Powershell Archives - Page 6 of 10

Authenticate against Micrsoft Partner Center API using Powershell

07/09/201707/01/2025
by Martin Ehrnst

Update 04.01.2019:
While the method described in this post still work. Microsoft are moving to what they call secure app model. Meaning that password grant is deprecated and you will need to use a refresh token model. I have written a new blog post, explaining the new model.

If you’re not familiar with the Microsoft Cloud Service Provider program it’s in short a program to easier let service providers manage their customers tenants and subscriptions within Azure and Office 365 from a centralized platform.

Apart from a very limited web portal it have a set of API’s and SDK’s to build your own solutions – wich I assume is prefered from Microsoft and the service provider. For a project I needed to authenticate against the REST API using Powershell and then retrieve some information about each tenant, who would have thought that could be so much work

Here’s what I said.

That’s fine, I will have it to you in an hour.

For your reference, this is the API I am working with: Partner Center Swagger

An hour later I did have authentication in place, but I was unable to retrieve any information from our customers. After digging through the documentation I found that the customer endpoints required “App + User Authentication” where I had only authenticated with AppId and App Secret.

After spending too much time decifer the C# examples on how you authenticate with app and user against the CSP Rest API i finally had a working Powershell function.

These are the steps required

Generate a token from Azure AD by calling https://login.microsoft.com/tenant-name/oauth/token
- Specified with the resource you want to access (partner center api), client id, username and password, correct grant type and scope
Use the AAD token to authenticate against partnercenter/generatetoken and recieve a correct User + App jwt_token
Use the jwt token to further authenticate against endpoints you preffer

If you ever find your self in a situation where you need to authenticate against the CSP REST API as app + user, here is a function to do it.

Be aware that the function does require a credential object, but when you atuhenticate against AAD the password is decoded and sent in the post request.

Operations Manager

SCOM 2016 migration – Transfer alert Ticket ID

12/06/201707/01/2025
by Martin Ehrnst

Quick publish:

We are migrating a large SCOM environment to 2016 and the current 2012 environment have an integration with our ticketing system. As we want the migration as smooth as possible, updating the co-existing alerts with the already connected ticket ID seemed like a good idea.

All alerts with an assigned ticket that aren’t closed have a custom resolution state. Using Powershell I grabbed all alerts from SCOM 2012 and updated the same alerts in our 2016 environment.

Import-Module OperationsManager

#Connect to old SCOM environment
$OldEnv = New-SCOMManagementGroupConnection OldScomServer

#Get all alerts with custom resolution state, indicating a ticket is created
$Alerts = get-scomalert | where {$_.ResolutionState -eq 3}
#Connect to the new SCOM Environment.
$NewEnv = New-SCOMManagementGroupConnection NewSCOMServer

#Loop through the alert and set resolution state, ticket and custom field in the new environment
foreach ($Alert in $Alerts)
    {
    Get-ScomAlert | where {$_.Name -eq $Alert.Name -and $_.MonitoringObjectPath -eq $Alert.MonitoringObjectPath -and $_.ResolutionState -eq 0} | Set-SCOMAlert -ResolutionState 3 -CustomField4 "TEXT" -TicketID $Alert.TicketId
    }
#list updated alerts
Get-SCOMAlert -ResolutionState 3 | select Name, TicketID

As you see, we have a string in custom field 4, you can just remove this and change your resolution state to fit your environment.

Automation

First look at the vSphere 6.5 REST API

04/03/201707/01/2025
by Martin Ehrnst

The other day I stumbled across a blog series by William Lee who delves deep in to how you use the latest vmware vSphere REST API using PowerCLI. Using the language I know best, Powershell I thought I should give this API I try. I have some experience with API use from before as I often use this to do information exchange between systems, but this is my first experince with vCenter.

This post will cover the very basics on how we authenticate and get a list of all VM’s connected to our vCenter server.

You can explore and test all endpoints by this URL https://vcenter/rest/apiexplorer

To get started I declare two variables for the urls / endpoints we going to use. One for vm’s and one for the session endpoint

$VCBaseUri = "https://host/rest/vcenter/vm"
$SessionUri = "https://host/rest/com/vmware/cis/session"

Based on the credential input from the user we will create a base64 encoded string and create a header for the session endpoint.

#Getting cred and creating auth key
$Cred = Get-Credential
$auth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($Cred.UserName+':'+$Cred.GetNetworkCredential().Password))
$head = @{
  'Authorization' = "Basic $auth"
}

The $head variable now contains a table with your encoded username and password. We will use this authorization header to create a new session. At first i assumed we could authenticate using basic authentication only but after a little investigation I figured we needed to create a session. vmware has documented the endpoint here

Using our authorization header we connect to the session endpoint and recieves a token that we use in our session header. From now on. All authentication is with this session token.

the key for our token is ‘vmware-api-session-id’

#Creating a Session

$token = (Invoke-RestMethod -Method Post -Headers $head -Uri $SessionUri).Value
$session = @{'vmware-api-session-id' = $token}

Finally you can call the VM endpoint and retrieve all your vms by running the following.

#Calling VM endpoint authenticated with the session

$vms = (Invoke-RestMethod -Uri $VCBaseUri -Headers $session -ContentType 'Application/json').Value

To get a single vm by name, you can filter by appending the uri.

/vm?filter.names=web-w2k12"

Hopefully you will have this output showing all vm’s as objects

My complete script now looks like this.

$VCBaseUri = "https://host/rest/vcenter/vm?filter.names=argaste-web-w2k12"
$SessionUri = "https://host/rest/com/vmware/cis/session"

#Getting cred and creating auth key
$Cred = Get-Credential
$auth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($Cred.UserName+':'+$Cred.GetNetworkCredential().Password))
$head = @{
  'Authorization' = "Basic $auth"
}

#Creating a Session

$token = (Invoke-RestMethod -Method Post -Headers $head -Uri $SessionUri).Value
$session = @{'vmware-api-session-id' = $token}

#Calling VM endpoint authenticated with the session

$vms = (Invoke-RestMethod -Uri $VCBaseUri -Headers $session -ContentType 'Application/json').Value

Authenticate against Micrsoft Partner Center API using Powershell

Share this:

SCOM 2016 migration – Transfer alert Ticket ID

Share this:

First look at the vSphere 6.5 REST API

Share this: