Managing Azure AD using Graph API and ADAL inside PowerShell



cls
# visit "https://msdnshared.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/85/38/metablogapi/image_74154BB9.png"
# Load Active Directory Authentication Library (ADAL) Assemblies
$adal = "${env:ProgramFiles(x86)}\Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\Services\Microsoft.IdentityModel.Clients.ActiveDirectory.dll”
$adalforms = "${env:ProgramFiles(x86)}\Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\Services\Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll”
[System.Reflection.Assembly]::LoadFrom($adal)
[System.Reflection.Assembly]::LoadFrom($adalforms)
$cred = Get-Credential
$mycred = new-object Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential($cred.UserName,$cred.Password)
# Defining Azure AD tenant name, this is the name of your Azure Active Directory
$adTenant = ”bulentozkirhotmail.onmicrosoft.com”
$login = Add-AzureRmAccount -Credential $cred
Get-AzureRmSubscription
Select-AzureRmSubscription -SubscriptionID ‘b48162f0-84c6-4a5c-8dce-1ffd4181e72c‘

# Set well-known client ID for Azure PowerShell
$clientId = "1950a258-227b-4e31-a9cf-717495945fc2”
# Set redirect URI for Azure PowerShell
$redirectUri = "urn:ietf:wg:oauth:2.0:oob”
# Set Resource URI to Azure Service Management API
$resourceAppIdURI = "https://graph.windows.net/”
# Set Authority to Azure AD Tenant
$authority = "https://login.windows.net/$adTenant"
# Create AuthenticationContext tied to Azure AD Tenant
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext” -ArgumentList $authority
# Acquire token
$authResult = $authContext.AcquireToken($resourceAppIdURI, $clientId, $mycred)
# Building Rest Api header with authorization token
$authHeader = @{
‘Content-Type’=‘application\json’
‘Authorization’=$authResult.CreateAuthorizationHeader()
}
#get your Azure AD tenant details
$resource = "tenantDetails”
$uri = "https://graph.windows.net/$adTenant/$($resource)?api-version=1.6"
$tenantInfo = (Invoke-RestMethod -Uri $uri –Headers $authHeader –Method Get –Verbose).value
$tenantInfo
#get users having their displayname starting with letter a
$resource = "users”
$uri = "https://graph.windows.net/$adtenant/$($resource)?api-version=1.6`&`$filter=startswith(displayName,'b')”
$users = (Invoke-RestMethod -Uri $uri –Headers $authHeader –Method Get –Verbose).value
$users
#get groups and get group members of each group
$resource = "groups”
$uri = "https://graph.windows.net/$adtenant/$($resource)?api-version=1.6"
$groups = (Invoke-RestMethod -Uri $uri –Headers $authHeader –Method Get –Verbose).value
foreach($group in $groups)
{
$objectid = $group.objectid
$uri = "https://graph.windows.net/$adtenant/groups/$objectid/members?api-version=1.6"
$members = (Invoke-RestMethod -Uri $uri –Headers $authHeader –Method Get –Verbose).value
$members
}
#create a new user
$newuser = @{
"accountEnabled”=$true;
"userPrincipalName”="name.surname@?????.onmicrosoft.com”;
"displayName”="Name Surname”;
"passwordProfile”=@{
"password”="Mypassword1!”;`
"forceChangePasswordNextLogin”=$true
};
"mailNickname”="name.surname”
}
$newuserJsonDef = $newuser | ConvertTo-Json
$resource = "users”
$uri = "https://graph.windows.net/$tenant/$($resource)?api-version=1.6"
$result = Invoke-RestMethod -Uri $uri -Headers $authHeader -Method Post -Body $newuserJsonDef -ContentType "application/json”
#verify that user is created successfully
$uri = "https://graph.windows.net/$tenant/users`?api-version=1.6`&`$filter=mailNickname eq ‘name.surname'”
(Invoke-RestMethod -Uri $uri –Headers $authHeader –Method Get –Verbose).value


Comments (0)

Skip to main content