Home > Blockchain >  Connect-MgGraph without user interaction
Connect-MgGraph without user interaction

Time:11-01

I want to connect MgGraph without user interaction.

Normally we use normal command like Connect-MgGraph

I found that we can do that by passing certificate as parameter. From powershell, there are many scripts but unable to get any from Graph api.

How to create certificate from Microsoft graph Api?

TIA

CodePudding user response:

Step 1

Open an admin PowerShell prompt and run the below command to create the self-assign certificate

$pwd = "abc@xyz#"
$thumb = (New-SelfSignedCertificate -DnsName "script.mydomain.com" -CertStoreLocation "cert:\LocalMachine\My"  -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter (Get-Date).AddMonths(24)).Thumbprint
$pwd = ConvertTo-SecureString -String $pwd -Force -AsPlainText
Export-PfxCertificate -cert "cert:\localmachine\my\$thumb" -FilePath c:\user\cert.pfx -Password $pwd

where

  • “abc@xyz#” with your own complex password.
  • NotAfter (Get-Date).AddMonths(24) here we are setting the expiring date for the certificate, now 24 months in this case. Adjust as required
  • “c:\user\cert.pfx” with where you would like a copy of the certificate saved

Step 2

Before we can upload the certificate to Azure, we need to convert the certificate to Base64. You could use the certificates MMC snap-in as we marked the certificate as exportable or run the below PowerShell,

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("C:\user\cert.pfx", "abc@xyz#")
$keyValue = [System.Convert]::ToBase64String($cert.GetRawCertData()) | Out-File c:\user\cert_base64.crt

where "c:\user\cert_base64.crt" is your new base64 certificate path

Step 3

upload certificate to azure portal enter image description here

Step 4

then copy the thumbprint , we will use in below command enter image description here

Step 5

Connect to Azure

$tenantID = "<Your Tenant ID>"
$applicationID = "<Your Application ID>"
$thumbprint = "<Your Certificate Thumbprint>"
 
Connect-MgGraph -ClientID $applicationID -TenantId $tenantID - CertificateThumbprint $thumbprint

Ger all Azure AD Users /

Get-MgUser

Hope this helps

Thanks

  • Related