I am looking for some guidance on combining a PowerShell script that combines the following scripts:
Connect-AzureAD
Revoke-AzureADUserAllRefreshToken -ObjectId [email protected]
Get-AzureADUserRegisteredDevice -ObjectId [email protected] | Set-AzureADDevice -AccountEnabled $false
What I am hoping to achieve is to combine all three cmdlets to a single script that my staff can run, where it will prompt for the user name that we wish to run the script upon. Assuming I need to add $ObjectID = Read-Host -Prompt
somewhere in this script.
Thank you in advance for any advice or guidance on how to do this.
CodePudding user response:
Assuming I understood your question and you just wanted a way to assemble all that together in the correct order, here it is.
# Use one or the other depending on if you want to use the username or objectID
$Username = Read-Host -Prompt
#$ObjectId = Read-Host -Prompt
Connect-AzureAD
# Use one or the other depending on if you want to use the username or objectID
$User = Get-AzureADUser -SearchString $Username
#$User = Get-AzureADUser -ObjectId $ObjectId
if ($null -ne $User) {
Revoke-AzureADUserAllRefreshToken -ObjectId $User.ObjectId
Get-AzureADUserRegisteredDevice -ObjectId $User.ObjectId | Set-AzureADDevice -AccountEnabled $false
} else {
Write-Warning "No user found with the specified criteria"
}
CodePudding user response:
Thank you for your help! I have tried your script but I am getting the following error:
Read-Host : Missing an argument for parameter 'Prompt'. Specificy a parameter of type 'System.Object' and try again
This is what I am hoping to do when staff run the script
- prompt for authenticate to Azure
- get prompted to enter a object ID for the departing staff that we wish to run the revoke commands to. Once entering the object ID, the script will then pass on the object ID to the the following:
- Revoke the user's Azure AD refresh tokens - refer to https://docs.microsoft.com/en-us/powershell/module/azuread/revoke-azureaduserallrefreshtoken
- Disable the user's device - refer to https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureaduserregistereddevice
I am basically looking to combine steps 2 & 3 from the Azure Active Directory environment part of this MS doc - https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/users-revoke-access
It is to add to our current user account off-boarding process