Azure AD connection -Credential

Welcome Forums General PowerShell Q&A Azure AD connection -Credential

This topic contains 3 replies, has 2 voices, and was last updated by

 
Participant
1 month, 1 week ago.

  • Author
    Posts
  • #119947

    Participant
    Points: 34
    Rank: Member

    HI All

     

    first step into remote AAD, my intention is to create a GUI for users within our Org to provision invites to collaborators (using a service / admin acct).  However my first hurdle has been connection, previously connecting to exchange etc.. i could use credential objects as below

    
    $Username = "global\User.name"
    $Password = ConvertTo-SecureString "Password" -AsPlainText -Force
    $cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
    
    $session = New-PSSession -ConnectionURI https://Servername@domain.com/OCSpowershell -Credential $cred
    Import-PSSession $session
    
    

    i assumed (wrongly) i could do similar with AAD so tried

    
    $Username = "global\User.name"
    $Password = ConvertTo-SecureString "Password" -AsPlainText -Force
    $cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
    
    Connect-AzureAD -TenantId "xxxxxxxxxxxxxxxxxxxxxxxx" -credential $cred
    
    

    is there any method similar to this i could use, if no what is the best method ?

     

  • #120181

    Participant
    Points: 319
    Helping Hand
    Rank: Contributor

    One should never ever put passwords in plain text in any script, especially in production.

    Now, that being said, if you are trying to use creds in multiple use cases, it is best to use them from a stored location, like the Windows Credential Manager or a secure file. Those creds are only usable from the machine they are created on, but can be used in local and remote session (on-prem and cloud resources).

    There are lots of articles and pre-built scripts to guide and help here.

    Securely Store Credentials on Disk
    http://powershellcookbook.com/recipe/PukO/securely-store-credentials-on-disk

    The first step for storing a password on disk is usually a manual one. There is nothing mandatory about the filename, but we'll use a convention to name the file CurrentScript.ps1.credential. Given a credential that you've stored in the $credential variable, you can safely use the Export-CliXml cmdlet to save the credential to disk. Replace CurrentScript with the name of the script that will be loading it:

    $credPath = Join-Path (Split-Path $profile) CurrentScript.ps1.credential
    $credential | Export-CliXml $credPath
    

    Quickly and securely storing your credentials – PowerShell

    Quickly and securely storing your credentials – PowerShell

    To get a credential object we can either manually create one or use the Get-Credential cmdlet to prompt for the account details:

    $Credential = Get-Credential
    

    To store the credentials into a .cred file:

    $Credential | Export-CliXml -Path "${env:\userprofile}\Jaap.Cred"
    

    And to load the credentials from the file and back into a variable:

    $Credential = Import-CliXml -Path "${env:\userprofile}\Jaap.Cred"
    Invoke-Command -Computername 'Server01' -Credential $Credential {whoami}
    

    Using Windows Credential Manager

    https://gallery.technet.microsoft.com/scriptcenter/PowerShell-Credentials-d44c3cde
    https://www.powershellgallery.com/packages/CredentialManager/1.0
    https://techcommunity.microsoft.com/t5/Windows-PowerShell/Store-password-in-Windows-credential-manager-and-use-it-in/td-p/36192

    Here is an example of how I connect to AAD and Exchange MSOL and Exchange On-Prem resources in one of my labs:

    # Retrieve all stored multiple creds
       $CredPath = ".\SessionCreds.xml"
       $creds = Import-Clixml -Path $CredPath 
    
    # Environment setup
       Connect-MsolService -Credential $creds.CloudAdmin
       Import-Module -Name MSOnlineExtended
    
       Connect-AzureAD -Credential $creds.CloudAdmin
       Import-Module -Name AzureADPreview
    
       Import-Module -Name 'ADSync' 
       Start-ADSyncSyncCycle
    
    
    # Exchange on-pre using a cmdlet prefix
    $ExpSession = New-PSSession -ConfigurationName 'Microsoft.Exchange' `
    -ConnectionUri ("http://$ExPFqdn/PowerShell") `
    -Authentication Kerberos -Credential $Creds.DomainAdmin
    Import-PSSession $ExpSession -Prefix 'EXP'
    
    
    # Exchange on-pre using a cmdlet prefix
    $ExoSession = New-PSSession -ConfigurationName Microsoft.Exchange `
    -ConnectionUri 'https://outlook.office365.com/powershell-liveid/' `
    -Credential $Creds.CloudAdmin -Authentication Basic -AllowRedirection
    Import-PSSession $ExoSession -Prefix 'EXO'
    

    There are similar approaches around the web.

    Office 365 Connection Script – Basic

    This PowerShell connection script is perfect for Exchange and user administration as it quickly connects to the following Office 365 Services. – Exchange Online – Azure AD v1.0 – (MSOL) – Azure AD v2.0 – (Azure AD)

    https://gallery.technet.microsoft.com/office/Office-365-Connection-364d270b

    Connect to all Office 365 services in a single Windows PowerShell window
    https://docs.microsoft.com/en-us/office365/enterprise/powershell/connect-to-all-office-365-services-in-a-single-windows-powershell-window

    Connect PowerShell to Office 365 services

    You can use PowerShell to manage the services in Office 365, but first you need to connect in PowerShell to the specific service. See these topics for details:

    Azure Active Directory Connect to Office 365 PowerShell
    Exchange Online Connect to Exchange Online PowerShell
    Security & Compliance Center Connect to Office 365 Security & Compliance Center PowerShell
    Skype for Business Online Connecting to Skype for Business Online by using Windows PowerShell
    SharePoint Online Connect to SharePoint Online PowerShell

    https://support.office.com/en-us/article/Connect-PowerShell-to-Office-365-services-06a743bb-ceb6-49a9-a61d-db4ffdf54fa6

  • #120351

    Participant
    Points: 34
    Rank: Member

    many thanks for the above, appreciate the time it took to write that 🙂

  • #120571

    Participant
    Points: 319
    Helping Hand
    Rank: Contributor

    No worries.

You must be logged in to reply to this topic.