stackoom
  简体   繁体   中英

Add Computer Device to AAD Group via Graph API in Powershell

 原文  2020-08-25 13:22:29       powershell/ microsoft-graph-api

Question

how do i add a computer device to an existing AAD security group? I create a token with this

$Body = @{
    'tenant'        = $TenantId
    'client_id'     = $ClientId
    'scope'         = 'https://graph.microsoft.com/.default'
    'client_secret' = $ClientSecret
    'grant_type'    = 'client_credentials'
}

$Params = @{
    'Uri'         = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"
    'Method'      = 'Post'
    'Body'        = $Body
    'ContentType' = 'application/x-www-form-urlencoded'
}

$AuthResponse = Invoke-RestMethod @Params

$Headers = @{
    'Authorization' = "Bearer $($AuthResponse.access_token)"
}

After that i can make queries to the Graph API. Fetching group information

Invoke-RestMethod -Uri 'https://graph.microsoft.com/v1.0/groups/<GUID_group>' -Headers $Headers

Getting the correct result with all information of the group.

The microsoft documentatios says to add a member use this: 

https://graph.microsoft.com/v1.0/groups/{id}/members/$ref

But where i do define the ObjectID of the computer device? If i run the request like above, nothing will happen, like described in the microsoft docs.

This one also would not work:

https://graph.microsoft.com/v1.0/groups/<GUID_group>/members/<GUID_computer>

Then it says that the group does not exists

"error": {
 "code": "Request_ResourceNotFound",
 "message": "Resource '<GUID_group>' does not exist or one of its queried reference-property objects are not present.",
 "innerError": {
   "date": "2020-08-25T12:47:10",
   "request-id": "bc728016..."
 }
}

Neither GET nor POST works.

Any ideas or is more information needed?

Maybe i am using the wrong query to accomplish what i want to do. I took a look at the directoryObject querys, but everytime i got refered to the Add member to group Site

Thanks!

1 answers

solution1
 0  2020-08-26 14:00:35

Please try the below query in the graph explorer

You can get group id by running below query

Get https://graph.microsoft.com/v1.0/groups

To get device id by running below query

Get https://graph.microsoft.com/v1.0/devices

To add the device into the group use groupid and deviceid for below query and you get 204 response

Post https://graph.microsoft.com/v1.0/groups/{groupid}/members/$ref
{
    "@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/deviceid"
}

By using below query you will get the details of group where your device memberof

 GET https://graph.microsoft.com/v1.0/devices/deviceid/memberOf

在此处输入图片说明

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Adding group members via Azure Graph API and Powershell Assign access to users AAD application powershell or Graph API How to add Azure Active Directory role via Graph API or PowerShell? Powershell get computer name and add to AD group How can I authenticate to AAD and call the Graph API as a Native Client application with PowerShell? Send Mail with attachment via Powershell Graph API Permissions to access to MS Graph API via PowerShell Programmatically authenticate into AAD with MFA via powershell PowerShell v2.0+ add a computer to a domain global group Use PowerShell to add a user to a group via the pipeline
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM