[英]Adding employee id to claims in azure AD, Add-AzureADServicePrincipalPolicy is giving does not exist error for service principal id
I'm following this tutorial我正在关注本教程
I've reached these instructions:我已经达到了这些指示:
Assign the policy to your service principal.将策略分配给您的服务主体。 You also need to get the ObjectId of your service principal.您还需要获取服务主体的 ObjectId。
To see all your organization's service principals, you can query the Microsoft Graph API.要查看您组织的所有服务主体,您可以查询 Microsoft Graph API。 Or, in Microsoft Graph Explorer, sign in to your Azure AD account.或者,在 Microsoft Graph Explorer 中,登录到您的 Azure AD 帐户。
When you have the ObjectId of your service principal, run the following command: PowerShell获得服务主体的 ObjectId 后,运行以下命令:PowerShell
Add-AzureADServicePrincipalPolicy -Id <ObjectId of the ServicePrincipal> -RefObjectId <ObjectId of the Policy>
So, getting the service principal ID is very unclear, I went to my Azure AD, clicked App Registrations, clicked my Application, this has Application ID, Object ID and Tenant ID, but according some instructions online I should click the "Managed application in..." on the right, which takes me to the Application |因此,获取服务主体 ID 非常不清楚,我去了我的 Azure AD,单击应用注册,单击我的应用程序,这有应用程序 ID,Object ID 和租户 ID,但根据一些在线说明,我应该单击“管理的应用程序” ...”在右侧,这将我带到应用程序 | Overview page, then the Object Id there is the one I need.概述页面,然后是 Object Id 那里是我需要的那个。
However it does not work.但是它不起作用。 I tried several IDs actually from various pages, but all presented me with this error:我实际上从不同的页面尝试了几个 ID,但都向我显示了这个错误:
C:\temp> Add-AzureADServicePrincipalPolicy -Id guid -RefObjectId otherguid
Add-AzureADServicePrincipalPolicy : Error occurred while executing AddServicePrincipalPolicy
Code: Request_ResourceNotFound
Message: Resource 'guid' does not exist or one of its queried reference-property
objects are not present.
InnerError:
RequestId: yetanotherguid
DateTimeStamp: Fri, 16 Sep 2022 09:45:14 GMT
HttpStatusCode: NotFound
HttpStatusDescription: Not Found
HttpResponseStatus: Completed
At line:1 char:1
+ Add-AzureADServicePrincipalPolicy -Id guid ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Add-AzureADServicePrincipalPolicy], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.Add
ServicePrincipalPolicy
Can anyone advise what to do?谁能建议该怎么做? I thought perhaps I'd be able to get the ID from a powershell command, I tried Get-AzureADServicePrincipal
which gave me a giant list but I couldn't see anything on there that looked like my application.我想也许我可以从 powershell 命令中获取 ID,我尝试了Get-AzureADServicePrincipal
,它给了我一个巨大的列表,但我在那里看不到任何看起来像我的应用程序的东西。
I tried to reproduce the same in my environment and got the same error as below:我试图在我的环境中重现相同的内容并得到与以下相同的错误:
The error usually occurs if you are giving Azure AD Application Object_ID
.如果您提供 Azure AD Application Object_ID
,通常会发生该错误。
To resolve the error, include the Object_ID
of the Azure Enterprise Application (Service Principal).要解决该错误,请包含Object_ID
企业应用程序(服务主体)的 Object_ID。
Please note that, Enterprise Applications are list of Service Principals.请注意,企业应用程序是服务主体列表。
You can find your Service Principal Object ID
like below:您可以找到您的服务主体Object ID
,如下所示:
Go to Enterprise Application -> Find your App Name -> Object_ID Go 到企业应用程序 -> 找到您的应用程序名称 -> Object_ID
From the PowerShell , you can get the Service Principal Object ID
like below:从PowerShell ,您可以获得服务主体Object ID
,如下所示:
Get-AzureADServicePrincipal -All:$true -SearchString test_app
I am able to add policy to the Service Principal by providing its Object_ID
successfully like below:我可以通过成功提供其Object_ID
来向服务主体添加策略,如下所示:
Add-AzureADServicePrincipalPolicy -Id <ObjectId of the ServicePrincipal> -RefObjectId <ObjectId of the Policy>
Get-AzureADServicePrincipalPolicy -Id PolicyID
Response:回复:
Please note that, If you are creating Azure AD Application via Azure PowerShell/CLI
Service Principal won't be created.请注意,如果您通过Azure PowerShell/CLI
服务主体创建 Azure AD 应用程序,则不会创建。 You have to create Application in Azure Portal manually to get the Service Principal created automatically.您必须手动在Azure 门户中创建应用程序才能自动创建服务主体。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.