Azure AD - enable the service principal as a an ap

2019-02-19 19:00发布

I'd like to know how to have a ServicePrincipal in Azure AD that will be able to alter app registrations that it doesn't own, like remove an app or rotate its keys. I was told that if SP has "Application administrator" role then it should have enough permissions to do so.

So how would I be able to achieve this in Powershell?

标签： powershell azure azure-active-directory azure-powershell

1条回答

beautiful°

2楼-- · 2019-02-19 19:20

I think you are looking for the Add-AzureADDirectoryRoleMember PowerShell cmdlet.

Here is an example:

# Fetch role instance
$role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Application Administrator'}

# If role instance does not exist, instantiate it based on the role template
if ($role -eq $null) {
    # Instantiate an instance of the role template
    $roleTemplate = Get-AzureADDirectoryRoleTemplate | Where-Object {$_.displayName -eq 'Application Administrator'}
    Enable-AzureADDirectoryRole -RoleTemplateId $roleTemplate.ObjectId

    # Fetch role
    $role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Application Administrator'}
}

# Add the SP to role
Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId  -RefObjectId <ObjectID of your SP>

0人赞添加讨论(0) 举报

Azure AD - enable the service principal as a an ap

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间