Azure AD B2C – Using the graph API

2016, May 01    

There’s a really good guide for getting started with CRUD operations in a AAD B2C tenant on the Azure documentation site;
https://azure.microsoft.com/en-gb/documentation/articles/active-directory-b2c-devquickstarts-graph-dotnet/

As per usual, I’ve ended up putting some powershell together to make it a bit more repeatable when I have to do this for multiple AAD tenants.

This particular script creates the application in the AAD tenant. I’ll be posting further scripts that show off doing some clever stuff when I’ve finished testing and polishing them.

#User Variables
$appName = "MeetR Audit Reporter"

#Make sure you've created a new user account in the old azure portal, that has permission to add a new App (Admin role works :)).
$AdminUserName = "myusername@mytenant.onmicrosoft.com"
$AdminUserPassword = 'myPassword'


Write-Host "Checking for AD Powershell module"
#You'll need to follow the guide here https://technet.microsoft.com/library/jj151815.aspx#bkmk_installmodule
$poshAdFound = get-item $env:SystemRootSystem32WindowsPowerShellv1.0ModulesMSOnlineMicrosoft.Online.Administration.Automation.PSModule.dll -ErrorAction SilentlyContinue
if ($poshAdFound -eq $null) { Write-Host "AD Powershell module not found, install it from here. https://technet.microsoft.com/library/jj151815.aspx#bkmk_installmodule" exit}

Write-Host "Connecting to AD tenant"
$securePwString = ConvertTo-SecureString -String $AdminUserPassword -AsPlainText -Force
$Credential = New-Object –TypeName System.Management.Automation.PSCredential –ArgumentList $AdminUserName, $securePwString
$msolcred = Get-Credential -Credential $Credential
Connect-MsolService -credential $msolcred

Write-Host "Creating client secret"
$bytes = New-Object Byte[] 32
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$rand.GetBytes($bytes)
$rand.Dispose()
$newClientSecret = [System.Convert]::ToBase64String($bytes)

Write-Host "Adding AD Application"
$newSP = New-MsolServicePrincipal -DisplayName $appName -Type password -Value $newClientSecret

Write-Host "Adding roles"
Add-MsolRoleMember -RoleObjectId 88d8e3e3-8f55-4a1e-953a-9b9898b8876b -RoleMemberObjectId $newSP.ObjectId -RoleMemberType servicePrincipal
Add-MsolRoleMember -RoleObjectId 9360feb5-f418-4baa-8175-e2a00bac4301 -RoleMemberObjectId $newSP.ObjectId -RoleMemberType servicePrincipal
Add-MsolRoleMember -RoleObjectId fe930be7-5e62-47db-91af-98c3a49a38b1 -RoleMemberObjectId $newSP.ObjectId -RoleMemberType servicePrincipal

Write-host $appname
Write-host "Client Secret : $newClientSecret"
Write-host "App Principal : $newSP.AppPrincipalId.ToString()"