# these are the command line steps to deploy TechIDManager.AzureAD by Ruffian Software LLC # All right resevered # copyright 2022 Ruffian Software LLC # This script is meant to be run in powershell AFTER you have set the appropriate varaible in the first few lines. # Be aware that some of these steps will register resource providers in the azure tenant and can take up to 15 minutes # to complete some steps the first time they are run in a tenant. # Set these values correctly # this is the same client guid from the your TechIDManager TechClient and all other domain installs. $ClientGuid = 'yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy' # this is a unique to this domain guid. You can get this from the TechIDManager management console. or use the code for NewGuid to create a random guid $DomainGuid = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' # $DomainGuid = [GUID]::NewGuid().ToString() $RMMName = 'SET THIS VALUE' $FriendlyName = 'SET THIS VALUE' $InstallDir = 'c:\Set\This\To\The\Correct\Directory' ############################################ ## ## FILL IN HYBRID values near the bottom of this script if needed ## ############################################ # check all the variable to make sure they are set. if ($ClientGuid -eq 'yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy' -or $ClientGuid -eq '' -or $ClientGuid -eq $null ) { Write-Error '$ClientGuid needs to be set' -ErrorAction Stop } if ($DomainGuid -eq 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'-or $DomainGuid -eq '' -or $DomainGuid -eq $null ) { Write-Error '$DomainGuid needs to be set' -ErrorAction Stop } if ($InstallDir -eq 'c:\Set\This\To\The\Correct\Directory' -or $InstallDir -eq '' -or $InstallDir -eq $null ) { Write-Error '$InstallDir needs to be set' -ErrorAction Stop } if ($RMMName -eq 'SET THIS VALUE') { Write-Error '$RMMName needs to be set' -ErrorAction Stop } if ($FriendlyName -eq 'SET THIS VALUE') { Write-Error '$FriendlyName needs to be set' -ErrorAction Stop } # change directory to the location of the downloaded zipfile TechIDManager.AzureAD_version_?.??.zip cd $InstallDir try { az login Connect-AzureAD } catch { Write-Error 'Azure CLI appears to not be installed' -ErrorAction Stop } # Function app and storage account names must be unique. $suffix = Get-Date -Format "MMddHHmm" $RGname = 'techidmgr' + $suffix + 'rg' $APname = 'techidmgr' + $suffix + 'fa' $SAname = 'techidmgr' + $suffix + 'sa' $SPname = 'techidmgr' + $suffix + 'sp' $region = 'eastus' # Create a resource resourceGroupName az group create --name $RGname --location $region # Create an azure storage account az storage account create --name $SAname --location $region --resource-group $RGname --sku Standard_LRS # Create a Function App az functionapp plan create --name $SPname --resource-group $RGname --location $region --sku F1 az functionapp create --name $APname --storage-account $SAname --resource-group $RGname --functions-version 3 --assign-identity [system] --consumption-plan-location $region # Set the configuration variables. az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.ClientGuid=$ClientGuid" az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.DomainGuid=$DomainGuid" az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.RMMName=$RMMName" az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.FriendlyName=$FriendlyName" az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.HourToRun=5" ########################## # # Hybrid values # ########################## # az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.Hybrid=Yes|No" # az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.HybridDomainGuid=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" # az functionapp config appsettings set --name $APname --resource-group $RGname --settings "TechIDManager.DomainName=MyDomain.onmicrosoft.com" # upload the code/zip for the function # this one line can be rerun to update to a newer version if $suffix is set right az functionapp deployment source config-zip -g $RGname -n $APname --src .\TechIDManager.AzureAD_version_2.86.zip # grant the function app the role it needs to create/disable users and set passwords. Only the "Global administrator" role is allowed to do this. $svcPrincipalId = (Get-AzureADServicePrincipal -SearchString "$APname").ObjectId echo $svcPrincipalId $roleName = 'Global administrator' $role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq $roleName} echo $role Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $svcPrincipalId