Printer deployment with Intune is not always easy. In larger environments you probably still have a Windows Print Server using printer shares. Connecting them is usually done via PowerShell scripting or Win32 Apps in Intune.
This solution is for those environments where you have no Windows Print Server and no Cloud Printing solution available. Just a bunch of clients and a bunch of IP printers. Getting the drivers installed can be a cumbersome task, especially if there are many different types of printers and default settings. I have done this in the past at clients where there was no better way.
.REVISIONS 2024_v03 – Save password (cleartext) in export file? (Y/N) -> YES was not working. Fixed. 2024_v02 – Update, Object ID instead of AppID was exported. Fixed. 2024_v01 – first release
First release (v01) contained a little bug. Instead of the Application ID, the Object ID of the AppReg was exported in the ouput. This is fixed in v02.
During my work as an IT Consultant, I frequently use PowerShell scripts to connect to Azure, Microsoft 365 or Microsoft Graph. When these scripts run automated on servers or in Azure Automate, I often use certificates for authentication. Creating these App Registrations in Entra ID portal is not very convenient.
I have used scripts before to create these App Regs. You might have seen it in my PSRoomSigning solution.
This script is a very complete App Reg Manager.
Features:
Create a new App Registration in Microsoft Entra ID with a new self-signed certificate.
Delete App Registrations in Microsoft Entra ID (multi select supported).
Report App Registrations with certificates/secrets that are expired or about to expire (export2csv).
Report API permissions or Role Permissions on App Registrations (export2csv).
Create a new self-signed certificate and add it to an existing App Registration (one that is about to expire).
You can choose how long the certificate is valid in days.
After creation it exports the certificate into a PFX file.
After creation it exports sample PowerShell code to use the new App Registration in PowerShell.
Requirements
Runs on PowerShell (only tested on Windows)
Uses Microsoft Graph PowerShell module (https://learn.microsoft.com/en-us/powershell/microsoftgraph/installation?view=graph-powershell-1.0)
Need Global Admin account or (….)
Installation:
Install the required PowerShell module: Install-Module -Name Microsoft.Graph
Extract the ZIP file to a scripts folder i.e. “c:\scripts\appregmgr”
Welcome to part 2 of the Azure VPN blog, here you can find part 1. This part of the blog explains how to configure Azure VPN with Always ON and Azure Active Directory authentication and MFA. This will allow Modern Managed Azure AD Joined Windows 10 workplace to connect secure to the Azure network, and if required and you have a route back to on-premises you will be able to connect to on-premises network as well.
Today I noticed something strange. I am scripting with AzureAD PowerShell against Azure AD. I have created a script that will create a Service Principal Name with Directory Reader role. This worked perfectly in my old trial/demo tenant and in customer tenants.
Last week I had to recreate my test lab environment because the licenses expired (I use 1 year demo tenants). Today I tried to create the SPN with the previously created PowerShell script and add the Directory Reader Role.
That script errored out at the line: Add-AzureADDirectoryRoleMember -ObjectId (Get-AzureADDirectoryRole | where-object {$_.DisplayName -eq “Directory Readers”}).Objectid -RefObjectId $sp.ObjectId
I tried logging in with Connect-AzureAD to the tenant in a new PowerShell window with my Global Admin account to the same tenant. After that I tried this command: Get-AzureADDirectoryRole
According to this PowerShell command there are only two Directory Roles.
We use cookies to optimize our website and our service.
Functional cookies
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.