidcation Configuration | |
| $expiryMaxLength = 3 | |
| $expiryHours = ($expiryMaxLength * 24) / 2 | |
| $clientStateValue = New-Guid | |
| $notificationExpiry = (get-date).addHours($expiryHours).ToUniversalTime() | |
| $utcExpiry = get-date $notificationExpiry -Format yyyy-MM-ddThh:mm:ss.0000000Z | |
| # AAD User and Application Configuration | |
| $graphAutomationClientID = "azureADApplicationClientID" | |
| $graphAutomationSecret = "azureADApplicationSecret" |
darrenjrobinson
/ ValidateYubiKey-SingleFactor v2.ps1
Created
April 14, 2021 05:54
v2 PowerShell Script to validate YubiKey using Single Factor. Associated Blogpost https://blog.darrenjrobinson.com/validating-a-yubico-yubikeys-one-time-password-otp-using-single-factor-authentication-and-powershell/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Clear-Host | |
| # Client ID obtained after registering here https://upgrade.yubico.com/getapikey/ | |
| $clientID = '12345' | |
| # Read in the key | |
| $getKey = Read-Host 'Insert your YubiKey and touch it until the OTP is received (~2 seconds)' | |
| $credentialID = $getKey.Substring(0, 12) | |
| # Generate a Nonce | |
| $nonce = -join ((65..90) + (97..122) | Get-Random -Count 32 | ForEach-Object { [char]$_ }) | |
| $nonce = $nonce.ToLower() |
darrenjrobinson
/ AADAuth_MSAL_Python.py
Last active
April 15, 2021 01:49
Microsoft Graph using MSAL with Python and Certificate Authentication. Associated blogpost https://blog.darrenjrobinson.com/microsoft-graph-using-msal-with-python-and-certificate-authentication/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import msal | |
| import jwt | |
| import json | |
| import sys | |
| import requests | |
| from datetime import datetime | |
| global accessToken | |
| global requestHeaders | |
| global tokenExpiry |
darrenjrobinson
/ import.ps1
Last active
April 1, 2021 04:50
Using the new Granfeldt FIM/MIM PowerShell Management Features - Import Script. Associated Blogpost https://blog.darrenjrobinson.com/using-the-new-granfeldt-fim-mim-powershell-management-features/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param ( | |
| $Username, | |
| $Password, | |
| $Credentials, | |
| $AuxUsername, | |
| $AuxPassword, | |
| $AuxCredentials, | |
| $ConfigurationParameter, | |
| $OperationType, | |
| [bool] $usepagedimport, |
darrenjrobinson
/ schema.ps1
Last active
April 1, 2021 04:51
Using the new Granfeldt FIM/MIM PowerShell Management Features - Schema Script. Associated Blogpost https://blog.darrenjrobinson.com/using-the-new-granfeldt-fim-mim-powershell-management-features/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $obj = New-Object -Type PSCustomObject | |
| $obj | Add-Member -Type NoteProperty -Name "Anchor-Employee ID|String" -Value "" | |
| $obj | Add-Member -Type NoteProperty -Name "objectClass|String" -Value "person" | |
| $obj | Add-Member -Type NoteProperty -Name "First Name|string" -Value "string" | |
| $obj | Add-Member -Type NoteProperty -Name "Last Name|string" -Value "string" | |
| $obj | Add-Member -Type NoteProperty -Name "Title|string" -Value "string" | |
| $obj | Add-Member -Type NoteProperty -Name "Department|string" -Value "string" | |
| $obj | Add-Member -Type NoteProperty -Name "Employee Type|string" -Value "string" | |
| $obj | Add-Member -Type NoteProperty -Name "Employment Start Date|string" -Value "string" | |
| $obj | Add-Member -Type NoteProperty -Name "Employment End Date|string" -Value "string" |
darrenjrobinson
/ Microsoft Graph using MSAL with Python and Delegated Permissions.py
Last active
May 1, 2023 13:59
Microsoft Graph using MSAL with Python and Delegated Permissions using a persistent local MSAL Cache. Associated Blogpost https://blog.darrenjrobinson.com/microsoft-graph-using-msal-with-python-and-delegated-permissions/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import msal | |
| import jwt | |
| import json | |
| import sys | |
| import requests | |
| from datetime import datetime | |
| from msal_extensions import * | |
| graphURI = 'https://graph.microsoft.com' | |
| tenantID = 'yourTenantID' |