I’m a big proponent of using PowerShell for integration and automation of Azure Active Directory Services using the Azure AD GraphAPI. You may have seen many of my posts leverage the evolving Azure AD Preview PowerShell Module helper libraries. Lines in my scripts that use this look like the one below. In this case using preview version 184.108.40.206.
# the default path to where the ADAL GraphAPI PS Module puts the Libs Add-Type -Path 'C:\Program Files\WindowsPowerShell\Modules\AzureADPreview\220.127.116.11\Microsoft.IdentityModel.Clients.ActiveDirectory.dll'
The benefit of using this library is the simplification of Authentication to AzureAD, from which we can then receive a token and interact with the GraphAPI via PowerShell using Invoke-RestMethod.
Earlier this week it was bought to my attention that implementation of some of my scripts were failing when using the latest v2 releases of the AzureAD PowerShell Module (v18.104.22.168). Looking into it the last version I had working is v22.214.171.124. v126.96.36.199 doesn’t work with my scripts either. So anything after v188.8.131.52 the following will not work
First up the PowerShell Module has been renamed. It is no longer AzureADPreview, it is just AzureAD. So the path it gets installed into (depending on the version you have) is now;
Looking into the updated PowerShell Module there has been a change to the Microsoft.IdentityModel.Clients.ActiveDirectory.dll library.
A number of the methods in the library have changed. I believe this is part of Microsoft transitioning the endpoint to use GraphAPI. With that understanding I approached using PowerShell to integrate with the GraphAPI more akin to the way I do when not using the helper library.
User PowerShell and the ADAL Helper Library to connect to AzureAD via the GraphAPI
Here is the updated script to connect (and retrieve a batch of users). You will need to update lines 4, 17 & 18 for your Tenant name and the username and password (non-MFA enabled) you will be connecting with.