-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathpurge_deleted_objects.ps1
57 lines (51 loc) · 1.76 KB
/
purge_deleted_objects.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/usr/bin/env pwsh
<#
.SYNOPSIS
Purge deleted objects from Azure Active Directory
.EXAMPLE
./purge_deleted_objects.ps1 -ObjectType Application
.EXAMPLE
./purge_deleted_objects.ps1 -ObjectType Group
#>
#Requires -Version 7
param (
[parameter(Mandatory=$false)]
[ValidateSet("Application", "Group")]
[string]
$ObjectType="Application",
[parameter(Mandatory=$false,HelpMessage="Azure Active Directory tenant id")]
[guid]
$TenantId=($env:ARM_TENANT_ID ?? $env:AZURE_TENANT_ID)
)
. (Join-Path $PSScriptRoot functions.ps1)
# Login to Azure CLI
Write-Verbose "Logging into Azure..."
Login-Az -Tenant ([ref]$TenantId)
New-TemporaryFile | Select-Object -ExpandProperty FullName | Set-Variable jsonBodyFile
Write-Debug "jsonBodyFile: $jsonBodyFile"
@{
"userId" = $(az ad signed-in-user show --query id -o tsv)
"type" = $ObjectType
} | ConvertTo-Json | Set-Content -Path $jsonBodyFile
Get-Content -Path $jsonBodyFile | Write-Debug
az rest --method post `
--url "https://graph.microsoft.com/v1.0/directory/deletedItems/getUserOwnedObjects" `
--headers "Content-Type=application/json" `
--body `@$jsonBodyFile `
--query "value[]" `
-o json `
| ConvertFrom-Json `
| Set-Variable deletedObjects
$deletedObjects | Format-List | Out-String | Write-Debug
if (!$deletedObjects) {
Write-Host "No deleted objects found."
exit
}
foreach ($deletedObject in $deletedObjects) {
Write-Host "Deleting application: '$($deletedObject.displayName)'..."
$deletedObjectId = $deletedObject.id
Write-Debug "deletedObjectId: $deletedObjectId"
az rest --method delete `
--url "https://graph.microsoft.com/v1.0/directory/deletedItems/${deletedObjectId}" `
| Write-Debug
}