Skip to content

Instantly share code, notes, and snippets.

Avatar

Jon Bryan jkbryan

View GitHub Profile
@jkbryan
jkbryan / Get-AzureNSGs.ps1
Last active Feb 8, 2019
A script to present Azure NSG's into a csv file
View Get-AzureNSGs.ps1
Connect-AzureRmAccount
$Subscription = "<Subscription-GUID>"
$LogFile = "C:\<PATH>\NSGs.csv"
If (Test-Path $Logfile) {
Clear-Content -Path $Logfile
}
Add-Content $LogFile "nsg,rule,protocol,SourcePortRange,DestinationPortRange,SourceAddressPrefix,DestinationAddressPrefix,SourceApplicationSecurityGroups,DestinationApplicationSecurityGroups,Access,Priority,Direction"
Set-AzureRmContext -Subscription $Subscription
$NSGs = Get-AzureRmNetworkSecurityGroup
foreach ($nsg in $NSGs) {
@jkbryan
jkbryan / Get-AzureRoutes.ps1
Created Feb 8, 2019
A script to present Azure Route Tables into a csv file
View Get-AzureRoutes.ps1
Connect-AzureRmAccount
$Subscription = "<Subscription-GUID>"
$LogFile = "C:\<PATH>\RouteTables.csv"
If (Test-Path $Logfile) {
Clear-Content -Path $Logfile
}
Add-Content $Logfile "Name,ResourceGroupName,Location,RouteName,Id,Etag,ProvisioningState,AddressPrefix,NextHopType,NextHopIpAddress"
Set-AzureRmContext -Subscription $Subscription
$RTs = Get-AzureRmRouteTable
ForEach ($RT in $RTs) {
@jkbryan
jkbryan / ConnectToAzureADOrAzureRM.ps1
Created Jan 30, 2019
Use the Service Principle created previosly to connect to services - Azure AD and AzureRM as examples
View ConnectToAzureADOrAzureRM.ps1
$TenantId = "<AzureADTenantID>"
$ApplicationId = "<AppID>"
$Cert=Get-ChildItem cert:\CurrentUser\My\"<CertificateThumbprint>"
# Connect to Azure AD:
Connect-AzureAD -TenantId $TenantId -ApplicationId $ApplicationId -CertificateThumbprint $Cert.Thumbprint
# e.g. Get-AzureADUsers
# Connect to AzureRM:
Connect-AzureRmAccount -CertificateThumbprint $Cert.Thumbprint -ApplicationId $ApplicationId -Tenant $TenantId -ServicePrincipal
# e.g. Get-AzureRMResourceGroup
@jkbryan
jkbryan / GrantServicePrincipleAzureSubscriptionReadAccess.ps1
Created Jan 30, 2019
Grants an Azure Service Principle READ access to the Subscription
View GrantServicePrincipleAzureSubscriptionReadAccess.ps1
$Subscription = "<Subscription-GUID>"
$ApplicationName = "<AppName>"
$ServicePrincipal = Get-AzureRMADServicePrincipal -DisplayName $ApplicationName
Set-AzureRmContext -Subscription $Subscription
$NewRole = $null
$Retries = 0;
While ($NewRole -eq $null -and $Retries -le 6) {
Sleep 15
New-AzureRMRoleAssignment -ResourceGroupName -RoleDefinitionName Reader -ServicePrincipalName $ServicePrincipal.ApplicationId | Write-Verbose -ErrorAction SilentlyContinue
$NewRole = Get-AzureRMRoleAssignment -ObjectId $ServicePrincipal.Id -ErrorAction SilentlyContinue
@jkbryan
jkbryan / CreateAzureServicePrinciple.ps1
Last active Jan 30, 2019
Creates an Azure Service Principle named <AppName> in the Subscription
View CreateAzureServicePrinciple.ps1
$Subscription = "<Subscription-GUID>"
$PathToPFXCertificate = "C:\<PATH>\<CertName>.pfx"
$PFXPassword = "<Password>"
$CertPassword = ConvertTo-SecureString $PFXPassword -AsPlainText -Force
$ApplicationName = "<AppName>"
Import-Module AzureRM.Resources
Connect-AzureRmAccount
Set-AzureRmContext -Subscription $Subscription
$PFXCert = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList @($PathToPFXCertificate, $CertPassword)
$KeyValue = [System.Convert]::ToBase64String($PFXCert.GetRawCertData())
@jkbryan
jkbryan / openssl.cfg
Last active Jan 8, 2019
Basic OpenSSL configuration file for generating server authentication SSL certificates
View openssl.cfg
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
View logging-example.vb
'Within the "Public Class MAExtensionObject" section, add:
'Date & Logginglevel variables for logging files:
Dim dtDateNowDay As Integer = Date.Now.Day
Dim dtDateNowMonth As Integer = Date.Now.Month
Dim dtDateNowYear As Integer = Date.Now.Year
Dim loggingLevel As Integer = 0
'================================================
'With the Sub or Function that you want logging - e.g. "Public Sub MapAttributesForImport"
Dim dtFileTime As DateTime
'Define Logfile Name then setup the logfile
@jkbryan
jkbryan / santizing-employeeenddate.vb
Created Oct 2, 2018
santizing-employeeenddate.vb
View santizing-employeeenddate.vb
Case "employeeEndDate-CDRMA-PA-Import"
'CDR attributes required are: EndDate
'Code to define the employeeEndDate in the MV and Portal - needs to be in the correct format!
Dim dtFileTime As DateTime
If csentry("EndDate").IsPresent Then
dtFileTime = DateTime.Parse(csentry("EndDate").Value).Date
'Convert to the date/time string format that the Portal requires:
Dim employeeEndDate As String = dtFileTime.ToLocalTime.ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.000'")
Dim arremployeeEndDate As String() = Split(employeeEndDate, "T")
employeeEndDate = arremployeeEndDate(0) & "T23:59:59.000"
@jkbryan
jkbryan / filterfordisconnection-example.vb
Created Oct 2, 2018
filterfordisconnection-example.vb
View filterfordisconnection-example.vb
Public Function FilterForDisconnection(ByVal csentry As CSEntry) As Boolean Implements IMASynchronization.FilterForDisconnection
'Filter to prevent those who are not being returned by the CDR FIM View from being presented by this table (which contains lots of historical data!)
Dim dtFileTime As DateTime
Dim dtDateNow As DateTime = Date.Now
'CS attributes required are: pid, enddate
If csentry("pid").IsPresent And csentry("enddate").IsPresent Then
dtFileTime = DateTime.Parse(csentry("EndDate").Value).AddDays(190)
If dtFileTime <= dtDateNow Then
'employeeEndDate has passed, so disconnect
FilterForDisconnection = True
View boolean-flag-setting-example.vb
Case "functionalIDFlag-ADMA-Import"
If csentry.DN.ToString.ToLower.Contains("functional") Then
mventry("functionalID").Value = "True"
ElseIf csentry.DN.ToString.ToLower.Contains("ou=fim") Then
mventry("functionalID").Value = "True"
ElseIf csentry("employeeID").IsPresent Or csentry("stfc-pid").IsPresent Then
'Real users - e.g. those created by the User Office process and those historical users no longer in CDR
mventry("functionalID").Value = "False"
Else
Throw New Exception("FunctionalID flag setting for: " & csentry.DN.ToString.ToLower)