I’ve just published my X509Details PowerShell Module to the PowerShell Gallery. The x.509 Details PowerShell Module contains the Get-X509Details cmdlet that decodes a base64 encoded PEM/CER format x.509 Certificate and converts it to a PowerShell Object. But wait, there’s more. The reason I created the x.509 Details PowerShell Module is because through automation I need to know what is the ‘Expiry Date’ for a certificate. The returned PowerShell Object from my Get-X509Details cmdlet in the X509Details Module also includes the expiry date-time in PowerShell DateTime format as ‘timeToExpiry‘.… [Keep reading] “x.509 Details – A PowerShell Module for decoding x.509 Certificates with time to certificate expiry”
I’ve been looking at Azure Backup and migrating some Windows VM’s from one Recovery Services Vault to another. This is mainly because I’ve taken a look at some production deployed VM’s and found they were aligned to the reference architecture Disaster Recovery and Backup policies. Long story short, 6 VM’s needed to be moved to maintain consistency.
Things get interesting in that my previous level of access at a customer has changed and I’m time poor, so I thought I’d use PowerShell to achieve this faster.… [Keep reading] “Azure Backup PowerShell removal of backup protection of a Azure VM”
Microsoft Authentication Libraries (MSAL) became Generally Available in May 2019 after a very long preview cycle whilst the libraries evolved to reach parity with its predecessor the Azure Active Directory Authentication Libraries (ADAL). I’ve previously used and written posts on leveraging ADAL libraries with PowerShell for Azure AD/Microsoft Graph integration using PowerShell. With some upcoming projects it’s time for me to start integrating with Microsoft Graph using MSAL with PowerShell. This post details how I transitioned from ADAL to MSAL and reduced my scripts by 60-300 lines depending on the integration.… [Keep reading] “Microsoft Graph using MSAL with PowerShell”
This post details how to generate SailPoint IdentityNow v2 and v3 API credentials. This method is valid as of Oct 2019 whereby v3 Credentials are now able to be generated via the SailPoint IdentityNow Portal and v2 Credentials can be generated via the IdentityNow API. v2 credentials are useful for some legacy API’s and API calls that are long running tasks (which thereby use Digest Auth) over using the v3 JWT method. These credentials can then be leveraged by the SailPoint IdentityNow PowerShell Module for IdentityNow orchestration tasks.… [Keep reading] “Generate SailPoint IdentityNow v2 & v3 API Credentials”
I’ve just published v1 of my SailPoint IdentityNow PowerShell Module.
- Easy command-line use, after setting default configuration options and securely saving them to the current user’s profile.
- Get an IdentityNow Organisation and Get / Update an Organisation Configuration
- Search IdentityNow Users
- Search IdentityNow Users Profiles
- Search IdentityNow Entitlements
- Create / Get / Update / Remove IdentityNow Access Profiles
- Create / Get / Start IdentityNow Certification Campaigns
- Get IdentityNow Certification Campaign Reports (output to file or return as PSObject)
- Create / Get / Update / Remove IdentityNow Governance Groups
- Create / Get / Update / Remove IdentityNow Roles
- Get / IdentityNow Sources
- Get Accounts from an IdentityNow Source
- Create / Update / Remove IdentityNow Source Account (Flat File / Delimited Sources)
- Get / Complete IdentityNow Tasks
- Get IdentityNow Virtual Appliance Clusters (and clients (VA’s))
- Get / Update IdentityNow Applications
As I’m sure you are familiar (with my many posts on the topic), the Granfeldt PowerShell Management Agent is extremely flexible. When used to integrate Microsoft Identity Manager with modern REST API’s it is easy to retrieve pages of results from a REST API and process the objects through the Management Agent. However sometimes you need to integrate Microsoft Identity Manager with an API (e.g. a SOAP WebService) that doesn’t provide functionality to page results.… [Keep reading] “Multi-Threading Granfeldt PowerShell Management Agent Imports”
A Bot or ChatOps for Microsoft Identity Manager is something I’ve had in the back of my mind for just over two years. More recently last year I did build the Voice Assistant for Microsoft Identity Manager as a submission for an IoT Hackathon. But what is ChatOps?
ChatOps is a collaboration model that connects people, tools, process, and automation into a transparent workflow. This flow connects the work needed, the work happening, and the work done in a persistent location staffed by the people, bots, and related tools.… [Keep reading] “ChatOps for Microsoft Identity Manager”
For a change recently, I needed to disassociate Azure RouteTable’s from subnets, specifically: I needed to this at scale. It wasn’t a matter of a couple of RouteTable’s. Rather, the design had close to a RouteTable per subnet (with many subnets across many VNETs). The environment is also spread across multiple logical zone types and VNETs are also spread across multiple subscriptions.… [Keep reading] “What’s wrong with removing a RouteTable association with AzureAz Powershell”
This is my PowerShell Snippets Volume 2. A collection of PowerShell commands for tasks that I don’t perform often and can’t recall easily from memory. Those ‘I know I’ve worked this out before’ type moments. Volume 1 is available here.
A quick recap.
I live in PowerShell and my memory is pretty good. There are a number of common PowerShell commands and one-liners or functions that I use a lot and I can remember them.… [Keep reading] “Darren’s PowerShell Snippets Volume 2”
Microsoft as part of the uplift in Authentication Methods capability have extended the Graph API to contain User Azure MFA information. My customers have been requesting MFA User Reporting data for some time. How many users are registered for Azure MFA? What and how many methods are they registered with? The new Graph API functions provide this information and we no longer have to use the legacy MSOLUser PowerShell cmdlet to obtain the strongAuthenticationMethods information. The new API’s provide;
- self-service password reset and multi-factor authentication (MFA) information for all registered users
- how many users in your organization are registered for self-service password reset and multi-factor authentication capabilities
Azure MFA User Reporting Management Agent
With this new functionality exposed, I’ve built an Azure MFA Management Agent for Microsoft Identity Manager to consume information from the credentialRegistrationDetails API, which can then be used in Identity Workflows to trigger notifications to users that don’t have enough registered methods (e.g.… [Keep reading] “An Azure MFA Management Agent for User MFA Reporting using Microsoft Identity Manager”