# these are the command line steps to deploy TechIDManager.AzureAD by Ruffian Software LLC # All right resevered # copyright 2022 Ruffian Software LLC powershell az Connect-AzureAD # Set these values correctly # this is the same client guid from the your TechIDManager TechClient and all other domain installs. $ClientGuid = 'yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy' #this is a unique to this domain guid. You can get this from the TechIDManager management console. $DomainGuid = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' $RMMName = 'SET THIS VALUE' $FriendlyName = 'SET THIS VALUE' # Function app and storage account names must be unique. $suffix = Get-Date -Format "MMddHHmm" $RGname = 'techidmgr' + $suffix + 'rg' $APname = 'techidmgr' + $suffix + 'fa' $SAname = 'techidmgr' + $suffix + 'sa' $SPname = 'techidmgr' + $suffix + 'sp' $region = 'eastus' # Create a resource resourceGroupName az group create --name $RGname --location $region # Create an azure storage account az storage account create --name $SAname --location $region --resource-group $RGname --sku Standard_LRS # Create a Function App az functionapp create --name $APname --storage-account $SAname --resource-group $RGname --functions-version 3 --assign-identity [system] --consumption-plan-location $region # Set the configuration variables. az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.ClientGuid=$ClientGuid" az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.DomainGuid=$DomainGuid" az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.RMMName=$RMMName" az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.FriendlyName=$FriendlyName" az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.HourToRun=5" # upload the code/zip for the function # this one line can be rerun to update to a newer version if $suffix is set right az functionapp deployment source config-zip -g $RGname -n $APname --src .\TechIDManager.AzureAD_version_2.56.zip # grant the function app the role it needs to create/disable users and set passwords. Only the "Global administrator" role is allowed to do this. $svcPrincipalId = (Get-AzureADServicePrincipal -SearchString "$APname").ObjectId echo $svcPrincipalId $roleName = 'Global administrator' $role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq $roleName} echo $role Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $svcPrincipalId