Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
param
(
[Parameter(Mandatory=$true, HelpMessage="Enter Azure Subscription name. You need to be Subscription Admin to execute the script")]
[string] $subscriptionName,
[Parameter(Mandatory=$true, HelpMessage="Provide a password for SPN application that you would create")]
[string] $password,
[Parameter(Mandatory=$false, HelpMessage="Provide a SPN role assignment")]
[string] $spnRole = "owner"
)
#Initialize
$ErrorActionPreference = "Stop"
$VerbosePreference = "SilentlyContinue"
if([system.text.RegularExpressions.regex]::match($ENV:username, "^[a-zA-Z0-9]+$").Success -eq $false){
Write-Host 'replace $username inital value except ANK charactors'
return
}
$userName = $ENV:username
$newguid = [guid]::NewGuid()
Import-Module Azure -ErrorAction SilentlyContinue
#Initialize subscription
$isAzureModulePresent = Get-Module -Name AzureRM -ListAvailable
Write-Output "Provide your credentials to access Azure subscription $subscriptionName" -Verbose
Login-AzureRmAccount -SubscriptionName $subscriptionName
$azureSubscription = Get-AzureRmSubscription -SubscriptionName $subscriptionName
$subscriptionName = $subscriptionName.Replace(' ','_')
$displayName = "VSO." + $userName + '.' + $subscriptionName + '.' + $newguid
$homePage = "http://" + $displayName
$identifierUri = $homePage
$connectionName = $azureSubscription.SubscriptionName
$tenantId = $azureSubscription.TenantId
$id = $azureSubscription.SubscriptionId
#Create a new AD Application
Write-Output "Creating a new Application in AAD (App URI - $identifierUri)" -Verbose
$azureAdApplication = New-AzureRmADApplication -DisplayName $displayName -HomePage $homePage - IdentifierUris $identifierUri -Password $password -Verbose
$appId = $azureAdApplication.ApplicationId
Write-Output "Azure AAD Application creation completed successfully (Application Id: $appId)" - Verbose
#Create new SPN
Write-Output "Creating a new SPN" -Verbose
$spn = New-AzureRmADServicePrincipal -ApplicationId $appId
$spnName = $spn.ServicePrincipalName
Write-Output "SPN creation completed successfully (SPN Name: $spnName)" -Verbose
#Assign role to SPN
Write-Output "Waiting for SPN creation to reflect in Directory before Role assignment"
sleep 20
Write-Output "Assigning role ($spnRole) to SPN App ($appId)" -Verbose
New-AzureRmRoleAssignment -RoleDefinitionName $spnRole -ServicePrincipalName $appId
Write-Output "SPN role assignment completed successfully" -Verbose
#Print the values
Write-Output "`nCopy and Paste below values for Service Connection" -Verbose
Write-Output "***************************************************************************"
Write-Output "Connection Name: $connectionName(SPN)"
Write-Output "Subscription Id: $id"
Write-Output "Subscription Name: $connectionName"
Write-Output "Service Principal Id: $appId"
Write-Output "Service Principal key: <Password that you typed in>"
Write-Output "Tenant Id: $tenantId"
Write-Output "***************************************************************************"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.