–A–

AAD, is VM joined to? – see VM joined to AAD?

availability zones, list

This is supposed to work

Get-AzLocation -Location centralus | select displayname,location,zones

but fails

Get-AzLocation: A parameter cannot be found that matches parameter name 'Location'.

because Powershell 7.4.0 has some problem with it.

This works only from the Azure CLI / Cloud Shell

az vm list-skus --location centralus --zone --output table

Az module, uninstall

I wanted to uninstall the Az module after I got errors.

Azure CLI home directory, in which storage account does it reside? – see storage account, in which Azure CLI resides

–B–

–C–

connect

$User = "Barney.Rubble@yourDomain.com"
$PWord = ConvertTo-SecureString -String "topSecret" -AsPlainText -Force
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $PWord
Connect-AzAccount -Credential $cred

–D–

–E–

–F–

–G–

gateways, list all

virtual network gateways

look in each resource group (otherwise must list resource group name as a parameter to the Get-AzVirtualNetworkGateway command) below

$resourceGroups = Get-AzResourceGroup
$gates = @()
foreach ($resourceGroup in $resourceGroups) {
  $gatewaysAzure = Get-AzVirtualNetworkGateway -ResourceGroupName $resourceGroup.ResourceGroupName
  foreach ($AzureGateway in $gatewaysAzure) {
    foreach ($IpConfig in $AzureGateway.IpConfigurations) {
      # Get the Virtual Network Name from the IP configuration ID
      $virtualNetworkName = ($IpConfig.Subnet.Id -split "/")[-3]
      $VirtualNetwork = Get-AzVirtualNetwork -ResourceGroupName $resourceGroup.ResourceGroupName -Name $virtualNetworkName
      $Subnet = Get-AzVirtualNetworkSubnetConfig -VirtualNetwork $VirtualNetwork -Name $IpConfig.Subnet.Name
      # Get the subnet range from the IP configuration ID
      $SubnetRange = $Subnet.AddressPrefix
      # Get the name of the public IP address from the IP configuration ID
      $publicIPAddressName = Split-Path $IpConfig.PublicIpAddress.Id -Leaf
      # Get the public IP address using the name and the resource group name
      $PublicIPAddress = (Get-AzPublicIpAddress -Name $publicIPAddressName -ResourceGroupName $resourceGroup.ResourceGroupName).IpAddress
      # Add the public IP address to the custom object
      $gates += [PSCustomObject] @{
        ResourceGroup = $resourceGroup.ResourceGroupName
        gatewayName = $AzureGateway.Name
        virtualNetworkName = $virtualNetworkName
        BgpPeeringAddress = $AzureGateway.BgpSettings.BgpPeeringAddress
        publicIPAddressName = $publicIPAddressName
        PublicIPAddress = $PublicIPAddress
        SubnetRange = $SubnetRange
        ProvisioningState = $AzureGateway.ProvisioningState
      }
    }
  }
}
$gates | select gatewayName, virtualNetworkName, ResourceGroup, BgpPeeringAddress,publicIPAddressName, PublicIPAddress, SubnetRange, ProvisioningState | ft

local network gateways

Get-AzLocalNetworkGateway to show local network gateways instead.

$resourceGroups = Get-AzResourceGroup
$gates = @()
foreach ($resourceGroup in $resourceGroups) {
  $gatewaysLocal = Get-AzLocalNetworkGateway -ResourceGroupName $resourceGroup.ResourceGroupName
  foreach ($localGateway in $gatewaysLocal) {
    $gates += [PSCustomObject] @{
        ResourceGroup = $resourceGroup.ResourceGroupName
        gatewayName = $localGateway.Name
        gatewayIpAddress = $localGateway.GatewayIpAddress
        location = $localGateway.Location
        IPRanges = ($localGateway.LocalNetworkAddressSpace.AddressPrefixes) -join ", "
    }
  }
}
$gates | select gatewayName, ResourceGroup, location, gatewayIpAddress, IPRanges | ft -a

Get-Get-AzSubscription: Unable to acquire token for tenant

WARNING: Unable to acquire token for tenant '1dea4595-8efe-fc33-a6ce-7b49aa512fdc' with error 'SharedTokenCacheCredential authentication unavailable. Token acquisition failed for user vader@darth.com. Ensure that you have authenticated with a developer tool that supports Azure single sign on.' }

clear cache and reconnect

Clear-AzContext -Force
Connect-AzAccount -Tenant 1dea4595-8efe-fc33-a6ce-7b49aa512fdc

Get-AzureADUser: The term 'Get-AzureADUser' is not recognized as a name of a cmdlet, function, script file, or executable program.

Install-Module AzureAD -Force

and then

Import-Module AzureAD -Force

Instead, use Get-MgUser:

Get-MgUser -ConsistencyLevel eventual -Count userCount -Search "DisplayName:Marley, Bob"

That is, after you:

Install-Module -Name Microsoft.Graph -RequiredVersion 1.27.0
Import-Module -Name Microsoft.Graph

first, if necessary

the Get-AzureADUser command doesn’t work anymore. Now that you’ve installed, imported the Microsoft.Graph module, now instead, use Get-MgUser:

Get-MgUser -ConsistencyLevel eventual -Count userCount -Search "DisplayName:Marley, Bob"

Get-AzureADUser says to Connect-AzureAD but that module does not support PowerShell Core Edition

You run Get-AzureADUser (with or without parameters) it returns

Get-AzureADUser: You must call the Connect-AzureAD cmdlet before calling any other cmdlets.

So, you dutifully

Connect-AzureAD

but it returns

Connect-AzureAD: This module does not support PowerShell Core edition. Retry the operation with PowerShell Desktop edition (Windows PowerShell).

By this, they mean:

Import-Module AzureAD -UseWindowsPowerShell

But this still fails with “The specified module 'AzureAD' was not loaded because no valid module file was found in any module directory.”

use

Connect-MgGraph

instead. That is, after you:

Install-Module -Name Microsoft.Graph -RequiredVersion 1.27.0
Import-Module -Name Microsoft.Graph

first, if necessary

The Get-AzureADUser command doesn’t work anymore. Now that you’ve installed, imported the Microsoft.Graph module, now instead, use Get-MgUser:

Get-MgUser -ConsistencyLevel eventual -Count userCount -Search "DisplayName:Marley, Bob"

–H–

home directory of Azure CLI, in which storage account does it reside? – see storage account, in which Azure CLI resides

–I–

–J–

–K–

keys for storage account, list – see storage account keys, list

–L–

–M–

–N–

network gateways, list all – see gateways, list all

–O–

–P–

permission grant, delegated - create new

$params = @{
    ClientId = "ef969797-201d-4f6b-960c-e9ed5f31dab5"
    ConsentType = "AllPrincipals"
    ResourceId = "943603e4-e787-4fe9-93d1-e30f749aae39"
    Scope = "AdministrativeUnit.Read.All AdministrativeUnit.ReadWrite.All"
}
New-MgOauth2PermissionGrant -BodyParameter $params

where

• ClientId – The id of the client service principal for the application which is authorized to act on behalf of a signed-in user when accessing an API. Not sure about this. I’ve just been using the same ID as the PrincipalID below.
• ConsentType – either AllPrincipals or Principal. If you select Principal, you must supply additioanl parameter PrincipalID and set that equal to a user’s ID
• PrincipalId – User ID of who needs permission. You only need to specify this parameter if ConsentType above is Principal
• ResourceId – The id of the resource service principal to which access is authorized. Not sure about this. Subscription ID doesn’t seem to work.
• Scope – space-delimited permissions. A list of permissions required to run a commandcan be generated by permission required to run a command, list, for example.

permission required to run a command, list

here‘s what you need to be able to manage administrative units, for example:

Find-MgGraphCommand -command Get-MgDirectoryAdministrativeUnit | Select -First 1 -ExpandProperty Permissions

–Q–

–R–

resource groups, exists?

$ResourceGroupName = "BobsBigOlResourceGroup"
Get-AzResourceGroup -Name $ResourceGroupName -ErrorVariable notPresent -ErrorAction SilentlyContinue
if ($notPresent) {"ResourceGroup $ResourceGroupName doesn't exist"}
else {"ResourceGroup $ResourceGroupName exists"}

resource groups, list

Get-AzResourceGroup | ft

This will only list the resources in one of your subscriptions. If you don’t find a resource you think you ought to have, you may want to list your subscriptions and then change your context to a different subscription

To see all resource groups for all subscriptions:

$ResourceGroupsForAllSubscriptions = @()
$i = 0
$subscriptions =Get-AzSubscription
ForEach ($subscription in $subscriptions) {
    $i++
    $subscriptionName = $subscription.Name
    Set-AzContext -SubscriptionId $subscription.SubscriptionId
    $j=0
    $resourceGroups = Get-AzResourceGroup
    foreach ($resourceGroup in $resourceGroups) {  
        $j++
        Write-Host "subscription $i of $($subscriptions.Count): $subscriptionName, ResourceGroup $j of $($resourceGroups.Count): $($resourceGroup.ResourceGroupName)" -ForegroundColor Green
        $ResourceGroupsForAllSubscriptions += [PSCustomObject] @{
            Subscription = $subscriptionName
            ResourceGroup = $resourceGroup.ResourceGroupName
        }
    }
}
$ResourceGroupsForAllSubscriptions | ogv

role assignments, list for a user

Get-AzRoleAssignment -SignInName frodo@theshire.com

roles, list

Get-AzRoleDefinition | ogv

–S–

storage account, in which Azure CLI resides

df

will show the file path to clouddrive, which includes storage account name and fileshare in the URL1. The format of the file path will be something like //filesharename.file.core.windows.net/cs-userid-schoolofhardknocks-edu-filesharename where "cs7233303327393af72" is substituted for "filesharename".

storage account keys, list

az storage account keys list -g <ResourceGroupname> -n <StorageAccountname>

where <ResourceGroupname> is something like "cloud-shell-storage-southcentralus" and <StorageAccountname> is something like "cs7233303327393af72"

storage accounts, list

az storage account list -o table

subscriptions, list

Get-AzSubscription

subscription, change context

you’ll probably first want to list your subscriptions so you can get a subscription ID

Set-AzContext -Subscription "dec98b56-ea77-8195-a1cd-9eda38fcb638" -Name "dev"

I thought the following would set the context to all my available subscriptions. But instead, it only seems to set the context one at a time, leaving you with the context of whichever subscription happens to be last.

Get-AzSubscription | Set-AzContext

–T–

tenant ID

(Get-MgOrganization).ID

–U–

–V–

VM availability zone

to find which availability zone for just one VM in one Resource Group (only works from Azure CLI / Cloud Shell):

az vm show --resource-group My-TEST-Resource-Group --name testVM1 --query "zones" --output tsv

VM joined to AAD?

from command line on the VM

dsregcmd /status

VMs, list

Get-AzVM | select Name, ResourceGroupName, Location, @{n="VMSize";e={$_.HardwareProfile.VmSize}}, @{n="OSType";e={$_.StorageProfile.OsDisk.OsType}}, @{n="NIC";e={$_.NetworkProfile.NetworkInterfaces[0].Id.Split("/")[-1]}} | ft -a

VM powerState

view

That last PowerState field below lets us know whether a VM is "dealocated", in which case there won’t be any IP addresses. But if it returns blank:

Get-AzVM -VMName testVM1 -ResourceGroupName My-Resource-Group -Status | Select-Object -ExpandProperty Statuses | ? Code -like "PowerState/*"

or from Azure CLI / Cloud Shell:

az vm show -g My-TEST-Resource-Group -n testVM1 -d --query powerState

start

PowerShell

Start-AzVM -ResourceGroupName MyRG -Name MyVM

Azure CLI

az vm start -g MyRG -n MyVM

stop

PowerShell

Stop-AzVM -ResourceGroupName MyRG -Name MyVM

Azure CLI

az vm deallocate -g MyRG -n MyVM

–W–

–X–

–Y–

–Z–