Powershell Modules – AzureAD – “Get AD Policy”

Background

Using the “AzureAD” Powershell module, let us review how Azure-AD User Policy is configured.

PowerShell Modules

Currently, there are two versions of the Azure AD Powershell module.

  1. AzureAD ( Release Module )
  2. AzureADPreview ( Preview Module )

The functionality we need is only available in the Preview Module.

Installation

Review

Let us review the version we have installed.

Syntax


powershell -Command "Get-Module -ListAvailable" -Name "*Azure*"

Output

AzureAD

AzureADPreview

Explanation

Please review the following Columns

  1. Module
    • AzureAD ( released version )
    • AzureADPreview ( yet to be released )

Upgrade

Let us upgrade our install.

Syntax


Powershell -Command "UnInstall-Module AzureAD"
Powershell -Command "Install-Module AzureADPreview"

Code

Outline

  1. To connect to our “Tenants Domain“, Issue “Connect-AzureAD
  2. To get AzureAD policies, call Get-AzureADPolicy
    • Get the returned object type by issuing GetType().Fullname

 

API

Get-AzureADPolicy

Let us make have a proper insight on how to invoke the Get-AzureADPolicy.

Get-Help

Syntax

Get-Help Get-AzureADPolicy

Output

Explanation

We can see that Get-AzureADPolicy really accepts only a singular argument.

It is an optional one, Id.

 

Get-Help -detailed

Syntax

Get-Help Get-AzureADPolicy -detailed

Output

Explanation

When we pass in “-detailed” we see that the ID is the Policy ID.

Get-Help -example

Syntax

Get-Help Get-AzureADPolicy -examples

Output

Examples

Unfortunately, there is nothing here per examples.

Actual Code


Set-StrictMode -Version Latest;

[string]$CHAR_NEWLINE ="`r`n";

function listObjectProperties($object)
{
 
    [int] $iPropertyIndex = 0;
 
    #prepare formatting
    $strFormat = "{0}) Name :- {1} - Value :- {2}"
 
    #Iterate Object Properties
    Foreach ($objProperty in $object)
    {
 
       # increment property counter
       $iPropertyIndex = $iPropertyIndex + 1;
 
       $objPropertyName = $objProperty.Name;
 
       #place variable name in single quotes to ensure that
       #PowerShell does not evaluate\substite value
       $objPropertyNameFull = '$object' + '.' + $objPropertyName

	   <# # dadeniji 2018-01-22 10:30 AM #commented out and replaced with "$($objProperty.Value) # prepare to use variable substitution # Invoke-Expression # http://technet.microsoft.com/en-us/library/dd347550.aspx # $objPropertyValue = invoke-expression $objPropertyNameFull; #>	
	   
	   #$objPropertyValue = invoke-expression $objPropertyNameFull;
	   
	   $objPropertyValue = "$($objProperty.Value)"
 
       #format data
       $strLog = [String]::Format(
                                         $strFormat
                                       , $iPropertyIndex
                                       , $objPropertyName
                                       , $objPropertyValue
                                  );
 
       # display data
       $strLog;
 
     }
 
}

try
{

	$objCredential = Get-Credential -ErrorAction SilentlyContinue

}
catch
{

     $strLog = "get-Credential failed!";
	 
	 $strLog = $strLog + $CHAR_NEWLINE + $_.Exception.Message
	 
	 Write-Host $strLog -ForegroundColor red 
     
	 return

}
	
if (!$objCredential)
{
     
	 $strLog = "get-Credential failed!";

	 Write-Host $strLog -ForegroundColor red;
	 
     return
	 
}

#Connect to Azure AD
try
{

	$connect = Connect-AzureAD  -Credential $objCredential -ErrorAction SilentlyContinue
}
catch
{

     $strLog = "Connect-AzureAD failed!";
	 
	 $strLog = $strLog + $CHAR_NEWLINE + $_.Exception.Message
	 
	 Write-Host $strLog -ForegroundColor red 
     
	 return

}

if (!$connect)
{

     $strLog = "Connect-AzureAD failed!";
	 
	 Write-Host $strLog -ForegroundColor red 
     
	 return

 }

 
#Get-AzureADPolicy
try
{

	 
	# get list of AD Policy
	#$objListofADPolicy = Get-AzureADPolicy  -ErrorAction SilentlyContinue
	$objListofADPolicy = Get-AzureADPolicy

}
catch
{

     $strLog = "Get-AzureADPolicy failed!";
	 
	 $strLog = $strLog + $CHAR_NEWLINE + $_.Exception.Message
	 
	 Write-Host $strLog -ForegroundColor red 
     
	 return

}

# if List is empty, then say so
if (!$objListofADPolicy)
{
	 
     $strLog = "Get-AzureADPolicy failed!";
 
	 Write-Host $strLog -ForegroundColor red 
     
	 return
}
 
# Keith Hill - Get Type name
# the-typename-and-inheritance-chain/
# http://rkeithhill.wordpress.com/2007/10/28/powershell-quicktip-using-pstypenames-to-see-# 
$strLog = "Type name is " + $objListofADPolicy.GetType().Fullname;
$strLog
 
# Get top item in list
$objADPolicy = $objListofADPolicy | Select-Object -first 1

# if List is empty, then say so
if (!objADPolicy)
{

     $strLog = "Object (objADPolicy) is null (empty)";
	 
	 Write-Host $strLog -ForegroundColor red 
 
     return

 }
 
#Show all of Object's properties 
#https://www.codykonior.com/2013/03/26/powershell-how-to-show-all-of-an-objects-properties-and-values/
$objADPolicyPropList = $objADPolicy | Select-Object -Property *

if (!$objADPolicyPropList)
{
	 
     $strLog = "Object has no properties";
	 
	 Write-Host $strLog -ForegroundColor red 

	 return
}

$objADPolicyPropList


# get Object Properties
#   By calling PsObject.Properties
$objADPolicyProps = $objADPolicy.PsObject.Properties;

#list properties
listObjectProperties($objADPolicyProps);

Source Code

GitHub

DanielAdeniji/Office365AzureADPowerShell
Link

Specifically Office365AzureADPolicy.ps1.

Summary

There are so many ways to go wrong on this one.

Inclusive are:

  1. Installation
    • Having the right PowerShell Module
      • AzureAD or AzureADPreview
  2. Security
    • Having enough security on your Tenant Account
      • If one does not
        • Errors not returned when one issues Get-AzureADPolicy
        • The only indicator is that null is returned

References

  1. Microsoft
    • Microsoft Azure
      • Azure / Azure PowerShell
        • Azure Active Directory PowerShell for Graph
          Link
        • Get-AzureADPolicy
          Link
    • Microsoft – Docs
      • Office 365 Enterprise > Manage Office 365 with Office 365 PowerShell > Getting started with Office 365 PowerShell > Connect to Office 365 PowerShell
        • Connect to Office 365 PowerShell
          Link
    • Tech Community
      • Home > Azure Active Directory > Azure Active Directory
        • Azure AD PowerShell v2 cmdlets not working, e.g. Get-AzureADPolicy
          Link

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s