Oct 23 2020
12:26 AM
- last edited on
Jan 14 2022
04:28 PM
by
TechCommunityAP
Oct 23 2020
12:26 AM
- last edited on
Jan 14 2022
04:28 PM
by
TechCommunityAP
Hi,
I am trying to get list of SPNs that are going to expire soon. Using Graph API I am executing below powershell script.
I am getting output appid and name always but StartDate and EndDate are not displaying for few of SPN.
Can you please help how to get it ?
Below is Power shell script I am using:
$TenantId = "*************"
$ClientId = "*************"
$ClientSecret = "*************"
$Body = @{
'tenant' = $TenantId
'client_id' = $ClientId
'scope' = 'https://graph.microsoft.com/.default'
'client_secret' = $ClientSecret
'grant_type' = 'client_credentials'
}
$Params = @{
'Uri' = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"
'Method' = 'Post'
'Body' = $Body
'ContentType' = 'application/x-www-form-urlencoded'
}
$AuthResponse = Invoke-RestMethod @Params
$Headers = @{'Authorization' = "Bearer $($AuthResponse.access_token)"}
$method = "GET"
$uri2 = "https://graph.microsoft.com/v1.0/applications/{Id}"
$query2 = Invoke-WebRequest -Method $method -Uri $uri2 -ContentType "application/json" -Headers $Headers -ErrorAction Stop
$query2.content | ConvertFrom-Json | select appId,displayName,@{l="SecretExpiryDate";e={$pwdcreds2.passwordCredentials.endDateTime}}
$pwdcreds2.passwordCredentials
I have another Powershell script it is giving startdate and enddate for same SPN but the problem is my Org is not allowed to fetch APP details from Azure AD due to security guidelines.
$ServicePrincipalIds = Get-AzADServicePrincipal | Where {$_.DisplayName -like '*'}
foreach($ServicePrincipalId in $ServicePrincipalIds)
{
$ServicePrincipalInfo = Get-AzADSpCredential -ObjectId $ServicePrincipalId.Id
$ServicePrincipalInfo
}
Oct 23 2020 09:05 AM
SolutionWell what exactly is:
$pwdcreds2
as that's what you are using to parse for passwordCredentials. For the record, I can see them just fine in Graph explorer or calling the Graph API directly via PowerShell.
$result = ($test.Content | ConvertFrom-Json).passwordCredentials.startDateTime
Oct 26 2020 07:46 AM
@VasilMichev thank you so much for reply.
I execute my powershell script by adding your command but it is not resulting anything. I guess if servicePrincipal has too many start and end date it is failing to convertfrom json.
Another powershell script resulting all list of start and end dates. Below is screen shot.
Can you please check sample data from your end 🙂 and suggest me how to get result from API.
Thanks again for your help and support so far.
Regards,
Brahma
Oct 23 2020 09:05 AM
SolutionWell what exactly is:
$pwdcreds2
as that's what you are using to parse for passwordCredentials. For the record, I can see them just fine in Graph explorer or calling the Graph API directly via PowerShell.
$result = ($test.Content | ConvertFrom-Json).passwordCredentials.startDateTime