How to add user assigned identity to AAD group with Powershell?
Question
I am able to add service principals and individual users to Azure Active Directory group with command:
Add-AzADGroupMember -TargetGroupObjectId GROUPID -MemberObjectId MEMBERID
I'm giving the user assigned managed identity principal id from the portal as MemberObjectId. I suppose the ID is something else, but what it is and how to get it? I have tried client id as well, with no luck.
When I try to run the same command with user assigned managed id, it fails with the error:
Line | 143 | Az.MSGraph.internal\New-AzADGroupGraphRefMember @PSBoundP … | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Resource 'XXXXX-...' does not exist or one of its queried reference-property objects | are not present.
1 answers
solution1
0 ACCPTED 2022-11-30 11:55:13
I tried to reproduce the same in my environment and got below results
I have one User Assigned Managed Identity named UserassignedMI like below:
To add the above identity to Azure AD group, I ran the same command as you by giving Client ID and got same error as below:
Add-AzADGroupMember -TargetGroupObjectId <GroupID> -MemberObjectId <Client ID>
Response:
But when I used Object (principal) ID for -MemberObjectID , it worked and gave results successfully like below:
Add-AzADGroupMember -TargetGroupObjectId <GroupID> -MemberObjectId <Object (principal) ID>
Get-AzADGroupMember -GroupObjectId <GroupID>
Response:
When I checked the same in Portal, managed identity added to the group successfully like below:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.