AAD, is VM joined to? – see VM joined to AAD?
This is supposed to work
Get-AzLocation -Location centralus | select displayname,location,zones
but fails
Get-AzLocation: A parameter cannot be found that matches parameter name 'Location'.
because Powershell 7.4.0 has some problem with it.
This works only from the Azure CLI / Cloud Shell
az vm list-skus --location centralus --zone --output table
I wanted to uninstall the Az module after I got errors.
Azure CLI home directory, in which storage account does it reside? – see storage account, in which Azure CLI resides
bash, switch from bash to PowerShell
pwsh
to go back to bash:
exit
$User
=
"Barney.Rubble@yourDomain.com"
$PWord
=
ConvertTo-SecureString
-String
"topSecret"
$cred
=
New-Object
-TypeName System.Management.Automation.PSCredential -ArgumentList
$User,
$PWord
Connect-AzAccount
-Credential
$cred
virtual network gateways
look in each resource group
(otherwise must list resource group name as a parameter to the
Get-AzVirtualNetworkGateway
command) below
$resourceGroups
=
Get-AzResourceGroup
$gates
=
@()
foreach
($resourceGroup
in
$resourceGroups) {
$gatewaysAzure
=
Get-AzVirtualNetworkGateway
-ResourceGroupName
$resourceGroup.ResourceGroupName
foreach
($AzureGateway
in
$gatewaysAzure) {
foreach
($IpConfig
in
$AzureGateway.IpConfigurations) {
# Get the Virtual Network Name from the IP configuration ID
$virtualNetworkName
=
($IpConfig.Subnet.Id
-split
"/")[-3]
$VirtualNetwork
=
Get-AzVirtualNetwork
-ResourceGroupName
$resourceGroup.ResourceGroupName
-Name
$virtualNetworkName
$Subnet
=
Get-AzVirtualNetworkSubnetConfig
-VirtualNetwork
$VirtualNetwork
-Name
$IpConfig.Subnet.Name
# Get the subnet range from the IP configuration ID
$SubnetRange
=
$Subnet.AddressPrefix
# Get the name of the public IP address from the IP configuration ID
$publicIPAddressName
=
Split-Path
$IpConfig.PublicIpAddress.Id
-Leaf
# Get the public IP address using the name and the resource
group name
$PublicIPAddress
=
(Get-AzPublicIpAddress
-Name
$publicIPAddressName
-ResourceGroupName $resourceGroup.ResourceGroupName).IpAddress
# Add the public IP address to the custom object
$gates
+=
[PSCustomObject]
@{
ResourceGroup
=
$resourceGroup.ResourceGroupName
gatewayName
=
$AzureGateway.Name
virtualNetworkName
=
$virtualNetworkName
BgpPeeringAddress
=
$AzureGateway.BgpSettings.BgpPeeringAddress
publicIPAddressName
=
$publicIPAddressName
PublicIPAddress
=
$PublicIPAddress
SubnetRange
=
$SubnetRange
ProvisioningState
=
$AzureGateway.ProvisioningState
}
}
}
}
$gates
|
select gatewayName,
virtualNetworkName,
ResourceGroup,
BgpPeeringAddress,publicIPAddressName, PublicIPAddress,
SubnetRange,
ProvisioningState
|
ft
local network gateways
Get-AzLocalNetworkGateway
to show
local network gateways instead.
$resourceGroups
=
Get-AzResourceGroup
$gates
=
@()
foreach
($resourceGroup
in
$resourceGroups) {
$gatewaysLocal
=
Get-AzLocalNetworkGateway
-ResourceGroupName $resourceGroup.ResourceGroupName
foreach ($localGateway
in
$gatewaysLocal) {
$gates
+= [PSCustomObject] @{
ResourceGroup
=
$resourceGroup.ResourceGroupName
gatewayName
=
$localGateway.Name
gatewayIpAddress
=
$localGateway.GatewayIpAddress
location
=
$localGateway.Location
IPRanges
=
($localGateway.LocalNetworkAddressSpace.AddressPrefixes)
-join
", "
}
}
}
$gates
|
select gatewayName,
ResourceGroup, location,
gatewayIpAddress,
IPRanges
|
ft
-a
Get-Get-AzSubscription: Unable to acquire token for tenant
WARNING: Unable to acquire token for tenant '1dea4595-8efe-fc33-a6ce-7b49aa512fdc' with error 'SharedTokenCacheCredential authentication unavailable. Token acquisition failed for user vader@darth.com. Ensure that you have authenticated with a developer tool that supports Azure single sign on.' }
clear cache and reconnect
Clear-AzContext
-Force
Connect-AzAccount
-Tenant 1dea4595-8efe-fc33-a6ce-7b49aa512fdc
Install-Module AzureAD -Force
and then
Import-Module AzureAD -Force
Instead, use Get-MgUser
:
Get-MgUser -ConsistencyLevel eventual -Count userCount -Search "DisplayName:Marley, Bob"
That is, after you:
Install-Module
-Name Microsoft.Graph
-RequiredVersion 1.27.0
Import-Module
-Name Microsoft.Graph
first, if necessary
the Get-AzureADUser
command doesn’t work anymore.
Now that you’ve installed, imported the Microsoft.Graph
module, now instead, use Get-MgUser
:
Get-MgUser -ConsistencyLevel eventual -Count userCount -Search "DisplayName:Marley, Bob"
Get-AzureADUser says to Connect-AzureAD
but that module does not support PowerShell Core Edition
You run Get-AzureADUser
(with or without parameters) it returns
Get-AzureADUser: You must call the Connect-AzureAD cmdlet before calling any other cmdlets.
So, you dutifully
Connect-AzureAD
but it returns
Connect-AzureAD: This module does not support PowerShell Core edition. Retry the operation with PowerShell Desktop edition (Windows PowerShell).
By this, they mean:
Import-Module AzureAD -UseWindowsPowerShell
But this still fails with “The specified module 'AzureAD' was not loaded because no valid module file was found in any module directory.”
use
Connect-MgGraph
instead. That is, after you:
Install-Module
-Name Microsoft.Graph
-RequiredVersion 1.27.0
Import-Module
-Name Microsoft.Graph
first, if necessary
The Get-AzureADUser
command doesn’t work anymore.
Now that you’ve installed, imported the Microsoft.Graph
module, now instead, use Get-MgUser
:
Get-MgUser -ConsistencyLevel eventual -Count userCount -Search "DisplayName:Marley, Bob"
home directory of Azure CLI, in which storage account does it reside? – see storage account, in which Azure CLI resides
az interactive
keys for storage account, list – see storage account keys, list
start with
Connect-MgGraph
should bring up
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code EE9GLGY6J to authenticate.
(with a unique code, not the one above). Once connected, you should see something like this:
Welcome to Microsoft Graph!
Connected via delegated access using 14d82cec-204b-4c2f-b7e8-297a70deb67a
Readme: https://aka.ms/graph/sdk/powershell
SDK Docs: https://aka.ms/graph/sdk/powershell/docs
API Docs: https://aka.ms/graph/docs
NOTE: You can use the -NoWelcome parameter to suppress this message.
again, with another unique code, not the one above. To verify that you're connected:
Get-MgContext
Should return things like ClientID, TenatID, Scopes, etc. And
Get-MgOrganization
Should also return DisplayName, ID, TenantType, etc.
If Get-MgContext shows you logged into the wrong account,
Disconnect-AzAccount
Disconnect-MgGraph
And then connect again to the right account.
network gateways, list all – see gateways, list all
permission grant, delegated - create new
$params
=
@{
ClientId
=
"ef969797-201d-4f6b-960c-e9ed5f31dab5"
ConsentType
=
"AllPrincipals"
ResourceId
=
"943603e4-e787-4fe9-93d1-e30f749aae39"
Scope
=
"AdministrativeUnit.Read.All AdministrativeUnit.ReadWrite.All"
}
New-MgOauth2PermissionGrant
-BodyParameter $params
where
ClientId
– The id of the client service principal for the application which is authorized to act on behalf of a signed-in user when accessing an API. Not sure about this. I’ve just been using the same ID as thePrincipalID
below.ConsentType
– eitherAllPrincipals
orPrincipal
. If you selectPrincipal
, you must supply additioanl parameterPrincipalID
and set that equal to a user’s IDPrincipalId
– User ID of who needs permission. You only need to specify this parameter ifConsentType
above isPrincipal
ResourceId
– The id of the resource service principal to which access is authorized. Not sure about this. Subscription ID doesn’t seem to work.Scope
– space-delimited permissions. A list of permissions required to run a commandcan be generated by permission required to run a command, list, for example.
permission required to run a command, list
here‘s what you need to be able to manage administrative units, for example:
Find-MgGraphCommand -command Get-MgDirectoryAdministrativeUnit | Select -First 1 -ExpandProperty Permissions
PowerShell, switch to from bash – see bash, switch from bash to PowerShell
$ResourceGroupName
=
"BobsBigOlResourceGroup"
Get-AzResourceGroup
-Name
$ResourceGroupName
-ErrorVariable notPresent -ErrorAction SilentlyContinue
if
($notPresent) {"ResourceGroup
$ResourceGroupName
doesn't exist"}
else
{"ResourceGroup
$ResourceGroupName
exists"}
Get-AzResourceGroup | ft
This will only list the resources in one of your subscriptions. If you don’t find a resource you think you ought to have, you may want to list your subscriptions and then change your context to a different subscription
To see all resource groups for all subscriptions:
$ResourceGroupsForAllSubscriptions
=
@()
$i
=
0
$subscriptions
=Get-AzSubscription
ForEach
($subscription
in
$i++
$subscriptionName
=
$subscription.Name
Set-AzContext
-SubscriptionId
$subscription.SubscriptionId
$j=0
$resourceGroups
=
Get-AzResourceGroup
foreach
($resourceGroup
in
$resourceGroups) {
$j++
Write-Host
"subscription $i
of
$($subscriptions.Count):
$subscriptionName, ResourceGroup
$j
of
$($resourceGroups.Count):
$($resourceGroup.ResourceGroupName)"
-ForegroundColor
Green
$ResourceGroupsForAllSubscriptions
+= [PSCustomObject]
@{
Subscription
=
$subscriptionName
ResourceGroup
=
$resourceGroup.ResourceGroupName
}
}
}
$ResourceGroupsForAllSubscriptions
| ogv
role assignments, list for a user
Get-AzRoleAssignment -SignInName frodo@theshire.com
roles, list
Get-AzRoleDefinition | ogv
storage account, in which Azure CLI resides
df
will show the file path to clouddrive, which includes storage account name and fileshare in the URL1. The format of the file path will be something like //filesharename.file.core.windows.net/cs-userid-schoolofhardknocks-edu-filesharename where "cs7233303327393af72" is substituted for "filesharename".
az
storage account keys list -g <ResourceGroupname> -n <StorageAccountname>
where <ResourceGroupname> is something like
"cloud-shell-storage-southcentralus" and <StorageAccountname>
is something like "cs7233303327393af72" az
storage account list -o table Get-AzSubscription you’ll probably first want to list your subscriptions
so you can get a subscription ID Set-AzContext
-Subscription
"dec98b56-ea77-8195-a1cd-9eda38fcb638"
-Name
"dev" I thought the following would set the context to all my available subscriptions.
But instead, it only seems to set the context one at a time, leaving you with the context of
whichever subscription happens to be last. Get-AzSubscription
|
Set-AzContext (Get-MgOrganization).ID switch from bash to PowerShell – see
bash, switch from bash to PowerShell VM availability zone to find which availability zone for just one VM in one Resource Group
(only works from Azure CLI / Cloud Shell): az vm show
--resource-group My-TEST-Resource-Group
--name testVM1
--query
"zones"
--output tsv from command line on the VM dsregcmd /status Get-AzVM
|
select Name,
ResourceGroupName,
Location,
@{n="VMSize";e={$_.HardwareProfile.VmSize}},
@{n="OSType";e={$_.StorageProfile.OsDisk.OsType}},
@{n="NIC";e={$_.NetworkProfile.NetworkInterfaces[0].Id.Split("/")[-1]}}
|
ft
-a VM powerState view That last PowerState field below lets us know whether a VM is "dealocated",
in which case there won’t be any IP addresses. But if it returns blank: Get-AzVM
-VMName testVM1
-ResourceGroupName My-Resource-Group
-Status
|
Select-Object
-ExpandProperty Statuses
|
?
Code
-like
"PowerState/*" or from Azure CLI / Cloud Shell: az vm show
-g My-TEST-Resource-Group -n testVM1 -d --query powerState start PowerShell Start-AzVM
-ResourceGroupName MyRG
-Name MyVM Azure CLI az vm start
-g MyRG
-n MyVM stop PowerShell Stop-AzVM
-ResourceGroupName MyRG
-Name MyVM Azure CLI az vm deallocate
-g MyRG
-n MyVM