# these are the command line steps to deploy TechIDManager.AzureAD by Ruffian Software LLC # All right resevered # copyright 2022 Ruffian Software LLC powershell az Connect-AzureAD # Set these values correctly $ClientGuid = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' $DomainGuid = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' # Function app and storage account names must be unique. $suffix = Get-Date -Format "MMddHHmm" $RGname = 'techidmgr' + $suffix + 'rg' $APname = 'techidmgr' + $suffix + 'fa' $SAname = 'techidmgr' + $suffix + 'sa' $SPname = 'techidmgr' + $suffix + 'sp' $region = 'eastus' # Create a resource resourceGroupName az group create --name $RGname --location $region # Create an azure storage account az storage account create --name $SAname --location $region --resource-group $RGname --sku Standard_LRS # Create an App Service plan az functionapp plan create --name $SPname --resource-group $RGname --location $region --sku B1 # Create a Function App az functionapp create --name $APname --storage-account $SAname --plan $SPname --resource-group $RGname --functions-version 3 --assign-identity [system] az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.ClientGuid=$ClientGuid" az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.DomainGuid=$DomainGuid" # upload the code/zip for the function # this one line can be rerun to update to a newer version if $suffix is set right az functionapp deployment source config-zip -g $RGname -n $APname --src .\TechIDManager.AzureAD_version_2.44.zip #grant the function app the role it needs to create/disable users and set passwords. Only the "Global administrator" role is allowed to do this. $svcPrincipalId = (Get-AzureADServicePrincipal -SearchString "$APname").ObjectId echo $svcPrincipalId $roleName = 'Global administrator' $role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq $roleName} echo $role Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $svcPrincipalId