![](/img/trans.png)
[英]How to export delegated permissions assigned to azure app registration using azure-AD module via PowerShell
[英]How to add Extension Properties for Azure-AD Device Objects using PowerShell?
我想使用 Power-Shell 为 Azure AD 中的设备对象添加扩展属性。 我搜索了很多,但只找到了用户对象的示例。我编写了一个脚本并且它成功地用于用户对象,但无法为设备设置扩展属性。
一个命令Set-AzureADUserExtension
存在用户但对于设备,没有这样的命令,例如
Set-AzureADDeviceExtension
(没有这样的命令存在)。 任何人都可以帮助我如何实现这一点?如何为设备对象设置扩展属性? 我想实现这样的目标:
New-AzureADApplicationExtensionProperty -ObjectId $MyApp -Name "MyNewProperty" -DataType "String" -TargetObjects "Device";
Set-AzureADDeviceExtension -ObjectId $deviceId -ExtensionName "extension_0380f0f700c040b5aa577c9268940b53_MyNewProperty" -ExtensionValue "MyNewValue";
我一直在寻找完全一样的东西,那时和今天都没找到任何东西。 我必须使用Microsoft Graph API向设备对象添加新的扩展。 咨询也一样。
Install-Module AzureAD
or
Import-Module AzureAD
$ObjectID = (Get-AzureADDevice -SearchString 'Object-Name').ObjectId
注意:请求中的“ id”是设备的“ id”属性,而不是“ deviceId”属性。
https://portal.azure.com - Azure Active Directory - App registrations - New registration
名称:YourAppName
支持的帐户类型:仅此组织目录中的帐户(默认目录)
重定向URI:(WEB) https://login.microsoftonline.com/common/oauth2/nativeclient
https://portal.azure.com - Azure Active Directory - App registrations - YourAppName
证书和机密-新客户机密
API权限-添加权限-Microsoft Graph-委托权限
## Directory.AccessAsUser.All : Minimun privilege for Get, add, update and delete extensions. (https://docs.microsoft.com/en-us/graph/api/opentypeextension-post-opentypeextension?view=graph-rest-1.0)
$scopes = "Directory.AccessAsUser.All"
$redirectURL = "https://login.microsoftonline.com/common/oauth2/nativeclient"
$clientID = "YourAppIdClient"
$clientSecret = [System.Web.HttpUtility]::UrlEncode("YourAppClientSecret")
$authorizeUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
$requestUrl = $authorizeUrl + "?scope=$scopes"
$requestUrl += "&response_type=code"
$requestUrl += "&client_id=$clientID"
$requestUrl += "&redirect_uri=$redirectURL"
$requestUrl += "&response_mode=query"
Write-Host
Write-Host "Copy the following URL and paste the following into your browser:"
Write-Host
Write-Host $requestUrl -ForegroundColor Cyan
Write-Host
Write-Host "Copy the code querystring value from the browser and paste it below."
Write-Host
$code = Read-Host -Prompt "Enter the code"
$body = "client_id=$clientID&client_secret=$clientSecret&scope=$scopes&grant_type=authorization_code&code=$code&redirect_uri=$redirectURL"
$tokenUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/token"
$response = Invoke-RestMethod -Method Post -Uri $tokenUrl -Headers @{"Content-Type" = "application/x-www-form-urlencoded"} -Body $body
$token = $response.access_token
$apiUrl = 'https://graph.microsoft.com/v1.0/devices/<ID-Object>/extensions' ## change <ID-Object> for your ObjectID.
(https://docs.microsoft.com/en-us/graph/api/device-get?view=graph-rest-1.0&tabs=cs)
$Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $accessToken"} -Uri $apiUrl -Method Get
$Data.Value | fl
$apiUrl = 'https://graph.microsoft.com/v1.0/devices/<ID-Object>/extensions'
$body = '{
"@odata.type": "microsoft.graph.openTypeExtension",
"id": "test.extension",
"name_extension": "example"
}'
Invoke-RestMethod -Headers @{Authorization = "Bearer $token"; "Content-type" = "application/json"} -Uri $apiUrl -Method Post -Body $body
## Actualizar datos de una extensión
$apiUrl = 'https://graph.microsoft.com/v1.0/devices/<ID-Object>/extensions/test.extension' ## Extension ID to update
$body = '{
"@odata.type": "microsoft.graph.openTypeExtension",
"id": "test.extension",
"name_extension": "new_value"
}'
Invoke-RestMethod -Headers @{Authorization = "Bearer $token"; "Content-type" = "application/json"} -Uri $apiUrl -Method Patch -Body $body
$apiUrl = 'https://graph.microsoft.com/v1.0/devices/<ID-Object>/extensions/test.extension'
Invoke-RestMethod -Headers @{Authorization = "Bearer $token"; "Content-type" = "application/json"} -Uri $apiUrl -Method Delete
对于在 Azure AD 条件访问策略中使用设备筛选器扩展属性的过程中登陆这里的任何人,这篇文章对我来说是一个巨大的帮助: https : //www.michev.info/Blog/Post/3472/configuring-extension- azure-ad 中的设备属性
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.