DrZl0

Azure AD - USB Token PowerShell

Apr 19th, 2021
669
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #Gets a user from Azure AD, including the associated FIDO and NGC keys.
  2.  
  3. Get-AzureADUserEx [-All] -AccessToken <String> [-TenantId <Guid>] [<CommonParameters>]
  4. Get-AzureADUserEx -AccessToken <String> -ObjectId <Guid> [-TenantId <Guid>] [<CommonParameters>]
  5. Get-AzureADUserEx -AccessToken <String> -UserPrincipalName <String> [-TenantId <Guid>] [<CommonParameters>]
  6.  
  7. #Displays info about Azure AD users with key credentials. Authentication is handled by the AzureAD module.
  8.  
  9. #Example 1
  10.  
  11. Install-Module -Name AzureAD,DSInternals -Force
  12. Connect-AzureAD
  13. $token = [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken'].AccessToken
  14. Get-AzureADUserEx -All -Token $token | Where-Object KeyCredentials -ne $null
  15.  
  16. <# Sample Output:
  17.  
  18. ObjectId: af4cf208-16e0-429d-b574-2a09c5f30dea
  19. UserPrincipalName: john@contoso.com
  20. Enabled: True
  21. DisplayName: John Doe
  22. Key Credentials:
  23.   Usage=FIDO, Source=AzureAD, Device=00000000-0000-0000-0000-000000000000, Created=12/12/2019 9:42:21 AM
  24.   Usage=NGC, Source=AzureAD, Device=cbad3c94-b480-4fa6-9187-ff1ed42c4479, Created=11/17/2015 8:17:13 AM
  25.  
  26. ObjectId: 5dd9c7f0-9441-4c5a-b2df-ca7b889d8c4c
  27. UserPrincipalName: peter@contoso.com
  28. Enabled: True
  29. DisplayName: Peter Smith
  30. Key Credentials:
  31.   Usage=NGC, Source=AzureAD, Device=21c915a8-0326-47c4-8985-2aceda00eaee, Created=12/26/2019 1:22:17 PM
  32.   Usage=NGC, Source=AzureAD, Device=ec45d71b-b5dd-45dc-beaf-e248cbcb2bd3, Created=12/24/2019 9:44:56 AM
  33.  
  34. #>
  35.  
  36. #Lists all FIDO2 tokens registered in an Azure AD tenant, but only on accounts that are enabled.
  37.  
  38. Install-Module -Name AzureAD,DSInternals -Force
  39. Connect-AzureAD
  40. $token = [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken'].AccessToken
  41. Get-AzureADUserEx -All -Token $token | Where-Object Enabled -eq $true | Select-Object -ExpandProperty KeyCredentials |            Where-Object Usage -eq FIDO | Format-Table -View FIDO
  42.  
  43. <# Sample Output:
  44.  
  45. DisplayName               AAGUID                               Alg   Counter Created    Owner
  46. -----------               ------                               ---   ------- -------    -----
  47. SoloKeys Tap              8876631b-d4a0-427f-5773-0ec71c9e0279 ES256     274 2019-08-29 james@contoso.com
  48. SoloKeys Solo             8876631b-d4a0-427f-5773-0ec71c9e0279 ES256     281 2019-08-29 thomas@contoso.com
  49. eWBM Goldengate G320      87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c ES256      83 2019-08-29 jane@contoso.com
  50. eWBM Goldengate G310      95442b2e-f15e-4def-b270-efb106facb4e ES256       4 2019-08-29 mary@contoso.com
  51. Feitian BioPass FIDO2     77010bd7-212a-4fc9-b236-d2ca5e9d4084 ES256     261 2019-08-26 george@contoso.com
  52. Yubico Security Key FIDO2 f8a011f3-8c0a-4d15-8006-17111f9edc7d ES256     257 2019-08-26 matt@contoso.com
  53. Feitian AllinPass FIDO2   12ded745-4bed-47d4-abaa-e713f51d6393 ES256     231 2019-08-26 jenny@contoso.com
  54. YubiKey 5                 fa2b99dc-9e39-4257-8f92-4a30d23c4118 ES256     229 2019-08-26 jill@contoso.com
  55. YubiKey 5                 cb69481e-8ff7-4039-93ec-0a2729a154a8 ES256      25 2019-12-12 john@contoso.com
  56. Feitian All-In-Pass       12ded745-4bed-47d4-abaa-e713f51d6393 ES256    1398 2020-03-31 peter@contoso.com
  57. eWBM Goldengate G320      87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c ES256      37 2019-08-29 joe@contoso.com
  58. eWBM Goldengate G310      95442b2e-f15e-4def-b270-efb106facb4e ES256      48 2019-08-29 joe@contoso.com
  59.  
  60. #>
  61.  
  62. Lists weak public keys registered in Azure Active Directory that were generated on ROCA-vulnerable TPMs.
  63.  
  64. Get-AzureADUserEx -All -Token $token | Where-Object Enabled -eq $true | Select-Object -ExpandProperty KeyCredentials | Where-Object Usage -eq NGC | Format-Table -View ROCA
  65.  
  66. <# Sample Output:
  67.  
  68. Usage IsWeak Source  DeviceId                             Created    Owner
  69. ----- ------ ------  --------                             -------    -----
  70. NGC   True   AzureAD fd591087-245c-4ff5-a5ea-c14de5e2b32d 2017-07-19 joe@contoso.com
  71. NGC   False  AzureAD 1966d4da-14da-4581-a7a7-5e8e07e93ad9 2019-08-01 peter@contoso.com
  72.  
  73. #>
  74.  
  75. #Gets information about a single Azure Active Directory user. If necessary, the access token is automatically refreshed by the standard #Get-AzureADTenantDetail cmdlet.
  76.  
  77. Get-AzureADTenantDetail | Out-Null
  78. $token = [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken'].AccessToken
  79. Get-AzureADUserEx -UserPrincipalName 'john@contoso.com' -Token $token
  80.  
  81. <# Sample Output:
  82.  
  83. ObjectId: af4cf208-16e0-429d-b574-2a09c5f30dea
  84. UserPrincipalName: john@contoso.com
  85. Enabled: True
  86. DisplayName: John Doe
  87. Key Credentials:
  88.   Usage=FIDO, Source=AzureAD, Device=00000000-0000-0000-0000-000000000000, Created=12/12/2019 9:42:21 AM
  89.   Usage=NGC, Source=AzureAD, Device=cbad3c94-b480-4fa6-9187-ff1ed42c4479, Created=11/17/2015 8:17:13 AM
  90.  
  91. #>
  92.  
  93. #Displays details about FIDO2 keys registered in Azure Active Directory by a specific user.
  94.  
  95. Get-AzureADUserEx -UserPrincipalName 'john@contoso.com' -AccessToken $token | ForEach-Object { $PSItem.KeyCredentials.FidoKeyMaterial }
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×