JyskIT.Automation

0.1.2

Public/PartnerActions/Initialize-Tenant.ps1

                                function Initialize-Tenant {

    param(

        [Parameter(Mandatory)]

        [string]$TenantId)

    process {

        $Customer = Get-Tenants | Where-Object { $_.CustomerId -eq $TenantId }

        $RelationshipName = "Jysk IT (tmp) - $($Customer.DisplayName)".Replace("æ","ae").Replace("ø","oe").Replace("å","aa").Replace("/","")

        $RelationshipParams.displayName = $RelationshipName

        $RelationshipParams.customer.tenantId = $TenantId

        $RelationshipParams.customer.displayName = $Customer.DisplayName

        # Connect to our partner tenant

        Connect-CustomerGraph -CustomerTenantId $PartnerTenantId

        try {

            $Relationship = New-MgTenantRelationshipDelegatedAdminRelationship -BodyParameter $RelationshipParams

            Write-Host "Created new GDAP relationship: $($Relationship.DisplayName)" -ForegroundColor Green

        } catch {

            Write-Error "Failed to create GDAP relationship: $_"

        }

        $RelationshipRequestParams = @{

            action = "lockForApproval"

        }

        try {

            New-MgTenantRelationshipDelegatedAdminRelationshipRequest -DelegatedAdminRelationshipId $Relationship.Id -BodyParameter $RelationshipRequestParams | Out-Null

            Write-Host "Sucessfully locked relationship for approval" -ForegroundColor Green

        } catch {

            Write-Error "Failed to lock relationship for approval: $_"

        }

        $InvitationLink = "https://admin.microsoft.com/AdminPortal/Home#/partners/invitation/granularAdminRelationships/$($Relationship.Id)"

        $LoginUrl = "https://admin.microsoft.com/login?username=admin@$($Customer.DefaultDomainName)"

        Write-Host "Opened login page in Edge inPrivate. ($($LoginUrl))"

        Write-Host "Log in using default admin user (admin@$($Customer.DefaultDomainName)) and password from Curanet."

        Write-Host "It will ask you to change the password. Change it to something random - it will no longer be neccessary to use this password."

        Start-Process -FilePath "msedge.exe" -Argumentlist "-inprivate", "$($LoginUrl)"

        Read-Host "Press any key to continue when logged in.."

        Write-Host "Opened GDAP invitation link in Edge inPrivate. ($($InvitationLink))"

        Start-Process -FilePath "msedge.exe" -Argumentlist "-inprivate", "$($InvitationLink)"

        Write-Host "Accept the invitation!"

        # Wait for approval

        $RelationshipCheck = Get-MgTenantRelationshipDelegatedAdminRelationship -DelegatedAdminRelationshipId $Relationship.Id

        while($RelationshipCheck.Status -ne "active") {

            Write-Host "Waiting for approval.."

            Start-Sleep -Seconds 5

            $RelationshipCheck = Get-MgTenantRelationshipDelegatedAdminRelationship -DelegatedAdminRelationshipId $Relationship.Id

        }

        Write-Host "GDAP relationship approved!" -ForegroundColor Green

        New-GDAPAccessAssignments -RelationshipId $Relationship.Id

        # Get consent for our SAM application

        Set-SAMConsent -CustomerTenantId $TenantId

        Connect-CustomerGraph -CustomerTenantId $TenantId

        Disable-SecurityDefaults -TenantId $TenantId

        $AdminUser = New-AdminUser -TenantId $TenantId

        Disconnect-CustomerGraph

    }

}