Improve key deletion script and consistency

This proposed change fixes a few issues in the document:

- There was an inconsistency between the one-year client secret script and the three-year one - namely that the first adds 1 year to the current date on three different lines, while the second calculates the end date first, and uses it. I have made the first script consistent with the second, which is the cleaner of the two.
- The information about deleting old keys was confusing:
  - It instructed the user to manually copy & paste the key ids in their script. Manually copy/pasting them is not necessary when the $keys variable can be used to pass the keys into `Remove-MsolServicePrincipalCredential`.
  - It was further confusing because the line where they're supposed to paste the keys is immediately after the line retrieving the keys, and there was nothing in the script that would output them to the console so they could copy/paste them.

These changes should hopefully make this document a bit clearer.

Author: JLRishe

docs/sp-add-ins/replace-an-expiring-client-secret-in-a-sharepoint-add-in.md

@@ -64,9 +64,11 @@ Ensure the following before you begin:
     $rand.GetBytes($bytes)
     $rand.Dispose()
     $newClientSecret = [System.Convert]::ToBase64String($bytes)
-    New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret -StartDate (Get-Date) -EndDate (Get-Date).AddYears(1)
-    New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret -StartDate (Get-Date) -EndDate (Get-Date).AddYears(1)
-    New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret -StartDate (Get-Date) -EndDate (Get-Date).AddYears(1)
+    $dtStart = [System.DateTime]::Now
+    $dtEnd = $dtStart.AddYears(1)
+    New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret -StartDate (Get-Date) -EndDate $dtEnd
+    New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret -StartDate (Get-Date) -EndDate $dtEnd
+    New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret -StartDate (Get-Date) -EndDate $dtEnd
     $newClientSecret
     ```
 
@@ -128,15 +130,21 @@ For expired client secrets, first you must delete all of the expired secrets for
     connect-msolservice -credential $msolcred
     ```
 
-1. Get **ServicePrincipals** and keys. Printing **$keys** returns three records. Replace each **KeyId** in **KeyId1**, **KeyId2**, and **KeyId3**. You also see the **EndDate** of each key. Confirm whether your expired key appears there.
+1. Get **ServicePrincipals** and keys. Printing **$keys** returns three records. You also see the **EndDate** of each key. Confirm whether your expired key appears there.
 
     > [!NOTE]
     > The **clientId** needs to match your expired **clientId**. It's recommended to delete all keys, both expired and unexpired, for this **clientId**.
 
     ```powershell
     $clientId = "27c5b286-62a6-45c7-beda-abbaea6eecf2"
     $keys = Get-MsolServicePrincipalCredential -AppPrincipalId $clientId
-    Remove-MsolServicePrincipalCredential -KeyIds @("KeyId1"," KeyId2"," KeyId3") -AppPrincipalId $clientId
+    $keys
+    ```
+
+1. Remove all keys once you have confirmed that they are indeed expired.
+
+    ```powershell
+    Remove-MsolServicePrincipalCredential -KeyIds $keys.KeyId -AppPrincipalId $clientId
     ```
 
 1. Generate a new **ClientSecret** for this **clientID**. It uses the same **clientId** as set in the preceding step. The new **ClientSecret** is valid for three years.