是否通过API将用户添加到Exchange管理员角色组? [英] Adding users to Exchange admin role groups via API?

问题描述

是否可以通过API将用户/成员添加到Exchange管理员角色组?等效的PowerShell cmdlet将为 添加- RoleGroupMember ，我要添加到的特定组是

Is it possible to add users/members to Exchange admin role groups via an API? The equivalent PowerShell cmdlet would be Add-RoleGroupMember and the specific group I wish to add to is View-only Organization Management.

Microsoft Graph的终结点为添加到目录角色，但是我似乎找不到我的租户的DirectoryRoles或DirectoryRoleTemplates中列出的仅查看组织管理"组，因此我怀疑MS Graph无法访问这些Exchange角色组.围绕Outlook API的戳戳也没有以用户/成员函数的形式显示太多.

Microsoft Graph has an endpoint to add to directory roles, however I can't seem to find a "View-only Organization Management" group listed in my tenant's DirectoryRoles or DirectoryRoleTemplates, so I suspect MS Graph hasn't got access to these Exchange role groups. Poking around the Outlook API has not revealed much in the form of user/member functions either.

进一步的戳记添加了额外的信息

我运行了此PowerShell cmdlet:

I ran this PowerShell cmdlet:

Add-RoleGroupMember -identity" 仅查看组织管理 " 成员"user@domain.onmicrosoft.com"

Add-RoleGroupMember -identity "View-only Organization Management" -member "user@domain.onmicrosoft.com"

然后跑了

Get-RoleGroupMember-身份仅查看组织管理"

Get-RoleGroupMember -identity "View-Only Organization Management"

确认实际上已将用户添加到其中.然后，我运行了以下MS Graph调用:

To confirm that the user was in fact added to it. I then ran the following MS Graph call:

获取 https://graph.microsoft. com/v1.0/users/user@domain.onmicrosoft.com/memberOf

它返回了zip:

{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects",
  "value": []
}

因此，它看起来像这样的特定 只读组织管理 角色组无法通过MS Graph访问?还有其他允许我添加到此roleGroup的API吗?

So it looks like this particular View-only Organization Management roleGroup is not accessible via MS Graph? Are there any other APIs that would allow me to add to this roleGroup?

推荐答案

所以 https://graph.microsoft.com/v1.0/directoryRoleTemplates 列出了可以设置的可用的即用型目录"角色.我将Directory用引号引起来，因为这些角色要做包括Exchange，SharePoint和Skype服务管理员(以及其他角色).这里要注意的是，一开始只有隐式"用户角色和公司管理员"角色可用.如果您希望其他人显示并使用它们，则需要启用/激活其他人.此处描述: https://graph .microsoft.io/en-us/docs/api-reference/v1.0/resources/directoryrole . 激活"Exchange Service Admin"角色后，您应该可以使用

So https://graph.microsoft.com/v1.0/directoryRoleTemplates lists the available out-of-the-box "Directory" roles that you can set. I put Directory in quotes, because these roles do include Exchange, SharePoint and Skype service admins (as well as other roles). The thing to note here is that only the "implicit" user role and the Company Administrator role are available from the get go. The others need to be enabled/activated if you want them to show up and use them. This is described here: https://graph.microsoft.io/en-us/docs/api-reference/v1.0/resources/directoryrole. Once you've activated the "Exchange Service Admin" role, you should be able to assign users to this role using https://graph.microsoft.io/en-us/docs/api-reference/v1.0/api/directoryrole_post_members.

如果要使用Azure AD PowerShell，此功能也可用.您可以在此处找到有关V2 Azure AD PowerShell https://docs的信息. microsoft.com/en-us/powershell/azuread/v2/azureactivedirectory .在搜索类型"DirectoryRole"中，您将找到所有DirectoryRole cmdlet.

If you are looking to use Azure AD PowerShell, this capability is ALSO available. You can find info here for V2 Azure AD PowerShell https://docs.microsoft.com/en-us/powershell/azuread/v2/azureactivedirectory. In the search type "DirectoryRole" and you'll find all the DirectoryRole cmdlets.

这篇关于是否通过API将用户添加到Exchange管理员角色组?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！