Azure Powershell 将 `Set-AzureADApplication` 转换为 `Update-MgApplication`
问题描述 投票:0回答:1
我正在将我的 Azure Powershell 代码中的
Set-AzureADApplicationUpdate-MgApplicationfunction Add-Application {
param(
[string]$appName
)
$ReplyURL = Read-Host "Enter your redirect URI"
#$App = New-AzureADApplication -DisplayName $appName -ReplyUrls $ReplyURL
$App = New-MgApplication -DisplayName $AppName -DefaultRedirectUri $ReplyURL
#New-AzureADServicePrincipal -AppId $App.AppId
New-MgServicePrincipal -AppId $App.AppId
}
# -------------------------------------------------------------
# Function to Add Permissions
function Add-Permission {
param(
[string]$appName
)
$Graph = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
$Graph.ResourceAppId = "00000003-0000-0000-c000-000000000000" # Microsoft Graph API
$Azure = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
$Azure.ResourceAppId = "797f4846-ba00-4fd7-ba43-dac1f8f63013" # Azure Service Management API
$UserReadAll = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "a154be20-db9c-4678-8ab7-66f6cc099a59","Scope"
$GroupReadAll = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "5f8c59db-677d-491f-a6b8-5f174b11ec1d","Scope"
$GroupMemberReadAll = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "bc024368-1153-4739-b217-4326f2e966d0","Scope"
$GroupMemberReadWriteAll = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "f81125ac-d3b7-4573-a3b2-7099cc39df9e","Scope"
$DirectoryReadAll = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "06da0dbc-49e2-44d2-8312-53f166ab848a","Scope"
$AuditLogReadAll = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "e4c9e354-4dc5-45b8-9e7c-e1393b0b1a20","Scope"
$offlineaccess = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "7427e0e9-2fba-42fe-b0c0-848c9e6a8182","Scope"
$Graph.ResourceAccess = $UserReadAll, $GroupReadAll, $GroupMemberReadAll, $GroupMemberReadWriteAll, $DirectoryReadAll, $AuditLogReadAll, $offlineaccess
$userimpersonation = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "41094075-9dad-400e-a0bd-54e686782033","Scope"
$Azure.ResourceAccess = $userimpersonation
#$App = Get-AzureADApplication -Filter "DisplayName eq '$($appName)'"
$App = Get-MgApplication -Filter "DisplayName eq '$($appName)'"
#Set-AzureADApplication -ObjectId $App.ObjectId -RequiredResourceAccess $Graph, $Azure
Update-MgApplication -ObjectId $App.Id -RequiredResourceAccess $Graph, $Azure
}
当我运行此代码时,我收到此新错误:
所以我明白这与这部分代码有关:
$Graph = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess" $Graph.ResourceAppId = "00000003-0000-0000-c000-000000000000" # Microsoft Graph API但是我该如何解决这个错误呢?我想一个更广泛的问题是如何使用
Update-MgApplication1个回答
0
投票
投票
您可以使用以下modified脚本使用Update-MgApplication命令添加
Deleerated权限:
function Add-Application {
param(
[string]$appName
)
$ReplyURL = Read-Host "Enter your redirect URI"
$App = New-MgApplication -DisplayName $AppName -Web @{ RedirectUris = @($ReplyURL) }
New-MgServicePrincipal -AppId $App.AppId
}
# -------------------------------------------------------------
# Function to Add Permissions
function Add-Permission {
param(
[string]$appName
)
$delegatedPermissions = @(
"AuditLog.Read.All",
"Directory.Read.All",
"User.Read.All",
"offline_access",
"Group.Read.All",
"GroupMember.Read.All",
"GroupMember.ReadWrite.All"
)
$filteredPermissions = Get-MgServicePrincipal -Filter "displayName eq 'Microsoft Graph'" -Property Oauth2PermissionScopes | Select -ExpandProperty Oauth2PermissionScopes | Where-Object { $delegatedPermissions -contains $_.Value }
$azureServicePermission = @{
resourceAppId = "797f4846-ba00-4fd7-ba43-dac1f8f63013"
resourceAccess = @(
@{
id = "41094075-9dad-400e-a0bd-54e686782033"
type = "Scope"
}
)
}
$app = Get-MgApplication -Filter "DisplayName eq '$appName'"
$params = @{
requiredResourceAccess = @(
$azureServicePermission,
@{
resourceAppId = "00000003-0000-0000-c000-000000000000"
resourceAccess = $filteredPermissions | ForEach-Object {
@{
id = $_.Id
type = "Scope"
}
}
}
)
}
Update-MgApplication -ApplicationId $app.Id -BodyParameter $params
}
为了调用这些函数,我运行了 PowerShell 命令并得到了响应,如下所示:
Add-Application -appName "SriDemoApp"
Add-Permission -appName "SriDemoApp"
回复:
当我在门户中检查相同内容时,使用
API permissions
最新问题
- 如何设置laravel sail以在docker compose上使用sqlite
- 无法在 VSCode 中运行 JUnit。 AssertEquals 符号无法识别
- 如何使用动态密钥在 laravel livewire 表单中获取错误?
- Web Animation API:animation.finished 的 Promise 始终处于待处理状态
- 我无法从 Rust 中的串联字节字符串中获取原始字节
- 如何设置springboot配置文件来达到java -Dfile.encoding=UTF-8的效果
- 未找到默认构造函数;嵌套异常是 Log4J 的 java.lang.NoSuchMethodException?
- LightGBM - 我实际上有多少棵树?
- react原生giftedchat无法编辑消息文本
- 使用 Bootstrap 5 Utility API 添加实用程序
- RSQLite - dbWriteTable - field.type - 如何获得正确的日期格式?
- https://cdn.jsdelivr.net/的证书无效
- 如何通过固定出站端口连接到SFTP服务器?
- 我应该如何删除重复的行
- 使用 Grafana Agent 和 Cadvisor 监控容器平均负载(Docker 集成)
- 如何用4个点计算球心?
- GoogleSheets - 数据透视表上的切片器
- 有没有办法获取Azure数据工厂的静态IP地址
- 为什么我们在java中需要更小的整数类型,如果它最终会被类型转换为int?
- 如何改变Shadcn对话框组件的大小?
© www.soinside.com 2019 - 2024. All rights reserved.