Use -Filter instead of Where-Object to improve perf and avoid missed items
-Filter is the recommended way to filter objects because it filters them at the source (AAD) instead of fetching everything and filtering on the client. So the perf are better. Moreover, by default the cmdlets returns a limited number of items so it can miss stuff (except if using -All like it was done in some cases)
This commit is contained in:
Clément Notin
+12
-12
@@ -172,9 +172,9 @@ atomic_tests:
|
||||
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "#{username}", $Pword
|
||||
Connect-AzureAD -Credential $Credential
|
||||
|
||||
$user = Get-AzureADUser | where-object {$_.DisplayName -eq "#{user_principal_name}"}
|
||||
$user = Get-AzureADUser -Filter "DisplayName eq '#{user_principal_name}'"
|
||||
if ($user -eq $null) { Write-Warning "User not found"; exit }
|
||||
$role = Get-AzureADDirectoryRole | where-object {$_.DisplayName -eq "#{role_name}"}
|
||||
$role = Get-AzureADDirectoryRole -Filter "DisplayName eq '#{role_name}'"
|
||||
if ($role -eq $null) { Write-Warning "Role not found"; exit }
|
||||
Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $user.ObjectId
|
||||
Write-Host "User $($user.DisplayName) was added to $($role.DisplayName) role"
|
||||
@@ -184,9 +184,9 @@ atomic_tests:
|
||||
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "#{username}", $Pword
|
||||
Connect-AzureAD -Credential $Credential -ErrorAction Ignore
|
||||
|
||||
$user = Get-AzureADUser | where-object {$_.DisplayName -eq "#{user_principal_name}"}
|
||||
$user = Get-AzureADUser -Filter "DisplayName eq '#{user_principal_name}'"
|
||||
if ($user -eq $null) { Write-Warning "User not found"; exit }
|
||||
$role = Get-AzureADDirectoryRole | where-object {$_.DisplayName -eq "#{role_name}"}
|
||||
$role = Get-AzureADDirectoryRole -Filter "DisplayName eq '#{role_name}'"
|
||||
if ($role -eq $null) { Write-Warning "Role not found"; exit }
|
||||
|
||||
Remove-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -MemberId $user.ObjectId
|
||||
@@ -238,9 +238,9 @@ atomic_tests:
|
||||
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "#{username}", $Pword
|
||||
Connect-AzureAD -Credential $Credential
|
||||
|
||||
$sp = Get-AzureADServicePrincipal | where-object {$_.DisplayName -eq "#{service_principal_name}"}
|
||||
$sp = Get-AzureADServicePrincipal -Filter "DisplayName eq '#{service_principal_name}'"
|
||||
if ($sp -eq $null) { Write-Warning "Service Principal not found"; exit }
|
||||
$role = Get-AzureADDirectoryRole | where-object {$_.DisplayName -eq "#{role_name}"}
|
||||
$role = Get-AzureADDirectoryRole -Filter "DisplayName eq '#{role_name}'"
|
||||
if ($role -eq $null) { Write-Warning "Role not found"; exit }
|
||||
Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $sp.ObjectId
|
||||
Write-Host "Service Principal $($sp.DisplayName) was added to $($role.DisplayName)"
|
||||
@@ -250,9 +250,9 @@ atomic_tests:
|
||||
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "#{username}", $Pword
|
||||
Connect-AzureAD -Credential $Credential -ErrorAction Ignore
|
||||
|
||||
$sp = Get-AzureADServicePrincipal | where-object {$_.DisplayName -eq "#{service_principal_name}"}
|
||||
$sp = Get-AzureADServicePrincipal -Filter "DisplayName eq '#{service_principal_name}'"
|
||||
if ($sp -eq $null) { Write-Warning "Service Principal not found"; exit }
|
||||
$role = Get-AzureADDirectoryRole | where-object {$_.DisplayName -eq "#{role_name}"}
|
||||
$role = Get-AzureADDirectoryRole -Filter "DisplayName eq '#{role_name}'"
|
||||
if ($role -eq $null) { Write-Warning "Role not found"; exit }
|
||||
|
||||
Remove-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -MemberId $sp.ObjectId
|
||||
@@ -466,10 +466,10 @@ atomic_tests:
|
||||
|
||||
$aadApplication = New-AzureADApplication -DisplayName "#{application_name}"
|
||||
$servicePrincipal = New-AzureADServicePrincipal -AppId $aadApplication.AppId
|
||||
#$aadApplication = Get-AzureADApplication | Where-Object {$_.DisplayName -eq "#{application_name}"}
|
||||
#$aadApplication = Get-AzureADApplication -Filter "DisplayName eq '#{application_name}'"
|
||||
|
||||
#Get Service Principal of Microsoft Graph Resource API
|
||||
$graphSP = Get-AzureADServicePrincipal -All $true | Where-Object {$_.DisplayName -eq "Microsoft Graph"}
|
||||
$graphSP = Get-AzureADServicePrincipal -Filter "DisplayName eq 'Microsoft Graph'"
|
||||
|
||||
#Initialize RequiredResourceAccess for Microsoft Graph Resource API
|
||||
$requiredGraphAccess = New-Object Microsoft.Open.AzureAD.Model.RequiredResourceAccess
|
||||
@@ -500,7 +500,7 @@ atomic_tests:
|
||||
#Set permissions in existing Azure AD App
|
||||
Set-AzureADApplication -ObjectId $aadApplication.ObjectId -RequiredResourceAccess $requiredResourcesAccess
|
||||
|
||||
$servicePrincipal = Get-AzureADServicePrincipal -All $true | Where-Object {$_.AppId -eq $aadApplication.AppId}
|
||||
$servicePrincipal = Get-AzureADServicePrincipal -Filter "AppId eq '$aadApplication.AppId'"
|
||||
|
||||
New-AzureADServiceAppRoleAssignment -ObjectId $servicePrincipal.ObjectId -PrincipalId $servicePrincipal.ObjectId -ResourceId $graphSP.ObjectId -Id $reqPermission.Id
|
||||
|
||||
@@ -510,7 +510,7 @@ atomic_tests:
|
||||
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "#{username}", $Pword
|
||||
Connect-AzureAD -Credential $Credential
|
||||
|
||||
$aadApplication = Get-AzureADApplication | Where-Object {$_.DisplayName -eq "#{application_name}"}
|
||||
$aadApplication = Get-AzureADApplication -Filter "DisplayName eq '#{application_name}'"
|
||||
Remove-AzureADApplication -ObjectId $aadApplication.ObjectId
|
||||
|
||||
name: powershell
|
||||
|
||||
Reference in New Issue
Block a user