Azure AD B2C – Using the graph API
2016, May 01
There’s a really good guide for getting started with CRUD operations in a AAD B2C tenant on the Azure documentation site;
https://azure.microsoft.com/en-gb/documentation/articles/active-directory-b2c-devquickstarts-graph-dotnet/
As per usual, I’ve ended up putting some powershell together to make it a bit more repeatable when I have to do this for multiple AAD tenants.
This particular script creates the application in the AAD tenant. I’ll be posting further scripts that show off doing some clever stuff when I’ve finished testing and polishing them.
#User Variables $appName = "MeetR Audit Reporter" #Make sure you've created a new user account in the old azure portal, that has permission to add a new App (Admin role works :)). $AdminUserName = "myusername@mytenant.onmicrosoft.com" $AdminUserPassword = 'myPassword' Write-Host "Checking for AD Powershell module" #You'll need to follow the guide here https://technet.microsoft.com/library/jj151815.aspx#bkmk_installmodule $poshAdFound = get-item $env:SystemRootSystem32WindowsPowerShellv1.0ModulesMSOnlineMicrosoft.Online.Administration.Automation.PSModule.dll -ErrorAction SilentlyContinue if ($poshAdFound -eq $null) { Write-Host "AD Powershell module not found, install it from here. https://technet.microsoft.com/library/jj151815.aspx#bkmk_installmodule" exit} Write-Host "Connecting to AD tenant" $securePwString = ConvertTo-SecureString -String $AdminUserPassword -AsPlainText -Force $Credential = New-Object –TypeName System.Management.Automation.PSCredential –ArgumentList $AdminUserName, $securePwString $msolcred = Get-Credential -Credential $Credential Connect-MsolService -credential $msolcred Write-Host "Creating client secret" $bytes = New-Object Byte[] 32 $rand = [System.Security.Cryptography.RandomNumberGenerator]::Create() $rand.GetBytes($bytes) $rand.Dispose() $newClientSecret = [System.Convert]::ToBase64String($bytes) Write-Host "Adding AD Application" $newSP = New-MsolServicePrincipal -DisplayName $appName -Type password -Value $newClientSecret Write-Host "Adding roles" Add-MsolRoleMember -RoleObjectId 88d8e3e3-8f55-4a1e-953a-9b9898b8876b -RoleMemberObjectId $newSP.ObjectId -RoleMemberType servicePrincipal Add-MsolRoleMember -RoleObjectId 9360feb5-f418-4baa-8175-e2a00bac4301 -RoleMemberObjectId $newSP.ObjectId -RoleMemberType servicePrincipal Add-MsolRoleMember -RoleObjectId fe930be7-5e62-47db-91af-98c3a49a38b1 -RoleMemberObjectId $newSP.ObjectId -RoleMemberType servicePrincipal Write-host $appname Write-host "Client Secret : $newClientSecret" Write-host "App Principal : $newSP.AppPrincipalId.ToString()"