Created
May 11, 2019 01:12
-
-
Save emregulcan/e419365433c6f7130806059f9f8da40e to your computer and use it in GitHub Desktop.
Dynamics 365 CE (CRM) Data Export Service - Setup Azure Key Vault
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -------------------------------------------------------------------------------- # | |
| # Provide the value for the following parameters before executing the script | |
| # This Powershell script copied from Microsoft official documentation on 2019-05-10 | |
| # Please check and validate before use, https://docs.microsoft.com/en-us/previous-versions/dynamicscrm-2016/administering-dynamics-365/mt744592(v=crm.8) | |
| $subscriptionId = '[Specifies the Azure subscription to which the Key Vault belongs.]' | |
| $keyvaultName = '[Specifies the name of the Key Vault. If the Key Vault does not exist, the script will create one]' | |
| $secretName = '[Specifies the name of the secret that is put into the Key Vault. The secret holds the destination database connection string.]' | |
| $resourceGroupName = '[Specifies the Resource Group for the Key Vault.]' | |
| $location = '[Specifies the Azure region where the Resource Group and Key Vault is placed.]' | |
| $connectionString = '[Specifies the destination database connection string that would be placed as a secret in the Key Vault.]' | |
| $organizationIdList = '[Specifies a comma separated list of all the CRM Organization Id which will be allowed to export data to the destination database.]' | |
| $tenantId = '[Specifies the Azure Active Directory Tenant Id to which all the specified CRM Organizations belong to.]' | |
| # -------------------------------------------------------------------------------- # | |
| # Login to Azure account, select subscription and tenant Id | |
| Login-AzureRmAccount | |
| Set-AzureRmContext -TenantId $tenantId -SubscriptionId $subscriptionId | |
| # Create new resource group if not exists. | |
| $rgAvail = Get-AzureRmResourceGroup -Name $resourceGroupName -Location $location -ErrorAction SilentlyContinue | |
| if(!$rgAvail){ | |
| New-AzureRmResourceGroup -Name $resourceGroupName -Location $location | |
| } | |
| # Create new key vault if not exists. | |
| $kvAvail = Get-AzureRmKeyVault -VaultName $keyvaultName -ResourceGroupName $resourceGroupName -ErrorAction SilentlyContinue | |
| if(!$kvAvail){ | |
| New-AzureRmKeyVault -VaultName $keyvaultName -ResourceGroupName $resourceGroupName -Location $location | |
| # Wait few seconds for DNS entry to propagate | |
| Start-Sleep -Seconds 15 | |
| } | |
| # Create tags to store allowed set of Organizations. | |
| $secretTags = @{} | |
| foreach ($orgId in $organizationIdList.Split(',')) { | |
| $secretTags.Add($orgId.Trim(), $tenantId) | |
| } | |
| # Add or update a secret to key vault. | |
| $secretVaule = ConvertTo-SecureString $connectionString -AsPlainText -Force | |
| $secret = Set-AzureKeyVaultSecret -VaultName $keyvaultName -Name $secretName -SecretValue $secretVaule -Tags $secretTags | |
| # Authorize application to access key vault. | |
| $servicePrincipal = 'b861dbcc-a7ef-4219-a005-0e4de4ea7dcf' | |
| Set-AzureRmKeyVaultAccessPolicy -VaultName $keyvaultName -ServicePrincipalName $servicePrincipal -PermissionsToSecrets get | |
| # Display secret url. | |
| Write-Host "Connection key vault URL is "$secret.id.TrimEnd($secret.Version)"" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
IMPORTANT
This Powershell script copied from Microsoft official documentation on 2019-05-10 , please check and validate before use, https://docs.microsoft.com/en-us/previous-versions/dynamicscrm-2016/administering-dynamics-365/mt744592(v=crm.8)