# these are the command line steps to deploy TechIDManager.AzureAD by Ruffian Software LLC # All right resevered # copyright 2022 Ruffian Software LLC # This script is meant to be run in powershell AFTER you have set the appropriate varaible in the first few lines. # Be aware that some of these steps will register resource providers in the azure tenant and can take up to 15 minutes # to complete some steps the first time they are run in a tenant. # Set these values correctly # this is the same client guid from the your TechIDManager TechClient and all other domain installs. $ClientGuid = 'yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy' # this is a unique to this domain guid. You can get this from the TechIDManager management console. or use the code for NewGui to create a random guid $DomainGuid = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' # $DomainGuid = [GUID]::NewGuid().ToString() $RMMName = 'SET THIS VALUE' $FriendlyName = 'SET THIS VALUE' # change directory to the location of the downloaded zipfile TechIDManager.AzureAD_version_?.??.zip cd "c:\Set\This\To\The\Correct\Directory" az login Connect-AzureAD # Function app and storage account names must be unique. $suffix = Get-Date -Format "MMddHHmm" $RGname = 'techidmgr' + $suffix + 'rg' $APname = 'techidmgr' + $suffix + 'fa' $SAname = 'techidmgr' + $suffix + 'sa' $SPname = 'techidmgr' + $suffix + 'sp' $region = 'eastus' # Create a resource resourceGroupName az group create --name $RGname --location $region # Create an azure storage account az storage account create --name $SAname --location $region --resource-group $RGname --sku Standard_LRS # Create a Function App az functionapp plan create --name $SPname --resource-group $RGname --location $region --sku F1 az functionapp create --name $APname --storage-account $SAname --resource-group $RGname --functions-version 3 --assign-identity [system] --consumption-plan-location $region # Set the configuration variables. az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.ClientGuid=$ClientGuid" az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.DomainGuid=$DomainGuid" az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.RMMName=$RMMName" az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.FriendlyName=$FriendlyName" az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.HourToRun=5" # az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.Hybrid=Yes|No" # az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.HybridDomainGuid=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" # az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.DomainName=MyDomain.onmicrosoft.com" # upload the code/zip for the function # this one line can be rerun to update to a newer version if $suffix is set right az functionapp deployment source config-zip -g $RGname -n $APname --src .\TechIDManager.AzureAD_version_2.78.zip # grant the function app the role it needs to create/disable users and set passwords. Only the "Global administrator" role is allowed to do this. $svcPrincipalId = (Get-AzureADServicePrincipal -SearchString "$APname").ObjectId echo $svcPrincipalId $roleName = 'Global administrator' $role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq $roleName} echo $role Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $svcPrincipalId