param( [Parameter(Mandatory=$true, HelpMessage="The guid for the subscription you'll be deploying to.")] [string]$azureSubscriptionId, [Parameter(Mandatory=$true, HelpMessage="The name of the azure app service that you'll be deploying to.")] [string]$appServiceName ) $ErrorActionPreference = 'Stop' Import-Module Az Import-Module Az.Resources # this is the friendly-ish name and info for your application # NOTE: this is the name of the Active Directory Application not the AppService $appServiceDefaultDomain = "$appServiceName.azurewebsites.net" $activeDirectoryApplicationDisplayName = $appServiceName $activeDirectoryApplicationHomePage = "https://$appServiceDefaultDomain" $credentialStartTime = [DateTime]::Now $credentialEndTime = $credentialStartTime.AddYears(1) # Login to Azure Connect-AzAccount Write-Output "Getting subscription using Get-AzSubscription..." Write-Output "Requested subscription: $azureSubscriptionId" $subscription = (Get-AzSubscription -SubscriptionId $azureSubscriptionId) if ($null -eq $subscription) { Write-Output "Subscription is null" exit } else { Write-Output "Got subscription using Get-AzSubscription..." } $subscriptionId = $subscription.Id $subscriptionName = $subscription.Name $tenantId = $subscription.tenantId Write-Output "Subscription Id: $subscriptionId" Write-Output "Subscription Name: $subscriptionName" Write-Output "Tenant Id: $tenantId" Write-Output "Calling Set-AzContext..." Set-AzContext -SubscriptionId $subscriptionId -TenantId $tenantId # create application in AAD Write-Output "Calling New-AzADApplication..." New-AzADApplication -DisplayName $activeDirectoryApplicationDisplayName -HomePage $activeDirectoryApplicationHomePage -OutVariable app if ($app -eq $null) { Write-Output "Call to New-AzADApplication returned null." exit } else { Write-Output "Got application from New-AzADApplication..." Write-Output $app } $servicePrincipalClientId = $app.AppId Write-Output "Calling New-AzADAppCredential..." New-AzADAppCredential -ApplicationId $app.AppId -StartDate $credentialStartTime -EndDate $credentialEndTime -OutVariable generatedCredential if ($generatedCredential -eq $null) { Write-Output "Call to New-AzADAppCredential returned null." exit } else { Write-Output "Got generated credential from New-AzADAppCredential..." Write-Output $generatedCredential } $generatedSecretText = $generatedCredential.SecretText Write-Output "SecretText: $generatedSecretText" Write-Output "Calling New-AzADServicePrincipal..." New-AzADServicePrincipal -ApplicationId $app.AppId -OutVariable servicePrincipal if ($servicePrincipal -eq $null) { Write-Output "Call to New-AzADServicePrincipal returned null." exit } else { Write-Output "Got service principal from New-AzADServicePrincipal..." Write-Output $servicePrincipal } Write-Output $servicePrincipal Write-Output "Pausing for a bit to let New-AzureRmADServicePrincipal catch up before adding role assignment..." Start-Sleep -s 10 Write-Output "Calling New-AzRoleAssignment..." New-AzRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $app.AppId -OutVariable roleAssignment if ($roleAssignment -eq $null) { Write-Output "Call to New-AzRoleAssignment returned null." exit } else { Write-Output "Got role assignment from New-AzRoleAssignment..." Write-Output $roleAssignment } Write-Output $roleAssignment Write-Output "Reloading what we just created..." Get-AzADApplication -DisplayNameStartWith $activeDirectoryApplicationDisplayName -OutVariable reloadedApp Get-AzADServicePrincipal -ServicePrincipalName $reloadedApp.AppId -OutVariable SPN Write-Output "Here's the SPN..." Write-Output $SPN $nowTicks = [DateTime]::Now.Ticks; $keyValueFilename = "service-principal-info-$nowTicks.txt" # create an instance of StringBuilder $sb = New-Object System.Text.StringBuilder [void]$sb.AppendLine() [void]$sb.AppendLine("******************************") [void]$sb.AppendLine() [void]$sb.AppendLine("Here's all the info you need.") [void]$sb.AppendLine() [void]$sb.AppendLine("Subscription Id:") [void]$sb.AppendLine("$subscriptionId") [void]$sb.AppendLine() [void]$sb.AppendLine("Subscription Name:") [void]$sb.AppendLine("$subscriptionName") [void]$sb.AppendLine() [void]$sb.AppendLine("Service Principal Client Id:") [void]$sb.AppendLine("$servicePrincipalClientId") [void]$sb.AppendLine() [void]$sb.AppendLine("Service Principal Key:") [void]$sb.AppendLine("$generatedSecretText") [void]$sb.AppendLine() [void]$sb.AppendLine("Tenant Id:") [void]$sb.AppendLine("$tenantId") [void]$sb.AppendLine() [void]$sb.AppendLine("******************************") [void]$sb.AppendLine("Script created by Benjamin Day") [void]$sb.AppendLine("Benjamin Day Consulting, Inc.") [void]$sb.AppendLine("https://www.benday.com") [void]$sb.AppendLine("info@benday.com") [void]$sb.AppendLine("******************************") [void]$sb.AppendLine() $sb.ToString() | Out-File .\$keyValueFilename Write-Output $sb.ToString() Write-Output "This info is also written to $keyValueFilename" Write-Output "Done."