Skip to content
Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
271 lines (218 sloc) 8.57 KB
<#
Version: 1.0
Author: Oliver Kieselbach
Script: Cleanup-AutoPiloImportedDevices.ps1
Description:
In case something went wrong we can cleanup the stating area of the AutoPilot import API.
Release notes:
Version 1.0: Original published version.
The script is provided "AS IS" with no warranties.
#>
function Get-AuthToken {
try {
$AadModule = Import-Module -Name AzureAD -ErrorAction Stop -PassThru
}
catch {
throw 'AzureAD PowerShell module is not installed!'
}
$intuneAutomationCredential = Get-AutomationPSCredential -Name automation
$intuneAutomationAppId = Get-AutomationVariable -Name IntuneClientId
$tenant = Get-AutomationVariable -Name Tenant
$adal = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
$adalforms = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll"
[System.Reflection.Assembly]::LoadFrom($adal) | Out-Null
[System.Reflection.Assembly]::LoadFrom($adalforms) | Out-Null
$redirectUri = "urn:ietf:wg:oauth:2.0:oob"
$resourceAppIdURI = "https://graph.microsoft.com"
$authority = "https://login.microsoftonline.com/$tenant"
try {
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority
$platformParameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList "Auto"
$userId = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier" -ArgumentList ($intuneAutomationCredential.Username, "OptionalDisplayableId")
$userCredentials = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.UserPasswordCredential -ArgumentList $intuneAutomationCredential.Username, $intuneAutomationCredential.Password
$authResult = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions]::AcquireTokenAsync($authContext, $resourceAppIdURI, $intuneAutomationAppId, $userCredentials);
if ($authResult.Result.AccessToken) {
$authHeader = @{
'Content-Type' = 'application/json'
'Authorization' = "Bearer " + $authResult.Result.AccessToken
'ExpiresOn' = $authResult.Result.ExpiresOn
}
return $authHeader
}
elseif ($authResult.Exception) {
throw "An error occured getting access token: $($authResult.Exception.InnerException)"
}
}
catch {
throw $_.Exception.Message
}
}
function Connect-AutoPilotIntune {
if($global:authToken){
$DateTime = (Get-Date).ToUniversalTime()
$TokenExpires = ($authToken.ExpiresOn.datetime - $DateTime).Minutes
if($TokenExpires -le 0){
Write-Output "Authentication Token expired" $TokenExpires "minutes ago"
$global:authToken = Get-AuthToken
}
}
else {
$global:authToken = Get-AuthToken
}
}
Function Get-AutoPilotDevice(){
[cmdletbinding()]
param
(
[Parameter(Mandatory=$false)] $id
)
# Defining Variables
$graphApiVersion = "beta"
$Resource = "deviceManagement/windowsAutopilotDeviceIdentities"
if ($id) {
$uri = "https://graph.microsoft.com/$graphApiVersion/$Resource/$id"
}
else {
$uri = "https://graph.microsoft.com/$graphApiVersion/$Resource"
}
try {
$response = Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get
if ($id) {
$response
}
else {
$response.Value
}
}
catch {
$ex = $_.Exception
$errorResponse = $ex.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($errorResponse)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd();
Write-Output "Response content:`n$responseBody"
Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)"
break
}
}
Function Get-AutoPilotImportedDevice(){
[cmdletbinding()]
param
(
[Parameter(Mandatory=$false)] $id
)
# Defining Variables
$graphApiVersion = "beta"
$Resource = "deviceManagement/importedWindowsAutopilotDeviceIdentities"
if ($id) {
$uri = "https://graph.microsoft.com/$graphApiVersion/$Resource/$id"
}
else {
$uri = "https://graph.microsoft.com/$graphApiVersion/$Resource"
}
try {
$response = Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get
if ($id) {
$response
}
else {
$response.Value
}
}
catch {
$ex = $_.Exception
$errorResponse = $ex.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($errorResponse)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd();
Write-Output "Response content:`n$responseBody"
Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)"
#break
# in case we cannot verify we exit the script to prevent cleanups and loosing of .csv files in the blob storage
Exit
}
}
Function Add-AutoPilotImportedDevice(){
[cmdletbinding()]
param
(
[Parameter(Mandatory=$true)] $serialNumber,
[Parameter(Mandatory=$true)] $hardwareIdentifier,
[Parameter(Mandatory=$false)] $orderIdentifier = ""
)
# Defining Variables
$graphApiVersion = "beta"
$Resource = "deviceManagement/importedWindowsAutopilotDeviceIdentities"
$uri = "https://graph.microsoft.com/$graphApiVersion/$Resource"
$json = @"
{
"@odata.type": "#microsoft.graph.importedWindowsAutopilotDeviceIdentity",
"orderIdentifier": "$orderIdentifier",
"serialNumber": "$serialNumber",
"productKey": "",
"hardwareIdentifier": "$hardwareIdentifier",
"state": {
"@odata.type": "microsoft.graph.importedWindowsAutopilotDeviceIdentityState",
"deviceImportStatus": "pending",
"deviceRegistrationId": "",
"deviceErrorCode": 0,
"deviceErrorName": ""
}
}
"@
try {
Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post -Body $json -ContentType "application/json"
}
catch {
$ex = $_.Exception
$errorResponse = $ex.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($errorResponse)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd();
Write-Output "Response content:`n$responseBody"
Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)"
break
}
}
Function Remove-AutoPilotImportedDevice(){
[cmdletbinding()]
param
(
[Parameter(Mandatory=$true)] $id
)
# Defining Variables
$graphApiVersion = "beta"
$Resource = "deviceManagement/importedWindowsAutopilotDeviceIdentities"
$uri = "https://graph.microsoft.com/$graphApiVersion/$Resource/$id"
try {
Invoke-RestMethod -Uri $uri -Headers $authToken -Method Delete | Out-Null
}
catch {
$ex = $_.Exception
$errorResponse = $ex.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($errorResponse)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd();
Write-Output "Response content:`n$responseBody"
Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)"
break
}
}
####################################################
Function Cleanup-AutoPilotImportedDevices(){
$deviceStatuses = Get-AutoPilotImportedDevice
# Cleanup the imported device records
$deviceStatuses | ForEach-Object {
Write-Output "removing id: $_.id"
Remove-AutoPilotImportedDevice -id $_.id
}
}
####################################################
# Connect to Intune
Connect-AutoPilotIntune
# Cleanup
Cleanup-AutoPilotImportedDevices
You can’t perform that action at this time.