-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathad_spn.ps1
36 lines (26 loc) · 1.21 KB
/
ad_spn.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# F5 Networks - Register Azure RM AD App for OAuth2 API Access
# https://github.com/ArtiomL/f5networks
# Artiom Lichtenstein
# v1.4, 15/06/2017
# Login to Azure RM
Login-AzureRmAccount
# Show all subscriptions
Get-AzureRmSubscription
# Select the subscription where the AD resides
$adSub = Get-AzureRmSubscription -SubscriptionName "Paper Street Soap"
$adSub | Select-AzureRmSubscription
# Record IDs
$tenantID = $adSub.TenantId
# AD application password
$adaPass = Read-Host 'Azure AD App Password:' -AsSecureString
$adaPass = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($adaPass))
# Create a new AAD application
$armADApp = New-AzureRmADApplication -DisplayName "adappREST" -HomePage "https://paperstsoap.com/adapprest" -IdentifierUris "https://paperstsoap.com/adapprest" -Password $adaPass
# Record the application ID
$appID = $armADApp.ApplicationId.Guid
# Create a new SPN
New-AzureRmADServicePrincipal -ApplicationId $appID
# Assign a new role
New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $appID
# Show values
@{ "tenantID" = $tenantID; "clientID" = $appID; "servicePrincipalSecret" = "***** (App password you previously typed)"; }