Add Support for TenantID with AdminAccount

Adding support for using Tenant ID with AdminAccount in addition to using it with CertSPN

Author: IanB111

InvokeMasterScript.ps1

@@ -13,9 +13,10 @@ Set-ExecutionPolicy -ExecutionPolicy Unrestricted
     #Uncomment the below 2 lines if using Admin Credentials to gather data
     #-azureStackAdminUsername "<Replace with your service admin account to access the admin portal/apis>" `
     #-azureStackAdminPassword "<Replace with your service admin password>" 
-    #Uncomment the below 3 lines if using a SPN Cert to gather data
+    #Uncomment the below 2 lines if using a SPN Cert to gather data
     #-CertificateThumbprint "<Replace with the thumbprint of your cert used for SPN>" `
     #-ApplicationId "<Replace with the ClientID of the SPN>" `
+    #Uncomment the below line if using TenantID as part of sign in of the Management Endpoint
     #-TenantId "<Replace with the TenantId for the AzureStack>"
 
 

MasterScript.ps1

@@ -1,136 +1,140 @@
-<#
-.Synopsis
-
-The script that gets called by the ARM template when it deploys a custom script extension. 
-It sets up a scheduled task to upload usage data to OMS. 
-
-.DESCRIPTION
-
-It Sets up git and download repository containing the necessary scripts, stores necessary
-information onto the host and then sets up a windows scheduled task to upload usage data 
-daily.  
-
-.EXAMPLE
-This script is meant to be called from an ARM template. 
-.\MasterScript `
-    -DeploymentGuid <deployment guid> `
-    -OMSWorkspaceID "myomsworkspaceGUID" `
-    -OMSSharedKey "myomssharedkeyGUID" `
-    -azureStackAdminUsername "serviceadmin@contoso.onmicrosoft.com" `
-    -azureStackAdminPassword $Password `
-    -CloudName "Cloud#1" `
-    -Region "local" `
-    -Fqdn "azurestack.external"
-    -OEM "HPE"  
-
-#>
-[CmdletBinding()]
-param(
-    [Parameter( Mandatory = $true)]
-    [string] $DeploymentGuid,
-    [Parameter(Mandatory = $true)]
-    [string] $OMSWorkspaceID,
-    [Parameter(Mandatory = $true)]
-    [string] $OMSSharedKey,
-    [Parameter(ParameterSetName='AdminAccount',Mandatory = $true)]
-    [string] $azureStackAdminUsername,
-    [Parameter(ParameterSetName='AdminAccount',Mandatory = $true)]
-    [string] $azureStackAdminPassword,
-    [Parameter(Mandatory = $true)]
-    [string] $CloudName,
-    [Parameter(Mandatory = $true)]
-    [string] $Region,
-    [Parameter(Mandatory = $true)]
-    [string] $Fqdn,
-    [Parameter(Mandatory = $true)]
-    [string] $Oem,
-    [Parameter(ParameterSetName='CertSPN',Mandatory = $true)]
-    [string] $CertificateThumbprint,
-    [Parameter(ParameterSetName='CertSPN',Mandatory = $true)]
-    [string] $ApplicationId,
-    [Parameter(ParameterSetName='CertSPN',Mandatory = $true)]
-    [string] $TenantId
-   
-)
-if($pscmdlet.ParameterSetName -eq "AdminAccount")
-{
-    $azureStackAdminPasswordSecureString = $azureStackAdminPassword | ConvertTo-SecureString -Force -AsPlainText
-}
-
-cd c:\
-
-# install git
-iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
-# refresh the PATH to recognize "choco" command
-$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User") 
-choco install git.install -y
-# refresh the PATH to recognize git
-$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User")
-git clone "https://github.com/Azure-Samples/AzureStack-AdminPowerShell-OMSIntegration.git" C:\AZSAdminOMSInt
-
-
-# installing powershell modules for azure stack. 
-# NuGet required for Set-PsRepository PSGallery.  
-Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
-Set-PsRepository PSGallery -InstallationPolicy Trusted
-Get-Module -ListAvailable | where-Object {$_.Name -like "Azure*"} | Uninstall-Module
-Install-Module -Name AzureRm.BootStrapper -Force
-Install-Module -Name AzureRm.Resources -Force
-Install-Module -Name AzureStack -Force
-Install-Module -Name AzureRM.AzureStackAdmin -Force
-Install-Module -Name Azs.Infrastructureinsights.Admin -Force
-Install-Module -Name Azs.Update.Admin -Force
-Install-Module -Name Azs.Fabric.Admin -Force
-
-
-Switch($pscmdlet.ParameterSetName)
-{
-    "AdminAccount" {
-        # store data required by scheduled task to use AdminAccount in files. 
-        $info = @{
-            ParameterSet = $pscmdlet.ParameterSetName;
-            DeploymentGuid = $DeploymentGuid;
-            CloudName = $CloudName;
-            Region = $Region;
-            Fqdn = $Fqdn;
-            OmsWorkspaceID = $OMSWorkspaceID;
-            OmsSharedKey = $OMSSharedKey;
-            Oem = $Oem;
-            AzureStackAdminUsername = $azureStackAdminUsername;
-            
-        }
-        #store passwords in txt files. 
-        $passwordText = $azureStackAdminPasswordSecureString | ConvertFrom-SecureString
-        Set-Content -Path "C:\AZSAdminOMSInt\azspassword_$CloudName.txt" -Value $passwordText
-        }
-
-    "CertSPN" {
-        # store data required by scheduled task to use CertSPN in files. 
-        $info = @{
-            ParameterSet = $pscmdlet.ParameterSetName;
-            DeploymentGuid = $DeploymentGuid;
-            CloudName = $CloudName;
-            Region = $Region;
-            Fqdn = $Fqdn;
-            OmsWorkspaceID = $OMSWorkspaceID;
-            OmsSharedKey = $OMSSharedKey;
-            Oem = $Oem;
-            CertificateThumbprint = $CertificateThumbprint;
-            ApplicationId = $ApplicationId;
-            TenantId = $TenantId;
-        }
-    }
-}
-
-$infoJson = ConvertTo-Json $info
-Set-Content -Path "C:\AZSAdminOMSInt\info_$CloudName.txt" -Value $infoJson
-
-
-#Download Azure Stack Tools VNext
-cd c:\AZSAdminOMSInt
-invoke-webrequest https://github.com/Azure/AzureStack-Tools/archive/vnext.zip -OutFile vnext.zip
-expand-archive vnext.zip -DestinationPath . -Force
-
-# schedule windows scheduled task
-cd C:\AZSAdminOMSInt
-& .\schedule_usage_upload.ps1 -CloudName $CloudName
+<#
+.Synopsis
+
+The script that gets called by the ARM template when it deploys a custom script extension. 
+It sets up a scheduled task to upload usage data to OMS. 
+
+.DESCRIPTION
+
+It Sets up git and download repository containing the necessary scripts, stores necessary
+information onto the host and then sets up a windows scheduled task to upload usage data 
+daily.  
+
+.EXAMPLE
+This script is meant to be called from an ARM template. 
+.\MasterScript `
+    -DeploymentGuid <deployment guid> `
+    -OMSWorkspaceID "myomsworkspaceGUID" `
+    -OMSSharedKey "myomssharedkeyGUID" `
+    -azureStackAdminUsername "serviceadmin@contoso.onmicrosoft.com" `
+    -azureStackAdminPassword $Password `
+    -CloudName "Cloud#1" `
+    -Region "local" `
+    -Fqdn "azurestack.external"
+    -OEM "HPE"  
+
+#>
+[CmdletBinding()]
+param(
+    [Parameter( Mandatory = $true)]
+    [string] $DeploymentGuid,
+    [Parameter(Mandatory = $true)]
+    [string] $OMSWorkspaceID,
+    [Parameter(Mandatory = $true)]
+    [string] $OMSSharedKey,
+    [Parameter(ParameterSetName='AdminAccount',Mandatory = $true)]
+    [string] $azureStackAdminUsername,
+    [Parameter(ParameterSetName='AdminAccount',Mandatory = $true)]
+    [string] $azureStackAdminPassword,
+    [Parameter(Mandatory = $true)]
+    [string] $CloudName,
+    [Parameter(Mandatory = $true)]
+    [string] $Region,
+    [Parameter(Mandatory = $true)]
+    [string] $Fqdn,
+    [Parameter(Mandatory = $true)]
+    [string] $Oem,
+    [Parameter(ParameterSetName='CertSPN',Mandatory = $true)]
+    [string] $CertificateThumbprint,
+    [Parameter(ParameterSetName='CertSPN',Mandatory = $true)]
+    [string] $ApplicationId,
+    [Parameter(Mandatory = $false)]
+    [string] $TenantId
+   
+)
+if($pscmdlet.ParameterSetName -eq "AdminAccount")
+{
+    $azureStackAdminPasswordSecureString = $azureStackAdminPassword | ConvertTo-SecureString -Force -AsPlainText
+}
+
+cd c:\
+
+# install git
+iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
+# refresh the PATH to recognize "choco" command
+$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User") 
+choco install git.install -y
+# refresh the PATH to recognize git
+$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User")
+git clone "https://github.com/Azure-Samples/AzureStack-AdminPowerShell-OMSIntegration.git" C:\AZSAdminOMSInt
+
+
+# installing powershell modules for azure stack. 
+# NuGet required for Set-PsRepository PSGallery.  
+Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
+Set-PsRepository PSGallery -InstallationPolicy Trusted
+Get-Module -ListAvailable | where-Object {$_.Name -like "Azure*"} | Uninstall-Module
+Install-Module -Name AzureRm.BootStrapper -Force
+Install-Module -Name AzureRm.Resources -Force
+Install-Module -Name AzureStack -Force
+Install-Module -Name AzureRM.AzureStackAdmin -Force
+Install-Module -Name Azs.Infrastructureinsights.Admin -Force
+Install-Module -Name Azs.Update.Admin -Force
+Install-Module -Name Azs.Fabric.Admin -Force
+
+
+Switch($pscmdlet.ParameterSetName)
+{
+    "AdminAccount" {
+        # store data required by scheduled task to use AdminAccount in files. 
+        $info = @{
+            ParameterSet = $pscmdlet.ParameterSetName;
+            DeploymentGuid = $DeploymentGuid;
+            CloudName = $CloudName;
+            Region = $Region;
+            Fqdn = $Fqdn;
+            OmsWorkspaceID = $OMSWorkspaceID;
+            OmsSharedKey = $OMSSharedKey;
+            Oem = $Oem;
+            AzureStackAdminUsername = $azureStackAdminUsername;
+            
+        }
+        if($TenantId)
+        {#If a TenantId was provided add it to the data that will be stored
+            $info.Add("TenantId", $TenantId)
+        }
+        #store passwords in txt files. 
+        $passwordText = $azureStackAdminPasswordSecureString | ConvertFrom-SecureString
+        Set-Content -Path "C:\AZSAdminOMSInt\azspassword_$CloudName.txt" -Value $passwordText
+        }
+
+    "CertSPN" {
+        # store data required by scheduled task to use CertSPN in files. 
+        $info = @{
+            ParameterSet = $pscmdlet.ParameterSetName;
+            DeploymentGuid = $DeploymentGuid;
+            CloudName = $CloudName;
+            Region = $Region;
+            Fqdn = $Fqdn;
+            OmsWorkspaceID = $OMSWorkspaceID;
+            OmsSharedKey = $OMSSharedKey;
+            Oem = $Oem;
+            CertificateThumbprint = $CertificateThumbprint;
+            ApplicationId = $ApplicationId;
+            TenantId = $TenantId;
+        }
+    }
+}
+
+$infoJson = ConvertTo-Json $info
+Set-Content -Path "C:\AZSAdminOMSInt\info_$CloudName.txt" -Value $infoJson
+
+
+#Download Azure Stack Tools VNext
+cd c:\AZSAdminOMSInt
+invoke-webrequest https://github.com/Azure/AzureStack-Tools/archive/vnext.zip -OutFile vnext.zip
+expand-archive vnext.zip -DestinationPath . -Force
+
+# schedule windows scheduled task
+cd C:\AZSAdminOMSInt
+& .\schedule_usage_upload.ps1 -CloudName $CloudName

OpsDataToOMS.ps1

@@ -33,6 +33,7 @@ Switch($Authtype)
     $UserName2= $info.AzureStackAdminUsername
     $Password2= Get-Content "C:\AZSAdminOMSInt\azspassword_$CloudName.txt"| ConvertTo-SecureString
     $Credential2=New-Object PSCredential($UserName2,$Password2)
+    $TenantId2 = $info.TenantId
     }
 #Using CertSPN
     "CertSPN"{
@@ -56,8 +57,13 @@ Switch($Authtype)
 {
 #Set to AdminAccount or not set(old info file)
     {($_ -eq "AdminAccount") -or ($_ -eq $null)}{
+    if($TenantId2){#Use TenantID if one was provided
+        Add-AzureRmAccount -EnvironmentName $cloudName2 -Credential $Credential2 -Tenant $TenantId2
+    }
+    else{
     Add-AzureRmAccount -EnvironmentName $cloudName2 -Credential $Credential2
     }
+    }
 #Using CertSPN
     "CertSPN"{
     Add-AzureRmAccount -Environment $cloudName2 -ServicePrincipal -CertificateThumbprint $CertificateThumbprint2 -ApplicationId $ApplicationId2 -TenantId $TenantId2

asUsageToOMS.ps1

@@ -1,16 +1,16 @@
-[CmdletBinding()]
-param(
-    [Parameter(Mandatory = $true)]
-    [string] $CloudName   
-)
-
-Start-Transcript -Path "C:\AZSAdminOMSInt\asUsageToOMS_$CloudName.log"
-& .\usagesummaryjson.ps1 -CloudName $CloudName
-
-# set execution policy and import OMS Ingestion API. 
-Set-ExecutionPolicy -ExecutionPolicy Bypass -Force
-Install-Module -Name AzureRM.OperationalInsights -Force
-Install-Module -Name OMSIngestionAPI -Force
-
-& .\uploadToOMS.ps1 -CloudName $CloudName
-exit
+[CmdletBinding()]
+param(
+    [Parameter(Mandatory = $true)]
+    [string] $CloudName   
+)
+
+Start-Transcript -Path "C:\AZSAdminOMSInt\asUsageToOMS_$CloudName.log"
+& .\usagesummaryjson.ps1 -CloudName $CloudName
+
+# set execution policy and import OMS Ingestion API. 
+Set-ExecutionPolicy -ExecutionPolicy Bypass -Force
+Install-Module -Name AzureRM.OperationalInsights -Force
+Install-Module -Name OMSIngestionAPI -Force
+
+& .\uploadToOMS.ps1 -CloudName $CloudName
+exit

uploadToOMS.ps1

@@ -31,6 +31,7 @@ Switch($Authtype)
     $UserName2= $info.AzureStackAdminUsername
     $Password2= Get-Content "C:\AZSAdminOMSInt\azspassword_$CloudName.txt"| ConvertTo-SecureString
     $Credential2=New-Object PSCredential($UserName2,$Password2)
+    $TenantId2 = $info.TenantId
     }
 #Using CertSPN
     "CertSPN"{
@@ -58,8 +59,13 @@ Switch($Authtype)
 {
 #Set to AdminAccount or not set(old info file)
     {($_ -eq "AdminAccount") -or ($_ -eq $null)}{
+    if($TenantId2){#Use TenantID if one was provided
+        Add-AzureRmAccount -EnvironmentName $cloudName2 -Credential $Credential2 -Tenant $TenantId2
+    }
+    else{
     Add-AzureRmAccount -EnvironmentName $cloudName2 -Credential $Credential2
     }
+    }
 #Using CertSPN
     "CertSPN"{
     Add-AzureRmAccount -Environment $cloudName2 -ServicePrincipal -CertificateThumbprint $CertificateThumbprint2 -ApplicationId $ApplicationId2 -TenantId $TenantId2