When developing role actions/solutions for our identity management system, to extend into AD or Azure, parameters must be passed in and affect a given user or group that
the IDM is aware of. PowerShell makes this rather simple.
# syntax: AzureUserModify.ps1 -DomainID-RevokeAzureSTSRefreshTokens param( [string] $DomainID = $null, [switch] $RevokeAzureSTSRefreshTokens = $False ) # Logging $ErrorActionPreference = "Continue" $logDir = "C:\logs\azure\" $timeStamp = Get-Date -Format "yyyymmdd" $logFile = "AzureUserModify_$($timeStamp).log" Start-Transcript (Join-Path $logDir $logFile) -Append # Use TLS 1.2 - might be needed for is-toolbox [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 if ($DomainID -notlike $null) { If ($RevokeAzureSTSRefreshTokens -eq $True) { $upn = get-aduser $DuckID | select -ExpandProperty UserPrincipalName #PROD $secpasswd = ConvertTo-SecureString "********************" -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential("[email protected]", $secpasswd) Connect-AzureAD -Credential $cred #TEST #$secpasswd = ConvertTo-SecureString "********************" -AsPlainText -Force #$cred = New-Object System.Management.Automation.PSCredential("[email protected]", $secpasswd) #Connect-AzureAD -Credential $cred Write-Host "UserPrincipalName: $upn" Write-Host "$DomainID - Revoking token..." Get-AzureADUser -ObjectId $upn | Revoke-AzureADUserAllRefreshToken } If ($RevokeAzureSTSRefreshTokens -eq $False) { Write-Host "Revoke Token parameter NOT called, no action taken." } } If ($DomainID -like $null) { Write-Host "No DomainID parameter provided, no action taken." } Stop-Transcript