1 minute read

It is happening from time to time that you want to share your passion and knowledge about Azure Cloud with community on workshops. AzurePrepareWorkshop First issues that you are struggling is that starting can be painfully, as people need to have Azure Subscription, Azure Tenant, connect payment card even for free Azure Subscription as afraid to pay, go with whole process. Even when all participants have azure pass they are struggling with issues as using all ready used email, use production tenant. One of the approach when each of participants on Azure Cloud workshops can not have their own Azure Subscription is to create, shared subscription.

When we care new subscription and tenant, create new workshops users and service principals and created dedicated resource group with corresponding access.


Connect-AzAccount -Tenant $domain
Select-AzSubscription -SubscriptionId  $SubscriptionId

Import-Module AzureAD
Connect-AzureAD -TenantDomain $domain


$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$PasswordProfile.Password = "ChangeMe1#"
$PasswordProfile.ForceChangePasswordNextLogin = $true
$array = @()
For ($i=2; $i -le $howManyCreate ; $i++)
    # create user
    $u=New-AzureADUser -DisplayName $user -PasswordProfile $PasswordProfile -AccountEnabled $true -MailNickName $login_prefix+$i -UserPrincipalName $user

    # create service principal for AppId and $s.PasswordCredentials.SecretText, valid 10 days
    $s = New-AzAdServicePrincipal -DisplayName $sp -EndDate (Get-Date).AddDays(10) -StartDate $(Get-Date)

    # If need to create new secret for Application $aadAppsecret01.Value
    #$aadAppsecret01 = New-AzureADApplicationPasswordCredential -ObjectId $($s.AppId) -CustomKeyIdentifier "secret01" -StartDate $(Get-Date) -EndDate (Get-Date).AddDays(10)

    # Create resource group
    $rg=New-AzResourceGroup -Location westeurope -Name RG-user$i -Force

    # Assign user and service principal permissions for Resouce Group
    New-AzRoleAssignment -ObjectId $($u.ObjectId)  -RoleDefinitionName 'Owner' -ResourceGroupName $rg.ResourceGroupName
    New-AzRoleAssignment -ApplicationId $($s.AppId) -RoleDefinitionName 'Owner' -ResourceGroupName $rg.ResourceGroupName

    # Create object for get all information is nice output
    $object = New-Object -TypeName PSObject
    $object | Add-Member -Name 'user' -MemberType Noteproperty -Value $user
    $object | Add-Member -Name 'password' -MemberType Noteproperty -Value $PasswordProfile.Password
    $object | Add-Member -Name 'spAppId' -MemberType Noteproperty -Value $s.AppId
    $object | Add-Member -Name 'spSecret' -MemberType Noteproperty -Value $s.PasswordCredentials.SecretText
    $object | Add-Member -Name 'rgName' -MemberType Noteproperty -Value $rg.ResourceGroupName.ToString()
    $array += $object

$array | Format-Table
$array | Out-GridView


As result of script we will get this table, where we can share it with participants of workshops

user password spAppId spSecret rgName
[email protected] ChangeMe1# 5dfa5984-a665-406e-bb88-e4370d0edb1e Obx8Q~ADxwkIfAL-ZsATG2sRrjBNDyASDASDASDA RG-user0
[email protected] ChangeMe1# 28b8025c-357e-4de0-ae1b-fed6ae1bcec3 L~I8Q~O~rmBluvQBWC1QdUjwko2Fo~ASDASDASDA RG-user1

Clean up

When we are done we can remove all created objects

Get-AzureADUser -SearchString user|Remove-AzureADUser
Get-AzResourceGroup -Name Rg-user*|Remove-AzResourceGroup -Force