Adaxes

Sign out all O365 session

0 votes

I'm trying to create a custom command to Sign out a user of all Office 365 sessions via powershell.
Unfortunately the cmdlet requires the AzureAD module which is not supported by the Adaxes "internal" powershell.

In the script repository I found the quite clever way of starting a new powershell instance which has support for the required module (https://www.adaxes.com/script-repositor ... e-s442.htm). However, I do not have a way to pass the stored Office 365 credential to the scriptblock and the Adaxes powershell module does not seem to have a way to get this credential (GetOffice365Credential).

Is there any way to either make the AzureAD module work with the powershell instance Adaxes uses or get the stored O365 credential with the Adaxes powershell module?

We're using Adaxes version 2017.2

by (70 points)

1 Answer

+1 vote
by (272k points)
selected by
Best answer

Hello Mark,

Have a look at the following script from our repository: https://www.adaxes.com/script-repositor ... e-s290.htm.

0

Thank you! Invoke-Command did the trick since it's possible to pass arguments to it.

This is what I ended up doing:

$scriptBlock = {
    import-Module AzureAD

    $creds = $args[0]
    $userid = $args[1]

    Connect-AzureAD -Credential $creds
    Revoke-AzureAdUserAllRefreshToken -objectID $userid
}

# Bind to member
$member = $Context.BindToObject("Adaxes://[domain]/%distinguishedName%")

# Get Office 365 Properties
$office365Properties = $member.GetOffice365Properties()

try {
    $objectId = [Guid]$member.Get("adm-O365ObjectId")
    $objectId = $objectId.ToString()
}
catch {
    $Context.LogMessage("The member doesn't have an Office 365 account", "Warning")
    return
}

# Get Office 365 Tenant credentials
$office365Cred = $Context.GetOffice365Credential()

Invoke-Command -ComputerName localhost -ScriptBlock $scriptBlock -ArgumentList $office365Cred, $objectId
by (70 points)
moved by

Related questions

0 votes
1 answer
Web Interface - Idle Session & Authentication Idle Time Out Limits not working

In Web Configuration, under advanced section we have set the Iddle Sessiom time out limit to 20 minutes and also the Authentication idle time out limit to 20 minutes, however ... there is any other way we can enforce re-login after session times out ? Thanks

asked Feb 13, 2021 by rsaran (70 points)
0 votes
1 answer
Revoke all Microsoft 365 Licenses and Block Sign-in

I have a custom command, copied from the buit-in deprovisioning script, that revokes all licenses and blocks sign in; however, I get an insufficient permissions error on the ... be happening. I can assign licenses with no issues. Any help would be appreciated.

asked Apr 12, 2023 by Michael Long (70 points)
0 votes
1 answer
How do I generate a report that will out put a list of all Approvers.

We have a rule setup that when a user requests membership into a group it will email approvers of the group for approval. I would like to create a report that sends out a list of ALL approvers for every group we have approvals setup for.

asked Dec 18, 2023 by jujones79 (20 points)
0 votes
1 answer
Is it possible to generate a report of all of the business rules carried out on a user when they are disabled?

I'd like to be able to either send an email report or export a CSV of all of the business rules carried out when a user is disabled. This would be ... Management Activity section but this includes things that weren't part of the disable operation. Thanks

asked Feb 19, 2020 by bavery (250 points)
0 votes
1 answer
Ways to remove all O365 Exchange delegates, and reset a users MFA in Adaxes.

Hi All, I am looking for a script i can use in adaxes, that removes all delegates for an exchange O365 mailbox, and reset their MFA tokens as well. I ... ($mailbox.Identity)" } } } # Disconnect from Exchange Online Disconnect-ExchangeOnline -Confirm:$false

asked 1 day ago by Brobertson92594 (20 points)
3,346 questions
3,047 answers
7,782 comments
544,982 users