-
Notifications
You must be signed in to change notification settings - Fork 5
/
addAppReg.ps1
102 lines (89 loc) · 2.95 KB
/
addAppReg.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
<#
.NOTES
===========================================================================
Created with: SAPIEN Technologies, Inc., PowerShell Studio 2024 v5.8.238
Created on: 3-5-2024 16:39
Created by: Rink Turksma
Organization:
Filename: addAppReg.ps1
===========================================================================
.DESCRIPTION
A description of the file.
#>
param
(
[parameter(Mandatory = $true)]
[string]$appRegName,
[string]$customername
)
class config_tenantinfo {
[string]$customername
[string]$target
}
Connect-MgGraph -Scopes "Application.Read.All", "Application.ReadWrite.All", "User.Read.All", "Application.ReadWrite.All", "AppRoleAssignment.ReadWrite.All" -ContextScope Process -NoWelcome
$tenantInfo = Get-MgContext
$requiredResourceAccess = @{
'resourceAccess' = @(
@{
'id' = "78145de6-330d-4800-a6ce-494ff2d33d07"
'type' = "Role"
},
@{
'id' = "01d4889c-1287-42c6-ac1f-5d1e02578ef6"
'type' = "Role"
}
)
'resourceAppId' = "00000003-0000-0000-c000-000000000000"
}
try
{
$appInfo = New-MgApplication -DisplayName $appRegName -RequiredResourceAccess $requiredResourceAccess
}
catch
{
$_.Exception | Format-List -Force
$_.Exception.InnerException
}
$appId = $appInfo.Id
$appID2 = Get-MgApplication -ApplicationId $appID
$passwordCredential = @{
"displayName" = $appRegName
"endDateTime" = (Get-Date).AddMonths(+ 12)
}
$clientSecret = Add-MgApplicationPassword -ApplicationId ($appInfo.Id) -PasswordCredential $passwordCredential
$target = $appRegName + "_" + $tenantInfo.TenantId
$username = $appInfo.AppId
$password = $clientSecret.SecretText
$securePassword = ConvertTo-SecureString -String $password -AsPlainText -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, $securePassword
try
{
$credential | New-StoredCredential -Target $target -Comment $appInfo.PublisherDomain -ErrorAction Stop
}
catch
{
catch
{
$_.Exception | Format-List -Force
$_.Exception.InnerException
}
}
$config_tenantinfo += @([config_tenantinfo]@{
customername = $customername
target = $target
})
$config_tenantinfo | Export-Csv "c:\users\$env:username\.IntunePrepTool\config_tenantinfo.csv" -NoTypeInformation -append
$graphSpId = $(Get-MgServicePrincipal -Filter "appId eq '00000003-0000-0000-c000-000000000000'").Id
$sp = New-MgServicePrincipal -AppId $appInfo.appId
try
{
New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $sp.Id -PrincipalId $sp.Id -AppRoleId "78145de6-330d-4800-a6ce-494ff2d33d07" -ResourceId $graphSpId -erroraction Stop
New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $sp.Id -PrincipalId $sp.Id -AppRoleId "01d4889c-1287-42c6-ac1f-5d1e02578ef6" -ResourceId $graphSpId -erroraction Stop
write-host "App Registration done!"
clear-host
}
catch
{
$_.Exception | Format-List -Force
$_.Exception.InnerException
}