Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tools4everbv/helloid-task-sa-target-azureactivedirectory-accountpasswordreset

Azure Active Directory - User account reset password
https://github.com/tools4everbv/helloid-task-sa-target-azureactivedirectory-accountpasswordreset

azure-active-directory delegated-form powershell product service-automation task

Last synced: about 2 months ago
JSON representation

Azure Active Directory - User account reset password

Host: GitHub
URL: https://github.com/tools4everbv/helloid-task-sa-target-azureactivedirectory-accountpasswordreset
Owner: Tools4everBV
Created: 2023-03-14T14:20:04.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2024-01-10T11:23:31.000Z (12 months ago)
Last Synced: 2024-01-10T12:38:17.730Z (12 months ago)
Topics: azure-active-directory, delegated-form, powershell, product, service-automation, task
Language: PowerShell
Homepage:
Size: 34.2 KB
Stars: 0
Watchers: 4
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# HelloID-Task-SA-Target-AzureActiveDirectory-AccountPasswordReset

## Prerequisites
Before using this snippet, verify you've met with the following requirements:

- [ ] AzureAD app registration
- [ ] The correct app permissions for the app registration.
Note that in addition to the app permissions in de app registration itself (User.ReadWrite.all), the app must also be added tot the PasswordAdministrator role in Azure AD to be allowed to change the password.
- [ ] User defined variables: `AADTenantID`, `AADAppID` and `AADAppSecret` created in your HelloID portal.

## Description

This code snippet executes the following tasks:

1. Define a hash table `$formObject`. The keys of the hash table represent the properties of the [User Update WebRequest](https://learn.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=http#response-2), while the values represent the values entered in the form.

> To view an example of the form output, please refer to the JSON code pasted below.

```json
{
"UserIdentity": "[email protected]",
"password" : "mySecretpassword191287436235^",
"ChangePasswordAtNextLogon" : true
}
```

> :exclamation: It is important to note that the names of your form fields might differ. Ensure that the `$formObject` hashtable is appropriately adjusted to match your form fields.
> The **UserIdentity** can hold different values [See the Microsoft Docs page](https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http#http-request)

2. Receive a bearer token by making a POST request to: `https://login.microsoftonline.com/$AADTenantID/oauth2/token`, where `$AADTenantID` is the ID of your Azure Active Directory tenant.

3. Looks up the user in Azure by its UPN, by making a GET request to `https://graph.microsoft.com/v1.0/users/$($formObject.UserIdentity)`. This is done to get the ObjectId of the user in Azure.

4. Resets the password of the user.