• Stars
    star
    230
  • Rank 174,053 (Top 4 %)
  • Language
    PowerShell
  • License
    MIT License
  • Created almost 3 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Repository for the Microsoft Identity Tools PowerShell module which provides various tools for performing enhanced Identity administration activities.

PSGallery Version PSGallery Downloads PSGallery Platform

The Microsoft Identity Tools PowerShell module provides various tools for performing enhanced Identity administration activities. It is intended to address more complex business scenarios that can't be met solely with the use of MS Graph PowerShell SDK module.

What is contained in the MSIdentityTools module?

A collection of cmdlets that use the MS Graph SDK PowerShell module to simplify common tasks for administrators of Azure AD tenants.

How do I install the module?

The module can be found and installed from the PowerShell gallery at PowerShell Gallery: MSIdentity Tools or can be downloaded from the releases page on this repo.

What are the cmdlets in this module?

View the latest list of cmdlets on the cmdlet summary page.

Command Synopsys
Add-MsIdServicePrincipal Create service principal for existing application registration
Confirm-MsIdJwtTokenSignature Validate the digital signature for JSON Web Token.
ConvertFrom-MsIdAadcAadConnectorSpaceDn Convert Azure AD connector space object Distinguished Name (DN) in AAD Connect
ConvertFrom-MsIdAadcSourceAnchor Convert Azure AD Connect metaverse object sourceAnchor or Azure AD ImmutableId to sourceGuid.
ConvertFrom-MsIdJwtToken Convert Msft Identity token structure to PowerShell object.
ConvertFrom-MsIdSamlMessage Convert SAML Message structure to PowerShell object.
ConvertFrom-MsIdUniqueTokenIdentifier Convert Azure AD Unique Token Identifier to Request Id.
Expand-MsIdJwtTokenPayload Extract Json Web Token (JWT) payload from JWS structure to PowerShell object.
Export-MsIdAppConsentGrantReport Lists and categorizes privilege for delegated permissions (OAuth2PermissionGrants) and application permissions (AppRoleAssignments).
Find-MsIdUnprotectedUsersWithAdminRoles Find Users with Admin Roles that are not registered for MFA
Get-MsIdAdfsSamlToken Initiates a SAML logon request to and AD FS server to generate log activity and returns the user token.
Get-MsIdAdfsSampleApp Returns the list of availabe sample AD FS relyng party trust applications available in this module. These applications do NOT use real endpoints and are meant to be used as test applications.
Get-MsIdAdfsWsFedToken Initiates a Ws-Fed logon request to and AD FS server to generate log activity and returns the user token.
Get-MsIdAdfsWsTrustToken Initiates a Ws-Trust logon request to and AD FS server to generate log activity and returns the user token.
Get-MsIdApplicationIdByAppId Lookup Application Registration by AppId
Get-MsIdAuthorityUri Build Microsoft Identity Provider Authority URI
Get-MsIdAzureIpRange Get list of IP ranges for Azure
Get-MsIdCrossTenantAccessActivity Gets cross tenant user sign-in activity
Get-MsIdGroupWithExpiration Return groups with an expiration date via lifecycle policy.
Get-MsIdGroupWritebackConfiguration Gets the group writeback configuration for the group ID
Get-MsIdHasMicrosoftAccount Returns true if the user's mail is a Microsoft Account
Get-MsIdInactiveSignInUser Retrieve Users who have not had interactive sign ins since XX days ago
Get-MsIdIsViralUser Returns true if the user's mail domain is a viral (unmanaged) Azure AD tenant.
Get-MsIdMsftIdentityAssociation Parse Microsoft Identity Association Configuration for a Public Domain (such as published apps)
Get-MsIdO365Endpoints Get list of URLs and IP ranges for O365
Get-MsIdOpenIdProviderConfiguration Parse OpenId Provider Configuration and Keys
Get-MsIdProvisioningLogStatistics Get Statistics for Set of Azure AD Provisioning Logs
Get-MsIdSamlFederationMetadata Parse Federation Metadata
Get-MsIdServicePrincipalIdByAppId Lookup Service Principal by AppId
Get-MsIdSigningKeyThumbprint Get signing keys used by Azure AD.
Get-MsIdUnmanagedExternalUser Returns a list of all the external users in the tenant that are unmanaged (viral users).
Get-MsIdUnredeemedInvitedUser Retrieve Users who have not had interactive sign ins since XX days ago
Import-MsIdAdfsSampleApp Imports a list availabe sample AD FS relyng party trust applications available in this module, the list is created by the Get-MsIdAdfsSampleApps cmdlet. These applications do NOT use real endpoints and are meant to be used as test applications.
Import-MsIdAdfsSamplePolicy Imports the 'MsId Block Off Corp and VPN' sample AD FS access control policy. This policy is meant to be used as test policy.
Invoke-MsIdAzureAdSamlRequest Invoke Saml Request on Azure AD.
New-MsIdClientSecret Generate Random Client Secret for application registration or service principal in Azure AD.
New-MsIdSamlRequest Create New Saml Request.
New-MsIdTemporaryUserPassword Generate Random password for user in Azure AD.
New-MsIdWsTrustRequest Create a WS-Trust request.
Reset-MsIdExternalUser Resets the redemption state of an external user.
Resolve-MsIdAzureIpAddress Lookup Azure IP address for Azure Cloud, Region, and Service Tag.
Resolve-MsIdTenant Resolve TenantId or DomainName to an Azure AD Tenant
Revoke-MsIdServicePrincipalConsent Revoke Existing Consent to an Azure AD Service Principal.
Set-MsIdServicePrincipalVisibleInMyApps Toggles whether application service principals are visible when launching myapplications.microsoft.com (MyApps)
Set-MsIdWindowsTlsSettings Set TLS settings on Windows OS to use more secure TLS protocols.
Show-MsIdJwtToken Show Json Web Token (JWT) decoded in Web Browser using diagnostic web app.
Show-MsIdSamlToken Show Saml Security Token decoded in Web Browser using diagnostic web app.
Split-MsIdEntitlementManagementConnectedOrganization Split elements of a connectedOrganization
Test-MsIdAzureAdDeviceRegConnectivity Test connectivity on Windows OS for Azure AD Device Registration
Test-MsIdCBATrustStoreConfiguration Test & report for common mis-configuration issues with the Entra ID Certificate Trust Store
Update-MsIdApplicationSigningKeyThumbprint Update a Service Princpal's preferredTokenSigningKeyThumbprint to the specified certificate thumbprint
Update-MsIdGroupWritebackConfiguration Update an Azure AD cloud group settings to writeback as an AD on-premises group

Support

For issues, questions, and feature requests please review the guidance on the Support page for this project for filing issues.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.

More Repositories

1

microsoft-authentication-library-for-js

Microsoft Authentication Library (MSAL) for JS
TypeScript
3,652
star
2

microsoft-authentication-library-for-dotnet

Microsoft Authentication Library (MSAL) for .NET
C#
1,393
star
3

azure-activedirectory-identitymodel-extensions-for-dotnet

IdentityModel extensions for .Net
C#
1,048
star
4

microsoft-authentication-library-for-python

Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Microsoft Entra ID. General docs are available here https://learn.microsoft.com/entra/msal/python/ Stable APIs are documented here https://msal-python.readthedocs.io. Questions can be asked on www.stackoverflow.com with tag "msal" + "python".
Python
815
star
5

AzureADAssessment

Tooling for assessing an Azure AD tenant state and configuration
PowerShell
727
star
6

microsoft-identity-web

Helps creating protected web apps and web APIs with Microsoft identity platform and Azure AD B2C
C#
682
star
7

azure-activedirectory-library-for-js

The code for ADAL.js and ADAL Angular has been moved to the MSAL.js repo. Please open any issues or PRs at the link below.
JavaScript
625
star
8

passport-azure-ad

The code for Passport Azure AD has been moved to the MSAL.js repo. Please open any issues or PRs at the link below.
JavaScript
422
star
9

Azure-AD-Incident-Response-PowerShell-Module

The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Product Group in conjunction with the Microsoft Detection and Response Team (DART), to assist in compromise response.
PowerShell
405
star
10

azure-activedirectory-library-for-dotnet

ADAL authentication libraries for .net
C#
358
star
11

microsoft-authentication-library-for-java

Microsoft Authentication Library (MSAL) for Java http://aka.ms/aadv2
Java
285
star
12

azure-activedirectory-library-for-python

ADAL for Python
Python
259
star
13

microsoft-authentication-library-for-objc

Microsoft Authentication Library (MSAL) for iOS and macOS
Objective-C
256
star
14

microsoft-authentication-library-for-go

The MSAL library for Go is part of the Microsoft identity platform for developers (formerly named Azure AD) v2.0. It enables you to acquire security tokens to call protected APIs. It uses industry standard OAuth2 and OpenID Connect.
Go
229
star
15

microsoft-authentication-library-for-android

Microsoft Authentication Library (MSAL) for Android
Java
209
star
16

azure-activedirectory-library-for-nodejs

The code for ADAL Node has been moved to the MSAL.js repo. Please open any issues or PRs at the link below.
JavaScript
208
star
17

azure-activedirectory-library-for-android

The ADAL SDK for Android gives you the ability to add support for Work Accounts to your application with just a few lines of additional code. This SDK gives your application the full functionality of Microsoft Azure AD, including industry standard protocol support for OAuth2, Web API integration with user level consent, and two factor authentication support.
Java
177
star
18

azure-activedirectory-library-for-objc

The ADAL SDK for Objective C gives you the ability to add support for Work Accounts to your iOS and macOS applications with just a few lines of additional code. This SDK gives your application the full functionality of Microsoft Azure AD, including industry standard protocol support for OAuth2, Web API integration with user level consent, and two factor authentication support.
Objective-C
177
star
19

Deployment-Plans

Step by step guidance to deploy Azure Active Directory capabilities such as Conditional Access, Multi Factor Authentication, Self Service Password, and more.
PowerShell
173
star
20

MSAL.PS

PowerShell
164
star
21

SCIMReferenceCode

Reference code to build a SCIM endpoint to automate provisioning
C#
162
star
22

azure-activedirectory-library-for-java

Java
161
star
23

microsoft-authentication-extensions-for-dotnet

Secure cross-platform token cache for MSAL public client apps
C#
83
star
24

IdentityProtectionTools

Sample PowerShell module and scripts for managing Azure AD Identity Protection service
PowerShell
71
star
25

azure-activedirectory-library-for-cordova

ADAL for Cordova
59
star
26

Apple-SSO-Tools

Apple Enterprise SSO troubleshooting script
Shell
54
star
27

omniauth-azure-activedirectory

Ruby
50
star
28

microsoft-authentication-cli

A command line utility for Azure authentication.
C#
42
star
29

microsoft-authentication-library-common-for-android

Common code used by both the Active Directory Authentication Library (ADAL) and the Microsoft Authentication Library (MSAL)
Java
41
star
30

azure-activedirectory-library-for-ruby

The ADAL for Ruby library makes it easy for Ruby applications to authenticate to AAD in order to access AAD protected web resources.
Ruby
36
star
31

active-directory-b2c-wordpress-plugin-openidconnect

A plugin for WordPress that allows users to authenticate with Azure AD B2C using OpenID Connect.
PHP
31
star
32

microsoft-authentication-library-common-for-objc

Common code used by both the Active Directory Authentication Library (ADAL) and the Microsoft Authentication Library (MSAL)
Objective-C
30
star
33

azure-activedirectory-powershell

This is a repo for Azure AD PowerShell scrips and samples
PowerShell
30
star
34

rms-sdk-for-cpp

RMS SDK for C++
C
29
star
35

microsoft-authentication-extensions-for-python

Microsoft Authentication Library extensions (MSAL EX) provides a persistence API that can save your data on disk, encrypted on Windows, macOS and Linux. Concurrent data access will be coordinated by a file lock mechanism.
Python
29
star
36

entra-id-inbound-provisioning

Samples, scripts and resources to help you get started with Microsoft Entra API-driven inbound provisioning
PowerShell
24
star
37

azure-activedirectory-powershell-for-admins

PowerShell
11
star
38

AzureAD-Governance-Assessment

Scripts to run an AAD Governance Assessment
PowerShell
10
star
39

microsoft-identity-abstractions-for-dotnet

Contains interfaces and data classes used in the .NET Microsoft authentication libraries (MSAL, IdentityModel, Microsoft.Identity.Web, ...)
C#
9
star
40

azure-activedirectory-powershell-tokenkey

Scripts to override the Azure Active Directory token signing key.
PowerShell
8
star
41

rms-sdk-ui-for-ios

RMS SDK UI Components for iOS
Objective-C
8
star
42

MSCloudIDUtils

Sample PowerShell logic for interacting with Azure Active Directory identity and resources using the Microsoft Identity Platform
PowerShell
7
star
43

availability-proxy-for-rest-services

C#
6
star
44

azure-activedirectory-cordova-plugin-graph

JavaScript
5
star
45

microsoft-authentication-extensions-for-java

Microsoft Authentication extensions for MSAL.Java
Java
4
star
46

Cross-tenant-synchronization

3
star
47

rms-sdk-ui-for-android

RMS SDK UI Components for Android
Java
3
star
48

docs

API Documentation
HTML
2
star
49

declaredaccess

Collection of experimental projects for simplifying the use of identity by moving from imperative programming models to declarative programming models.
HTML
2
star
50

rms-sdk-ui-for-windowsstore

RMS SDK for Windows Store Applications
C#
2
star
51

rms-sdk-ui-for-winphone

C#
2
star
52

microsoft-authentication-extensions-for-go

Secure cross-platform token cache for MSAL public client apps
1
star
53

ADALLoginKit

A Helper Library to bootstrap AzureAD Samples
Objective-C
1
star
54

java-flavors-plugin

Plugin to support configuration of "flavors" for java projects.
Groovy
1
star