获取使用相同证书发布的所有 Microsoft Entra 应用程序代理应用程序,并替换该证书
此 PowerShell 脚本示例批量替换了使用相同证书发布的所有 Microsoft Entra 应用程序代理应用程序的证书。
如果没有 Azure 订阅,请在开始之前创建一个 Azure 免费帐户。
注意
建议使用 Azure Az PowerShell 模块与 Azure 交互。 请参阅安装 Azure PowerShell 以开始使用。 若要了解如何迁移到 Az PowerShell 模块,请参阅 将 Azure PowerShell 从 AzureRM 迁移到 Az。
此示例需要 Microsoft Graph Beta PowerShell 模块 2.10 或更高版本。
示例脚本
# This sample script gets all Microsoft Entra application proxy applications published with the identical certificate.
#
# .\replace_with_the_script_name.ps1 -CurrentThumbprint <thumbprint of the current certificate> -PFXFilePath <full path with PFX filename>
#
# Version 1.0
#
# This script requires PowerShell 5.1 (x64) and one of the following modules:
#
# Microsoft.Graph ver 2.10 or newer
#
# Before you begin:
#
# Required Microsoft Entra role: Global Administrator or Application Administrator or Application Developer
# or appropriate custom permissions as documented https://learn.microsoft.com/en-us/azure/active-directory/roles/custom-enterprise-app-permissions
#
#
param(
[parameter(Mandatory=$true)]
[string] $CurrentThumbprint = "null",
[parameter(Mandatory=$true)]
[string] $PFXFilePath = "null"
)
$certThumbprint = $CurrentThumbprint
$certPfxFilePath = $PFXFilePath
If (($certThumbprint -eq "null") -or ($certPfxFilePath -eq "null")) {
Write-Host "Parameter is missing." -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host " "
Write-Host ".\get-custom-domain-replace-cert.ps1 -CurrentThumbprint <thumbprint of the current certificate> -PFXFilePath <full path with PFX filename>" -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host " "
Exit
}
If ((Test-Path -Path $certPfxFilePath) -eq $False) {
Write-Host "The pfx file does not exist." -BackgroundColor "Black" -ForegroundColor "Red"
Write-Host " "
Exit
}
$securePassword = Read-Host -AsSecureString // please provide the password of the pfx file
Import-Module Microsoft.Graph.Beta.Applications
Connect-MgGraph -Scope Directory.ReadWrite.All -NoWelcome
Write-Host "Reading service principals. This operation might take longer..." -BackgroundColor "Black" -ForegroundColor "Green"
$allApps = Get-MgBetaServicePrincipal -Top 100000 | where-object {$_.Tags -Contains "WindowsAzureActiveDirectoryOnPremApp"}
$numberofAadapApps = 0
Write-Host ("")
Write-Host ("SSL certificate change for the Microsoft Entra application proxy apps below:")
Write-Host ("")
foreach ($item in $allApps) {
$aadapApp, $aadapAppConf, $aadapAppConf1 = $null, $null, $null
$aadapAppId = Get-MgBetaApplication | where-object {$_.AppId -eq $item.AppId}
$aadapAppConf = Get-MgBetaApplication -ApplicationId $aadapAppId.Id -ErrorAction SilentlyContinue -select OnPremisesPublishing | select OnPremisesPublishing -expand OnPremisesPublishing
$aadapAppConf1 = Get-MgBetaApplication -ApplicationId $aadapAppId.Id -ErrorAction SilentlyContinue -select OnPremisesPublishing | select OnPremisesPublishing -expand OnPremisesPublishing `
| select verifiedCustomDomainCertificatesMetadata -expand verifiedCustomDomainCertificatesMetadata
if ($aadapAppConf -ne $null) {
if ($aadapAppConf1.VerifiedCustomDomainCertificatesMetadata.Thumbprint -match $certThumbprint) {
Write-Host $item.DisplayName"(AppId: " $item.AppId ", ObjId:" $item.Id")" -BackgroundColor "Black" -ForegroundColor "White"
Write-Host
Write-Host "External Url: " $aadapAppConf.ExternalUrl
Write-Host "Internal Url: " $aadapAppConf.InternalUrl
Write-Host "Pre-authentication: " $aadapAppConf.ExternalAuthenticationType
Write-Host
$params = @{
onPremisesPublishing = @{
verifiedCustomDomainKeyCredential = @{
type="X509CertAndPassword";
value = [convert]::ToBase64String((Get-Content $certPfxFilePath -Encoding byte));
};
verifiedCustomDomainPasswordCredential = @{ value = $securePassword };
}
}
Update-MgBetaApplication -ApplicationId $aadapAppId.Id -BodyParameter $params
$numberofAadapApps = $numberofAadapApps + 1
}
}
}
Write-Host
Write-Host "Number of the updated Microsoft Entra application proxy applications: " $numberofAadapApps -BackgroundColor "Black" -ForegroundColor "White"
Write-Host ("")
Write-Host
Write-Host "Finished." -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host "To disconnect from Microsoft Graph, please use the Disconnect-MgGraph cmdlet."
脚本说明
| Command | 说明 |
|---|---|
| Connect-MgGraph | 连接到 Microsoft Graph |
| Get-MgBetaServicePrincipal | 获取服务主体 |
| Get-MgBetaApplication | 获取企业应用程序 |
| Update-MgBetaApplication | 更新应用程序 |