-
Notifications
You must be signed in to change notification settings - Fork 105
/
Copy pathGet-GraphAPIToken.ps1
82 lines (60 loc) · 2.94 KB
/
Get-GraphAPIToken.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#https://blogs.technet.microsoft.com/paulomarques/2016/03/21/working-with-azure-active-directory-graph-api-from-powershell/
# Work in Progress
function Get-GraphAPIToken
{
param
(
[Parameter(Mandatory=$true)]
$TenantName,
[Parameter(Mandatory=$false)]
$UserName,
[Parameter(Mandatory=$false)]
$Password,
[Parameter(Mandatory=$false)]
$Credential
)
$adal = "${env:ProgramFiles(x86)}\Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\Services\Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
$adalforms = "${env:ProgramFiles(x86)}\Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\Services\Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll"
[System.Reflection.Assembly]::LoadFrom($adal) | Out-Null
[System.Reflection.Assembly]::LoadFrom($adalforms) | Out-Null
$clientId = "1950a258-227b-4e31-a9cf-717495945fc2"
$redirectUri = "urn:ietf:wg:oauth:2.0:oob"
$resourceAppIdURI = "https://graph.windows.net"
$authority = "https://login.windows.net/$TenantName"
#$creds = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" -ArgumentList $UserName,$Password
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority
$authResult = $authContext.AcquireToken($resourceAppIdURI, $clientId, $redirectUri, "auto")
return $authResult
}
# Full resource list - https://msdn.microsoft.com/library/azure/ad/graph/api/api-catalog
function Get-GraphData{
param
(
[Parameter(Mandatory=$true)]
$Token,
[Parameter(Mandatory=$true)]
$Tenant,
[Parameter(Mandatory=$true)]
[ValidateSet('contacts', 'directoryRoles', 'domains', 'groups', 'subscribedSkus', 'servicePrincipalsByAppId', 'tenantDetails', 'users')]
$Resource,
[Parameter(Mandatory=$false)]
$Extended
)
$authHeader = @{
'Content-Type'='application\json'
'Authorization'=$Token.CreateAuthorizationHeader()
}
$uri = "https://graph.windows.net/$tenant/$($resource)?api-version=1.6"
$uriPage = "https://graph.windows.net/$tenant/"
#return (Invoke-RestMethod -Uri $uri -Headers $authHeader -Method Get).value
$method = (Invoke-RestMethod -Uri $uri -Headers $authHeader -Method Get)
$output = $method.value
#https://blog.kloud.com.au/2016/08/10/enumerating-all-usersgroupscontacts-in-an-azure-tenant-using-powershell-and-the-azure-graph-api-odata-nextlink-paging-function/
while($method.'odata.nextLink')
{
$nextLink = $method.'odata.nextLink'+'&api-version=1.6'
$method = (Invoke-RestMethod -Uri $uriPage$nextLink -Headers $authHeader -Method Get)
$output += $method.value
}
return $output
}