我尝试在PowerShell中添加图形API角色,并在使用图形而不是AzureAD模块时获得以下通用错误。
错误代码:
“出现一个或多个错误”
InnerException:System.ObjectDisposedException:无法访问已释放的对象。
我正在连接的服务主体在管理员同意下具有以下委托权限:
- Application.ReadWrite.All
- AppRoleAssignment.ReadWrite.All
- DelegatedPermissionGrant.ReadWrite.All
代码:
$ApplicationId = '<Myappid>'
$SecuredPassword = '<MyAppID secret>'
$tenantID = '<MyTenantID>'
$SecuredPasswordPassword = ConvertTo-SecureString -String $SecuredPassword -AsPlainText -Force
$ClientSecretCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $ApplicationId, $SecuredPasswordPassword
Connect-MgGraph -TenantId $tenantID -ClientSecretCredential $ClientSecretCredential
$params = @{
"PrincipalId" = "<principalID>" #ObjectID of the enterprise app for my app registration
"ResourceId" = "resourceID" #ID of graph service principal ID in my tenant
"AppRoleId" = "approleID" #ID of the graph role
}
try {
New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId "<same as resource ID in params; Graph api id>" -BodyParameter $params -ErrorAction:Stop
}
catch {
$tmpError = $_.exception
}字符串
1条答案
按热度按时间2guxujil1#
我创建了一个Azure AD应用程序,并授予了**
AppRoleAssignment.ReadWrite.All* 应用程序权限**:的数据
要为Service Principal分配Graph角色,请使用以下PowerShell脚本:
字符串
的
*
Group.Read.AllAPI权限成功分配给服务主体,如下所示:的
resourceId:ID为
00000003-0000-0000-c000-000000000000的应用程序ID的
ServicePrincipalId作为Graph App ID是无效的,你必须传递与principalId相同的ID。型
MgGraph时,分配Application API权限执行操作。参考号:
将appRoleAssignment授予服务主体