How can I make a powershell script work in an Azure function with PowerShell 5 and module AzureADPreview?
How can I make this PowerShell script work in an Azure function? This script is using the PowerShell module "AzureADPreview" and works only in PowerShell 5.
Write-Host "START"
Connect-AzureAD -identity
$disabledUsers = Get-AzureADUser -Filter "AccountEnabled eq false" | Select UserPrincipalName
foreach($disabledUser in $disabledUsers) {
$logs = Get-AzureADAuditDirectoryLogs -Filter "targetResources/any(tr:tr/userPrincipalName eq '$($disabledUser.UserPrincipalName)' and ActivityDisplayName eq 'Disable account')" -Top 1 | select ActivityDateTime
if($logs) {
foreach ($log in $logs) {
if($log.ActivityDateTime.DateTime -lt (Get-Date).AddDays(-5).DateTime) {
write-host "Account $($disabledUser.UserPrincipalName) disabled more as 5 days ago. Logs found."
break
}
}
} else {
write-host "Account $($disabledUser.UserPrincipalName) disabled more as 30 days ago. Cannot find logs."
}
Start-Sleep -Seconds 20
}
Write-Host "FINISH"
Solution
Note that, AzureADPreview only works with Windows PowerShell 5.1, not with PowerShell Core Edition (v6.x, v7.x). However, Azure Functions only offer PowerShell Core (v7.2, v7.4), so there's a conflict.
Alternatively, you can migrate to Microsoft Graph PowerShell module that works in PowerShell Core for retrieving same results.
I created one function app named demofunc1811 with below properties:
Enable system-assigned managed identity in above function app and add required permissions to this service principal. You can refer this SO thread for the same:
Make sure to add below dependencies in requirements.psd1 file of App files and restart the Azure Function App:
# This file enables modules to be automatically managed by the Functions service.
# See https://aka.ms/functionsmanageddependency for additional information.
#
@{
'Microsoft.Graph.Authentication' = '2.19.0'
'Microsoft.Graph.Reports' = '2.19.0'
'Microsoft.Graph.Users' = '2.19.0'
}
Now, I created one HTTP Trigger Function and replaced run.ps1 with below sample code and got the response successfully:
using namespace System.Net
param($Request, $TriggerMetadata)
Write-Host "PowerShell HTTP trigger function processed a request."
# Interact with query parameters or the body of the request.
$name = $Request.Query.Name
if (-not $name) {
$name = $Request.Body.Name
}
# Write a simple message for testing
$body = "This HTTP triggered function executed successfully. Pass a name in the query string or in the request body for a personalized response."
if ($name) {
$body = "Hello, $name. This HTTP triggered function executed successfully."
}
# Connect to Microsoft Graph using Managed Identity
Write-Host "Connecting to Microsoft Graph..."
Connect-MgGraph -Identity
Get-MgContext
# Retrieve disabled users from Azure AD
Write-Host "Retrieving disabled users..."
$disabledUsers = Get-MgUser -Filter "accountEnabled eq false" | Select-Object UserPrincipalName
# Iterate through disabled users and check activity logs
foreach ($disabledUser in $disabledUsers) {
$logs = Get-MgAuditLogDirectoryAudit -Filter "targetResources/any(tr:tr/userPrincipalName eq '$($disabledUser.UserPrincipalName)' and activityDisplayName eq 'Disable account')" -Top 1
if ($logs) {
foreach ($log in $logs) {
$disabledDate = [DateTime]$log.ActivityDateTime
$currentDate = (Get-Date)
if ($disabledDate -ge (Get-Date).AddDays(-1)) {
Write-Host "Account $($disabledUser.UserPrincipalName) was disabled today."
break
}
elseif ($disabledDate -lt (Get-Date).AddDays(-5)) {
Write-Host "Account $($disabledUser.UserPrincipalName) disabled more than 5 days ago. Logs found."
break
}
}
}
else {
Write-Host "Account $($disabledUser.UserPrincipalName) disabled more than 30 days ago. Cannot find logs."
}
}
# Associate values to output bindings by calling 'Push-OutputBinding'.
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = [HttpStatusCode]::OK
Body = $body
})
Response:
- Display all environment variables from a running PowerShell script
- How to set PIPENV_IGNORE_VIRTUALENVS=1?
- Where is the "downloads" folder located
- Test-Path doesn't found localised folder names
- Catching FULL exception message
- Can a function be created in the global scope from a .ps1 script's script block?
- Cannot convert the value of type "System.String" to type "System.Security.SecureString" but only in PS 7.4.6 but not in PS 5.1
- Why "Get-Content Function:\mkdir" is valid, but not "Get-Content Function:\ipconfig"?
- hexadecimal value 0x00, is an invalid character. Line 2, position 1
- Azure PowerShell command to list all Azure VM SKU Sizes enabled for Confidential Computing
- How can I do a screen capture in Windows PowerShell?
- Dir Command Not Showing all Folders
- Check is [wildcard] Folder exist and set is as variable
- In what scenario was Invoke-Expression designed to be used?
- Extracting .exe file using powershell
- How do I start PowerShell from Windows Explorer?
- PowerShell Multiple Catch Issue
- Trying to list all the certificates and secrets that are expired or going to expire in all applications
- Docker login on ECR fails with 400 Bad Request on Powershell from Jenkins
- How to save color of string into variables
- What is the sure-fire way to find role assignments with "Identity not found." on Azure with Powershell?
- Debounce Function in PowerShell
- PowerShell: How to limit string to N characters?
- Using tab-completion in the shell for suggested command
- Get full path of the files in PowerShell
- Sending a multiple line body email from batch file using a PowerShell command
- Delete all files in a folder (but not the folder itself) except for specific type files
- How do I use PowerShell to Validate XML files against an XSD?
- How to close every interactive PowerShell session?
- When capturing the return value of Invoke-Command I don't see the output of the commands