azure 无法通过MS Graph修改组的autoSubscribeNewMembers

8fq7wneg  于 2023-11-21  发布在  其他
关注(0)|答案(1)|浏览(145)

我可以成功地在MS Graph中创建一个组。我试图更新autoSubscribeNewMembers属性,但当我这样做时,我收到一个错误:"User does not have permissions to execute this action."
下面是我使用的代码:

  1. $groupData = @{
  2.         displayName                 = 'TESTGROUPNAME'
  3.         mailNickname                = 'TESTGROUPNAME'
  4.         description                 = 'TESTGROUPNAME'
  5.         visibility                  = 'Private'
  6.         groupTypes                  = @('Unified')
  7.         mailEnabled                 = $true
  8.         securityEnabled             = $true
  9.         "resourceBehaviorOptions"   = @("WelcomeEmailDisabled")
  10.         "[email protected]"         = @('https://graph.microsoft.com/beta/users/<USERID>')
  12. $newGroup   = Invoke-MgGraphRequest `
  13.     -Uri 'https://graph.microsoft.com/beta/groups' `
  14.     -Body $groupData `
  15.     -Method POST
  17. $updatePayload = @{autoSubscribeNewMembers=$true}
  18. $response   = Invoke-MgGraphRequest                                             `
  19.     -Uri        ('https://graph.microsoft.com/v1.0/groups/{0}' -f $newGroup.Id) `
  20.     -Method     PATCH                                                           `
  21.     -Body       $updatePayload                                                  `
  22.     -OutputType HttpResponseMessage

字符串
在这一点上,我得到了描述的错误。
我已确认该应用程序确实具有所需的权限:


的数据
有谁能给我点建议吗?谢谢大家。

Azure

1条答案

按热度按时间
83qze16e

83qze16e1#

如本MS文档中所述,更新autoSubscribeNewMembers仅支持**Delegated权限。
当您在连接MS Graph时使用基于证书的身份验证时,它使用应用程序类型的权限(仅应用程序访问),无法用于更新autoSubscribeNewMembers
我注册了一个Azure AD应用程序,并授予了类似的API权限**,如下所示:


的数据
当我通过连接MS Graph与证书在我的环境中运行您的代码时,创建了新组,但更新autoSubscribeNewMembers属性失败,并出现相同的错误如下:

  1. Connect-MgGraph  -TenantId "tenantId" -ClientId "appId" -CertificateThumbprint "xxxxxxxxxxxxxx" -NoWelcome
  3. $groupData = @{
  4.         displayName                 = 'SRITESTGROUP'
  5.         mailNickname                = 'SRITESTGROUP'
  6.         description                 = 'SRITESTGROUP'
  7.         visibility                  = 'Private'
  8.         groupTypes                  = @('Unified')
  9.         mailEnabled                 = $true
  10.         securityEnabled             = $true
  11.         "resourceBehaviorOptions"   = @("WelcomeEmailDisabled")
  12.         "[email protected]"         = @('https://graph.microsoft.com/beta/users/userId')
  13.         }
  15. $newGroup   = Invoke-MgGraphRequest `
  16.     -Uri 'https://graph.microsoft.com/beta/groups' `
  17.     -Body $groupData `
  18.     -Method POST
  20. Start-Sleep -Seconds 30
  22. $updatePayload = @{autoSubscribeNewMembers=$true}
  23. $response   = Invoke-MgGraphRequest                                             `
  24.     -Uri        ('https://graph.microsoft.com/v1.0/groups/{0}' -f $newGroup.Id) `
  25.     -Method     PATCH                                                           `
  26.     -Body       $updatePayload                                                  `
  27.     -OutputType HttpResponseMessage

字符串

回复:



解决错误,您需要使用交互式流连接使用Delegated权限的MS Graph。
在我的例子中,我运行了下面的命令,并以用户身份使用委派访问权限连接到MS Graph:

  1. Disconnect-MgGraph
  2. Connect-MgGraph -Scopes Group.ReadWrite.All



现在再次运行代码,new group成功创建并更新了autoSubscribeNewMembers属性,如下所示:

  1. $groupData = @{
  2.         displayName                 = 'TESTGROUPSRI'
  3.         mailNickname                = 'TESTGROUPSRI'
  4.         description                 = 'TESTGROUPSRI'
  5.         visibility                  = 'Private'
  6.         groupTypes                  = @('Unified')
  7.         mailEnabled                 = $true
  8.         securityEnabled             = $true
  9.         "resourceBehaviorOptions"   = @("WelcomeEmailDisabled")
  10.         "[email protected]"         = @('https://graph.microsoft.com/beta/users/userId')
  11.         }
  13. $newGroup   = Invoke-MgGraphRequest `
  14.     -Uri 'https://graph.microsoft.com/beta/groups' `
  15.     -Body $groupData `
  16.     -Method POST
  18. Start-Sleep -Seconds 30
  20. $updatePayload = @{autoSubscribeNewMembers=$true}
  21. $response   = Invoke-MgGraphRequest                                             `
  22.     -Uri        ('https://graph.microsoft.com/v1.0/groups/{0}' -f $newGroup.Id) `
  23.     -Method     PATCH                                                           `
  24.     -Body       $updatePayload                                                  `
  25.     -OutputType HttpResponseMessage

回复:



为了确认,我运行下面的命令,其中autoSubscribeNewMembers属性为true,如下所示:

  1. Import-Module Microsoft.Graph.Groups
  2. Get-MgGroup -GroupId $newGroup.Id -Property "displayName,autoSubscribeNewMembers" | Select-Object displayName,autoSubscribeNewMembers

回复:


展开查看全部
赞(0)分享  回复(0)举报  2023-11-21
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com