AADInternals: PowerShell module for administering Azure AD and Office 365
AAD Internals is a PowerShell module where I’ve tried to put all the knowledge I’ve gained during the years spent with Office 365 and Azure AD. It is a result of hours of reverse-engineering and debugging of Microsoft tools related to Azure AD, such as PowerShell modules, directory synchronization, and admin portals.
The module is a plain PowerShell script module, so you can copy and paste the code to your own scripts as needed. Having said that, the are some functions that are utilizing the built-in functionality of Windows. Thus, everything might not work on every computer.
Playing with access tokens
Most of the functions are using REST APIs which require OAuth access tokens. The AADInternals module is using four types of access tokens:
|AAD Graph||Get-AADIntAccessTokenForAADGraph||Functions using AAD Graph access token have a cache, so no need pass it as parameter every time. If credentials are not passed, will prompt for credentials (supports MFA).|
|MS Graph||Get-AADIntAccessTokenForMSGraph||Not used in this version.|
|Pass-Through Authentication||Get-AADIntAccessTokenForPTA||Used when enabling/disabling PTA.|
|Azure Admin Portal||Get-AADIntAuthTokenForAADIAMAPI||Used when inviting guest users.|
|Exchange Online||Get-AADIntAccessTokenForEXO||Used with Exchange Online and ActiveSync functions|
|Support and Recovery Assistant||Get-AADIntAccessTokenForSARA||Used with Support and Recovery Assistant functions|
|SharePoint Online||Get-AADIntSPOAuthenticationHeader||Used with SharePoint Online functions|
Copyright (c) 2018-2019 Gerenios Ltd / Nestori Syynimaa