top of page

Project Azure_Users_SQL_Insert

Below is the full script I use in Task Scheduler to be executed each day at 8 AM to insert any new user accounts without any interaction required. I use a Invoke-SQLCmd statement that allow the use of the Widows Account executing the script to login to SQL. This way I can use a one account assigned in Task Scheduler that has access to SQL and then an inline authentication in the script to access AzureAD.

​

If you read through the script, you will see I

poll AzureAD and SQL and do a comparison

by ObjectID to assure I only add new accounts.

Special Note: If you are not familiar with this type of connection to AzureAD its due to the need to logon via Task Scheduler. You need a passthrough "Unattended Login" read only account. I explain and link to site how to create this type of account Here. 

​

Connection: Connect-AzureAD -TenantId $tenantid -ApplicationId $appid -CertificateThumbprint $Thumbprint

Download Insert User Script

#Install Azure AD Module Internet & Import the SQL Module (Local File Systems) for PowerShell
install-module AzureAD
Import-Module "C:\Scheduled-Tasks\SQL_Module\SqlServer.psm1"

#Auto login Data & Connect to Azure 
$AppID = 'b7bbcxxxxxx-9c667105'
$TenantID = '8d151eaxxxxxx5e020c04470'
$Thumbprint = 'D5Exxxxxxx752AF04E022C71F8'
Connect-AzureAD -TenantId $tenantid -ApplicationId $appid -CertificateThumbprint $Thumbprint

#-------------------------------------------------------------------------------------------------
#                 Compare Data to see what accounts are new and not in SQL
#-------------------------------------------------------------------------------------------------

#Gather All Azure AD Users
$Userdata=Get-AzureADUser | Select *

#Gather All SQL Users  
$Query= "SELECT ObjectID FROM [Azure_Data].[dbo].[Azure_User]" 
$SQL_ObjectIDs=Invoke-Sqlcmd  -ConnectionString "Data Source=Media-Center\SQLExpress;Initial Catalog=Azure_Data; Integrated Security=True;" -Query "$Query"

#Build Usable Array for SQL Data (System.Data.DataRow)
$SQL_Array=@()
Foreach($SQLItem in $SQL_ObjectIDs){
    $SQL_Array+=$SQLItem.Item(0);
}

#Compare Values allow only new accounts into SQL 
$AccountID=Compare-Object -ReferenceObject $SQL_Array -DifferenceObject $Userdata.ObjectID | ? {$_.SideIndicator -eq '=>'} | Select -ExpandProperty inputobject

#Loop Through New Accounts to be Added by ObjectID
$NewUserData=@()
Foreach($Account in $AccountID){
    #Gather All User Data in Azure AD for Select ObjectID
    $NewUserData+=Get-AzureADUser | Select * | Where{$_.ObjectID -eq $AccountID}
}

#Loop Through and Insert into SQL 
Foreach($Item in $NewUserData){   

    #Variables 
    $UserPrincipalName = $Item.UserPrincipalName
    $DisplayName = $Item.DisplayName
    $AccountEnabled = $Item.AccountEnabled
    $ObjectId = $Item.ObjectId
    $JobTitle = $Item.JobTitle
    $Mobile = $Item.Mobile
    $TelephoneNumber = $Item.TelephoneNumber
    $GivenName = $Item.GivenName
    $Surname = $Surname

​

    #Default Template for Inserting Data into SQL
    $MySQL_Insert="INSERT INTO [dbo].[Azure_User]
               ([UPN]
               ,[DisplayName]
               ,[AccountEnabled]
               ,[ObjectId]
               ,[JobTitle]
               ,[Mobile]
               ,[TelephoneNumber]
               ,[Surname]
               ,[GivenName])
         VALUES
               ('$UserPrincipalName',
                '$DisplayName',
                '$AccountEnabled',
                '$ObjectId',
                '$JobTitle',
                '$Mobile',
                '$TelephoneNumber',
                '$Surname',
                '$GivenName')"

    #Command to Execute and Insert to SQL 
 Invoke-Sqlcmd  -ConnectionString "Data Source=Media-Center\SQLExpress;Initial Catalog=Azure_Data; Integrated Security=True;" -Query $MySQL_Insert
    
}

bottom of page