Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
996 views
in Technique[技术] by (71.8m points)

powershell - Azure AD - enable the service principal as a an application administrator

I'd like to know how to have a ServicePrincipal in Azure AD that will be able to alter app registrations that it doesn't own, like remove an app or rotate its keys. I was told that if SP has "Application administrator" role then it should have enough permissions to do so.

So how would I be able to achieve this in Powershell?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

I think you are looking for the Add-AzureADDirectoryRoleMember PowerShell cmdlet.

Here is an example:

# Fetch role instance
$role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Application Administrator'}

# If role instance does not exist, instantiate it based on the role template
if ($role -eq $null) {
    # Instantiate an instance of the role template
    $roleTemplate = Get-AzureADDirectoryRoleTemplate | Where-Object {$_.displayName -eq 'Application Administrator'}
    Enable-AzureADDirectoryRole -RoleTemplateId $roleTemplate.ObjectId

    # Fetch role
    $role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Application Administrator'}
}

# Add the SP to role
Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId  -RefObjectId <ObjectID of your SP>

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...