API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 18th, 2017
292
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.73 KB | None | 0 0
raw download clone embed print report
  1. # Requires Azure Resource Manager and Azure Active Directory Cmdlets
  2. # Install-Module AzureRM
  3. # Install-Module AzureADPreview
  4.  
  5. Login-AzureRmAccount
  6.  
  7. $TenantId = (Get-AzureRmSubscription).TenantId
  8. Connect-AzureAD -TenantId $TenantId
  9.  
  10. $ResourceGroupName = "TestRG"
  11. $Location = "westus2"
  12. $StorageAccountBaseName = -join ((97..122) | Get-Random -Count 19 | % {[char]$_})
  13.  
  14. $ResourceGroup = New-AzureRmResourceGroup -Name $ResourceGroupName -Location $Location
  15. $StorageAccountA = New-AzureRmStorageAccount -ResourceGroupName $ResourceGroup.ResourceGroupName -Name "$($StorageAccountBaseName)1a" -Kind Storage -SkuName Standard_LRS -Location $ResourceGroup.Location
  16. $StorageAccountB = New-AzureRmStorageAccount -ResourceGroupName $ResourceGroup.ResourceGroupName -Name "$($StorageAccountBaseName)1b" -Kind Storage -SkuName Standard_LRS -Location $ResourceGroup.Location
  17.  
  18. $StopWatch = New-Object -TypeName System.Diagnostics.Stopwatch
  19. $StopWatch.Start()
  20.  
  21. $GroupName = "TestADGroup"
  22. $ADGroup = New-AzureADGroup -DisplayName $GroupName -MailEnabled $False -SecurityEnabled $True -MailNickName "NotSet"
  23.  
  24.  
  25. $Domain = (Get-AzureADDomain).Name
  26. $UserName = "testStudent"
  27. $UserPrincipalName = "$UserName@$Domain"
  28. $Password = "Password"
  29. $PasswordPolicy = "DisablePasswordExpiration, DisableStrongPassword"
  30. $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
  31. $PasswordProfile.Password = $Password
  32. $ADUser = New-AzureADUser -AccountEnabled $True -DisplayName $UserName -MailNickName $UserName -UserPrincipalName $UserPrincipalName `
  33. -UserType "Member" -PasswordProfile $PasswordProfile -PasswordPolicies $PasswordPolicy
  34.  
  35. Add-AzureADGroupMember -ObjectId $ADGroup.ObjectId -RefObjectId $ADUser.ObjectId
  36.  
  37. $RbacFile = $env:TEMP + "\rbac.json"
  38. @"
  39. {
  40. "Name": "Reader Storage",
  41. "Id": null,
  42. "IsCustom": true,
  43. "Description": "Allows for read access to Azure storage",
  44. "Actions": [
  45. "Microsoft.Storage/*/read",
  46. "Microsoft.Storage/storageAccounts/listKeys/action"
  47. ],
  48. "NotActions": [
  49. ],
  50. "AssignableScopes": [
  51. "$($StorageAccountA.Id)"
  52. ]
  53. }
  54. "@ > $RbacFile
  55.  
  56. $RoleDefinition = New-AzureRmRoleDefinition -InputFile $RbacFile
  57.  
  58.  
  59. New-AzureRmRoleAssignment -ObjectId $ADGroup.ObjectId -RoleDefinitionId $RoleDefinition.Id -Scope $StorageAccountA.Id
  60.  
  61.  
  62. $StopWatch.Stop()
  63. "AD Group Created, User Created, User Added to Group, Role Created, Group Assigned to Role in:"
  64. $StopWatch.Elapsed.TotalSeconds
  65.  
  66. $StopWatch
  67. Remove-AzureRmRoleAssignment -ObjectId $ADGroup.ObjectId -RoleDefinitionId $RoleDefinition.Id -Scope $StorageAccountA.Id
  68.  
  69. Remove-AzureRmRoleDefinition -Id $RoleDefinition.Id -Force
  70.  
  71. Remove-AzureRmResourceGroup -Name $ResourceGroupName -Force
  72.  
  73. Remove-AzureADUser -ObjectId $ADUser.ObjectId
  74.  
  75. Remove-AzureADGroup -ObjectId $ADGroup.ObjectId
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!