Powershell Modules – AzureAD – “Get AD Policy”

Background

Using the “AzureAD” Powershell module, let us review how Azure-AD User Policy is configured.

PowerShell Modules

Currently, there are two versions of the Azure AD Powershell module.

  1. AzureAD ( Release Module )
  2. AzureADPreview ( Preview Module )

The functionality we need is only available in the Preview Module.

Installation

Review

Let us review the version we have installed.

Syntax


powershell -Command "Get-Module -ListAvailable" -Name "*Azure*"

Output

AzureAD

AzureADPreview

Explanation

Please review the following Columns

  1. Module
    • AzureAD ( released version )
    • AzureADPreview ( yet to be released )

Upgrade

Let us upgrade our install.

Syntax


Powershell -Command "UnInstall-Module AzureAD"
Powershell -Command "Install-Module AzureADPreview"

Code

Outline

  1. To connect to our “Tenants Domain“, Issue “Connect-AzureAD
  2. To get AzureAD policies, call Get-AzureADPolicy
    • Get the returned object type by issuing GetType().Fullname

 

API

Get-AzureADPolicy

Let us make have a proper insight on how to invoke the Get-AzureADPolicy.

Get-Help

Syntax

Get-Help Get-AzureADPolicy

Output

Explanation

We can see that Get-AzureADPolicy really accepts only a singular argument.

It is an optional one, Id.

 

Get-Help -detailed

Syntax

Get-Help Get-AzureADPolicy -detailed

Output

Explanation

When we pass in “-detailed” we see that the ID is the Policy ID.

Get-Help -example

Syntax

Get-Help Get-AzureADPolicy -examples

Output

Examples

Unfortunately, there is nothing here per examples.

Actual Code


Set-StrictMode -Version Latest;

[string]$CHAR_NEWLINE ="`r`n";

function listObjectProperties($object)
{
 
    [int] $iPropertyIndex = 0;
 
    #prepare formatting
    $strFormat = "{0}) Name :- {1} - Value :- {2}"
 
    #Iterate Object Properties
    Foreach ($objProperty in $object)
    {
 
       # increment property counter
       $iPropertyIndex = $iPropertyIndex + 1;
 
       $objPropertyName = $objProperty.Name;
 
       #place variable name in single quotes to ensure that
       #PowerShell does not evaluate\substite value
       $objPropertyNameFull = '$object' + '.' + $objPropertyName

	   <# # dadeniji 2018-01-22 10:30 AM #commented out and replaced with "$($objProperty.Value) # prepare to use variable substitution # Invoke-Expression # http://technet.microsoft.com/en-us/library/dd347550.aspx # $objPropertyValue = invoke-expression $objPropertyNameFull; #>	
	   
	   #$objPropertyValue = invoke-expression $objPropertyNameFull;
	   
	   $objPropertyValue = "$($objProperty.Value)"
 
       #format data
       $strLog = [String]::Format(
                                         $strFormat
                                       , $iPropertyIndex
                                       , $objPropertyName
                                       , $objPropertyValue
                                  );
 
       # display data
       $strLog;
 
     }
 
}

try
{

	$objCredential = Get-Credential -ErrorAction SilentlyContinue

}
catch
{

     $strLog = "get-Credential failed!";
	 
	 $strLog = $strLog + $CHAR_NEWLINE + $_.Exception.Message
	 
	 Write-Host $strLog -ForegroundColor red 
     
	 return

}
	
if (!$objCredential)
{
     
	 $strLog = "get-Credential failed!";

	 Write-Host $strLog -ForegroundColor red;
	 
     return
	 
}

#Connect to Azure AD
try
{

	$connect = Connect-AzureAD  -Credential $objCredential -ErrorAction SilentlyContinue
}
catch
{

     $strLog = "Connect-AzureAD failed!";
	 
	 $strLog = $strLog + $CHAR_NEWLINE + $_.Exception.Message
	 
	 Write-Host $strLog -ForegroundColor red 
     
	 return

}

if (!$connect)
{

     $strLog = "Connect-AzureAD failed!";
	 
	 Write-Host $strLog -ForegroundColor red 
     
	 return

 }

 
#Get-AzureADPolicy
try
{

	 
	# get list of AD Policy
	#$objListofADPolicy = Get-AzureADPolicy  -ErrorAction SilentlyContinue
	$objListofADPolicy = Get-AzureADPolicy

}
catch
{

     $strLog = "Get-AzureADPolicy failed!";
	 
	 $strLog = $strLog + $CHAR_NEWLINE + $_.Exception.Message
	 
	 Write-Host $strLog -ForegroundColor red 
     
	 return

}

# if List is empty, then say so
if (!$objListofADPolicy)
{
	 
     $strLog = "Get-AzureADPolicy failed!";
 
	 Write-Host $strLog -ForegroundColor red 
     
	 return
}
 
# Keith Hill - Get Type name
# the-typename-and-inheritance-chain/
# http://rkeithhill.wordpress.com/2007/10/28/powershell-quicktip-using-pstypenames-to-see-# 
$strLog = "Type name is " + $objListofADPolicy.GetType().Fullname;
$strLog
 
# Get top item in list
$objADPolicy = $objListofADPolicy | Select-Object -first 1

# if List is empty, then say so
if (!objADPolicy)
{

     $strLog = "Object (objADPolicy) is null (empty)";
	 
	 Write-Host $strLog -ForegroundColor red 
 
     return

 }
 
#Show all of Object's properties 
#https://www.codykonior.com/2013/03/26/powershell-how-to-show-all-of-an-objects-properties-and-values/
$objADPolicyPropList = $objADPolicy | Select-Object -Property *

if (!$objADPolicyPropList)
{
	 
     $strLog = "Object has no properties";
	 
	 Write-Host $strLog -ForegroundColor red 

	 return
}

$objADPolicyPropList


# get Object Properties
#   By calling PsObject.Properties
$objADPolicyProps = $objADPolicy.PsObject.Properties;

#list properties
listObjectProperties($objADPolicyProps);

Source Code

GitHub

DanielAdeniji/Office365AzureADPowerShell
Link

Specifically Office365AzureADPolicy.ps1.

Summary

There are so many ways to go wrong on this one.

Inclusive are:

  1. Installation
    • Having the right PowerShell Module
      • AzureAD or AzureADPreview
  2. Security
    • Having enough security on your Tenant Account
      • If one does not
        • Errors not returned when one issues Get-AzureADPolicy
        • The only indicator is that null is returned

References

  1. Microsoft
    • Microsoft Azure
      • Azure / Azure PowerShell
        • Azure Active Directory PowerShell for Graph
          Link
        • Get-AzureADPolicy
          Link
    • Microsoft – Docs
      • Office 365 Enterprise > Manage Office 365 with Office 365 PowerShell > Getting started with Office 365 PowerShell > Connect to Office 365 PowerShell
        • Connect to Office 365 PowerShell
          Link
    • Tech Community
      • Home > Azure Active Directory > Azure Active Directory
        • Azure AD PowerShell v2 cmdlets not working, e.g. Get-AzureADPolicy
          Link

Powershell Modules – AzureAD – Installation

Background

Needing to do some minimal Microsoft Office 365 work.

Found out that I need Azure Powershell Modules.

Requirement

The Azure Active Directory ( AD) Powershell Modules are available on Microsoft’s Powershell Gallery.

Here is Microsoft’s write-up of what it takes to access the gallery and download modules from it:

Image

Azure Active Directory PowerShell for Graph
Link

Tabulate

Product Version Prerequisite
Operating System ( OS) Windows 10
Windows Management Framework ( WMF ) WMF v5.0
PackageManagement PowerShell Modules Preview – March 2016 v1.1 Powershell v3.0 or v4.0

 

Do we meet the requirement?

Let us do a quick check to determine whether we meet the requirement.

OS version

WinVer

From Console, issue winver

Syntax

winver

Output

Explanation

We are looking to have Windows Version 10, we are only at Version 7.

 

WMI Version

WMI Version – Using Powershell

From Console, run powershell and query $PSVersionTable

Syntax

Powershell -Command "$PSVersionTable"

Output

Explanation

We are looking to have WSManStackVersion be at v5.0, but we are only at v3.0.

 

Powershell – Module – PackageManagement

PackageManagement Powershell Modules

In Powershell issue “Get Module -ListAvailable

Syntax

powershell -Command "Get-Module -Name *Package* -ListAvailable"

Output

Explanation

We appear to be good with the Powershell Module Package Management.  The version installed is 1.*.

 

Meeting Requirement

If we did not meet the requirements, here are options to do so.

Windows Management Framework ( WMF )

Version

Version 5.1

As of 2018-Jan-21st, the latest version of WMF is 5.1 and it is available here.

Powershell – Module – PackageManagement

Go here and download the module that fits your your OS bitness.

 

Review Installation

Current

Let us quickly see whether we have the Azure Powershell Module installed.

Syntax

The module’s name is AzureAD and so we can look for anything bearing the Azure moniker.


powershell -Command "Get-Module -Name *Azure* -ListAvailable"

Output

Explanation

Nada

Actual Installation

Syntax


powershell -command "Install-module AzureAD"

Output

Explanation

We confirmed that we are OK with downloading modules from PSGallery.

 

Installation Validation

Syntax


Powershell -Command "Get-Module -Name *Azure* -ListAvailable"

Output

Explanation

We now have AzureAD installed.

The current version is 2.0.x.x

 

References

  1. Microsoft Azure
    • Azure PowerShell
      • Azure Active Directory PowerShell for Graph
        • Installation
        • How can I find the version of the Azure AD PowerShell module I’m using?
          Link