如何使用PowerShell为Azure-AD设备对象添加扩展属性? [英] How to add Extension Properties for Azure-AD Device Objects using PowerShell?

问题描述

我想使用Power-Shell为Azure AD中的设备对象添加扩展属性.我进行了很多搜索，但仅找到了用户对象的示例.我编写了脚本并成功地为用户对象编写了脚本，但无法为设备设置扩展属性.

I want to add extension properties for device objects in Azure AD using Power-Shell. I have search a lot but found examples for only User objects.I have written a script and its successful for User Objects but am not be able to set extension properties for Device.

命令 Set-AzureADUserExtension

对于用户存在，但对于设备而言，没有这样的命令，例如

exists for User but for devices, there is no such commands e.g

Set-AzureADDeviceExtension

(不存在像这样的命令).谁能帮助我实现此目的?如何设置设备对象的扩展属性?我想实现这样的目标:

(there is no command exists like it). Can anyone help me how to achieve this?How can i set extension properties for Device Objects? I want to achieve something like this:

New-AzureADApplicationExtensionProperty -ObjectId $MyApp -Name "MyNewProperty" -DataType "String" -TargetObjects "Device";

Set-AzureADDeviceExtension -ObjectId $deviceId -ExtensionName "extension_0380f0f700c040b5aa577c9268940b53_MyNewProperty" -ExtensionValue "MyNewValue";

推荐答案

我一直在寻找完全一样的东西，但那时和今天都没有找到任何东西.我必须使用Microsoft Graph API向设备对象添加新的扩展.咨询也一样.

I was looking for exactly the same and I did not find anything then and today either. I had to use the Microsoft Graph API to add new extensions to the device object. The same for consulting.

Install-Module AzureAD
or
Import-Module AzureAD

步骤2:搜索对象并保存ObjectID.

$ObjectID = (Get-AzureADDevice -SearchString 'Object-Name').ObjectId

注意:请求中的"id"是设备的"id"属性，而不是"deviceId"属性.

Note: The "id" in the request is the "id" property of the device, not the "deviceId" property.

步骤3:创建应用

https://portal.azure.com - Azure Active Directory - App registrations - New registration

• 名称:YourAppName

  • Name: YourAppName

    支持的帐户类型:仅此组织目录中的帐户(默认目录)

    Supported account types: Accounts in this organizational directory only (Default Directory)

    重定向URI:(WEB) https://login.microsoftonline.com/common/oauth2/nativeclient

    Redirect URI: (WEB) https://login.microsoftonline.com/common/oauth2/nativeclient

    https://portal.azure.com - Azure Active Directory - App registrations - YourAppName
    

    1. 证书和机密-新的客户机密

    1. Certificates & secrets - New client secret

    • 保存客户机密值

    API权限-添加权限-Microsoft Graph-委派权限

    API permissions - Add a permission - Microsoft Graph - Delegated permissions

    • Directory.AccessAsUser.All

    步骤5:获取访问令牌

    ## Directory.AccessAsUser.All : Minimun privilege for Get, add, update and delete extensions. (https://docs.microsoft.com/en-us/graph/api/opentypeextension-post-opentypeextension?view=graph-rest-1.0)
    $scopes = "Directory.AccessAsUser.All"
    $redirectURL = "https://login.microsoftonline.com/common/oauth2/nativeclient"
    
    $clientID = "YourAppIdClient"
    
    $clientSecret = [System.Web.HttpUtility]::UrlEncode("YourAppClientSecret")
    
    $authorizeUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
    
    $requestUrl = $authorizeUrl + "?scope=$scopes"
    $requestUrl += "&response_type=code"
    $requestUrl += "&client_id=$clientID"
    $requestUrl += "&redirect_uri=$redirectURL"
    $requestUrl += "&response_mode=query"   
    
    Write-Host
    Write-Host "Copy the following URL and paste the following into your browser:"
    Write-Host
    Write-Host $requestUrl -ForegroundColor Cyan
    Write-Host
    Write-Host "Copy the code querystring value from the browser and paste it below."
    Write-Host
    $code = Read-Host -Prompt "Enter the code"
    
    $body = "client_id=$clientID&client_secret=$clientSecret&scope=$scopes&grant_type=authorization_code&code=$code&redirect_uri=$redirectURL"
    
    $tokenUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/token"
    
    $response = Invoke-RestMethod -Method Post -Uri $tokenUrl -Headers @{"Content-Type" = "application/x-www-form-urlencoded"} -Body $body
    
    $token = $response.access_token
    

    获取扩展设备

    $apiUrl = 'https://graph.microsoft.com/v1.0/devices/<ID-Object>/extensions'   ## change <ID-Object> for your ObjectID.
    (https://docs.microsoft.com/en-us/graph/api/device-get?view=graph-rest-1.0&tabs=cs)
    $Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $accessToken"} -Uri $apiUrl -Method Get
    $Data.Value | fl
    

    添加扩展设备

    $apiUrl = 'https://graph.microsoft.com/v1.0/devices/<ID-Object>/extensions'
    $body = '{
      "@odata.type": "microsoft.graph.openTypeExtension",
      "id": "test.extension",
      "name_extension": "example"
      }'
    Invoke-RestMethod -Headers @{Authorization = "Bearer $token"; "Content-type" = "application/json"} -Uri $apiUrl -Method Post -Body $body
    

    更新扩展设备

    ## Actualizar datos de una extensión
    $apiUrl = 'https://graph.microsoft.com/v1.0/devices/<ID-Object>/extensions/test.extension' ## Extension ID to update
    $body = '{
      "@odata.type": "microsoft.graph.openTypeExtension",
      "id": "test.extension",
      "name_extension": "new_value"
      }'
    Invoke-RestMethod -Headers @{Authorization = "Bearer $token"; "Content-type" = "application/json"} -Uri $apiUrl -Method Patch -Body $body
    

    删除扩展设备

    $apiUrl = 'https://graph.microsoft.com/v1.0/devices/<ID-Object>/extensions/test.extension'
    Invoke-RestMethod -Headers @{Authorization = "Bearer $token"; "Content-type" = "application/json"} -Uri $apiUrl -Method Delete
    

    这篇关于如何使用PowerShell为Azure-AD设备对象添加扩展属性?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！