Search code examples
powershellazure-active-directory

Non-interactive way to authenticate to Azure AD using AADInternals?


I'm attempting to use the AADInternals toolkit to simplify the process of generating an Azure AD bulk enrollment provisioning package. However, it seems as if the provided AADInternals documentation only outlines interactive methods of authentication. Being that I'm trying to automate this process through a Powershell script, does anyone know if there is a way to authenticate the AADInternals toolset non-interactively, say through application-based authentication using Microsoft Graph? I haven't been able to determine this myself yet, but I was hoping someone here might have used AADInternals themselves and accomplished this. Thanks!


Solution

  • Non-interactive way to authenticate to Azure AD using AADInternals?

    • I agree with wenbo's comment, In AADInternals documentation and it seems that interactive login is required.
    • AADInternals primarily focuses on advanced operations with Azure Active Directory and is often used interactively due to the sensitive nature of its functions.

    non-interactively, say through application-based authentication using Microsoft Graph?

    You can use Microsoft Graph PowerShell SDK is a more modern, reliable, and secure way to automate provisioning tasks in Microsoft Entra ID (formerly Azure Active Directory). The SDK supports non-interactive logins via service principals, making it perfect for automated workflows

    You can install PowerShell SDK through this MS-Document.

    Create an app registration in the portal and fetch the client ID, tenant ID, and client secret from the app.

    Also, assign API permission like below:

    Portal: enter image description here

    You can use the below command thar will connect non-interactively to authenticate With Azure AD.

    Command:

    $clientId = "<value>"
    $SecuredPassword = "<value>"
    $tenantID = "<value>"
    
    $SecuredPasswordPassword = ConvertTo-SecureString `
    -String $SecuredPassword -AsPlainText -Force
    
    $ClientSecretCredential = New-Object `
    -TypeName System.Management.Automation.PSCredential `
    -ArgumentList $clientId, $SecuredPasswordPassword
    
    Connect-MgGraph -TenantId $tenantID -ClientSecretCredential $ClientSecretCredential
    
    Get-Mguser
    

    Output:

    Welcome to Microsoft Graph!
    
    Connected via apponly access using 7xxxxxx3d
    Readme: https://aka.ms/graph/sdk/powershell
    SDK Docs: https://aka.ms/graph/sdk/powershell/docs
    API Docs: https://aka.ms/graph/docs
    
    NOTE: You can use the -NoWelcome parameter to suppress this message.
    
    
    DisplayName                                           Id                                   Mail                                          UserPrincipalName                                  
    -----------                                           --                                   ----                                          -----------------                                  
    Conf Room Adams                                       fxxxxcb8-511a-4249-aa43-xxxxxxxxxxx [email protected]           [email protected]                
    Adele Vance                                           dacxxxxxxx05-4fc6-a787-90740bafxxxx                                              [email protected]               
    

    enter image description here