Skip to content

Instantly share code, notes, and snippets.

@zplume
Last active April 2, 2019 14:31
Show Gist options
  • Save zplume/574e133b43ecf3037473286580ed524e to your computer and use it in GitHub Desktop.
Save zplume/574e133b43ecf3037473286580ed524e to your computer and use it in GitHub Desktop.
# Original code from https://github.com/slavizh/OMSSearch/blob/master/OMSSearch.psm1
# - Updated/fixed authentication method calls
# - Ensure ADAL DLL is loaded
Function Get-AADToken {
<#
.SYNOPSIS
Get token from Azure AD so you can use the other cmdlets.
.DESCRIPTION
Get token from Azure AD so you can use the other cmdlets.
.PARAMETER OMSConnection
Object that contains all needed parameters for working
with OMSSearch Module. You can create such object in
OMS Automation as connection asset.
.PARAMETER TenantADName
Valid Azure AD Tenant name.
Example: stanoutlook.onmicrosoft.com
.PARAMETER TenantID
Valid Azure Tenant ID.
Example: eeb91fce-4be2-4a30-aad8-39e05fefde0
.PARAMETER Credential
Valid user credentials to Azure AD. The Azure AD user must
have at least user rights in OMS and administrator and
Contributor rights on the Azure resource group where
the OMS workspace is located.
.EXAMPLE
$token = Get-AADToken -TenantADName 'stanoutlook.onmicrosoft.com' -Credential $creds
Description
-----------
Grabs token from Azure AD by Tenant AD Name
Example Variables
-----------------
$creds = Get-Credential
.EXAMPLE
$token = Get-AADToken -TenantID 'eeb91fce-4be2-4a30-aad8-39e05fefde0' -Credential $creds
Description
-----------
Grabs token from Azure AD by Tenant ID
Example Variables
-----------------
$creds = Get-Credential
.EXAMPLE
$Token = Get-AADToken -OMSConnection $OMSCon
Description
-----------
Grabs token from Azure AD by using information from asset of type connection in OMS Automation
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'stasoutlook'
.OUTPUTS
System.String. Returns token from Azure AD.
#>
[CmdletBinding(DefaultParameterSetName='LoginbyTenantADName')]
[OutputType([string])]
PARAM (
[Parameter(ParameterSetName='OMSConnection',Position=0,Mandatory=$true)]
[Alias('Connection','c')]
[Object]$OMSConnection,
[Parameter(ParameterSetName='LoginbyTenantADName',Position=0,Mandatory=$true)]
[Alias('t')]
[String]$TenantADName,
[Parameter(ParameterSetName='LoginByTenantID',Position=0,Mandatory=$true)]
[ValidateScript({
try
{
[System.Guid]::Parse($_) | Out-Null
$true
}
catch
{
$false
}
})]
[Alias('tID')]
[String]$TenantID,
[Parameter(ParameterSetName='LoginbyTenantADName',Position=1,Mandatory=$true)]
[Parameter(ParameterSetName='LoginByTenantID',Position=1,Mandatory=$true)]
[Alias('cred')]
[pscredential]
[System.Management.Automation.CredentialAttribute()]
$Credential
)
Try
{
If ($OMSConnection)
{
$Username = $OMSConnection.Username
$Password = $OMSConnection.Password
If ($OMSConnection.TenantID)
{
$TenantID = $OMSConnection.TenantID
}
Else
{
$TenantADName = $OMSConnection.TenantADName
}
}
Else
{
$Username = $Credential.Username
$Password = $Credential.Password
}
# Set well-known client ID for Azure PowerShell
$clientId = '1950a258-227b-4e31-a9cf-717495945fc2'
# Set Resource URI to Azure Service Management API
$resourceAppIdURI = 'https://management.azure.com/'
# Set Authority to Azure AD Tenant
If ($TenantID)
{
$authority = 'https://login.microsoftonline.com/common/' + $TenantID
}
Else
{
$authority = 'https://login.microsoftonline.com/' + $TenantADName
}
$AadModule = Get-Module -Name "AzureAD" -ListAvailable
if ($AadModule.count -gt 1) {
$Latest_Version = ($AadModule | Select-Object version | Sort-Object)[-1]
$AadModule = $AadModule | Where-Object { $_.version -eq $Latest_Version.version }
}
$adal = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
[System.Reflection.Assembly]::LoadFrom($adal) | Select-Object FullName
$AADcredential = New-Object `
-TypeName 'Microsoft.IdentityModel.Clients.ActiveDirectory.UserPasswordCredential' `
-ArgumentList $Username,$Password
# Create AuthenticationContext tied to Azure AD Tenant
$authContext = New-Object `
-TypeName 'Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext' `
-ArgumentList $authority
$authResult = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions]::AcquireTokenAsync($authContext, $resourceAppIdURI, $clientId, $AADcredential).Result
$Token = $authResult.CreateAuthorizationHeader()
}
Catch
{
$ErrorMessage = 'Failed to aquire Azure AD token.'
$ErrorMessage += " `n"
$ErrorMessage += 'Error: '
$ErrorMessage += $_
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
Return $Token
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment