如何将所有者添加到 Azure AD 中的注册应用程序 [英] How to add an Owner to Registered Application in Azure AD

问题描述

我们的 Azure Active Directory 中有一个注册应用程序"，但是，旧所有者已从我们的帐户中删除(他离开了公司).

We have a "Registered Application" in our Azure Active Directory, however, the old owner has been deleted from our account (he left the company).

不幸的是，我们无法恢复用户，而且公司中没有人可以管理该应用程序，因为它不再拥有所有者.

Unfortunately, we can't restore the user, and no one in the company can manage the application because it doesn't have an owner anymore.

虽然我们可以在企业应用"中看到应用，但在应用注册"中却看不到，也无法添加新密钥等

Although we can see the application in "Enterprise Applications", we can't see it in "App Registrations", and we can't add new keys, etc.

有没有办法通过 Powershell 或任何其他界面向此应用程序添加新所有者，以便我们可以再次使用它?

Is there a way, through Powershell, or any other interface, to add a new owner to this application so that we can use it again?

推荐答案

在评论中讨论后，我们发现该应用实际上是在另一个目录中注册的多租户应用.

After a discussion in the comments, we discovered the app is actually a multi-tenant app registered in another directory.

这就是它只出现在企业应用程序下的原因.当您在目录中启用多租户应用程序时，在那里创建了一个服务主体(企业应用程序).应用程序(所有者在其中注册)保留在其注册的原始目录中.

That's why it only showed up under Enterprise applications. When you enable a multi-tenant application in a directory, a Service Principal (Enterprise application) is created in there. The Application (where owners are registered) remains in the original directory where it was registered.

如果您是全局管理员，则可以看到该应用.

If you are a Global Admin, you can see the app.

您需要确保在应用注册"标签上选择所有应用.

You need to make sure you select All apps on the App registrations tab.

或者，您可以使用 Azure AD PowerShell cmdlet 添加所有者:https://www.powershellgallery.com/packages/AzureAD/2.0.1.3

As an alternative, you can add an owner by using Azure AD PowerShell cmdlets: https://www.powershellgallery.com/packages/AzureAD/2.0.1.3

Connect-AzureAD
Add-AzureADApplicationOwner -ObjectId 3ddd22e7-a150-4bb3-b100-e410dea1cb84 -RefObjectId c13dd34a-492b-4561-b171-40fcce2916c5

ObjectId 应该是应用程序的对象ID，可以通过Get-AzureADApplication 列出应用程序来获取.第二个参数 RefObjectId 应该是您要添加的用户的对象 ID.您应该能够从门户或使用 Get-AzureADUser 获取该信息.

ObjectId should be the object id of the application, you can get it by listing the applications with Get-AzureADApplication. The second parameter, RefObjectId should be the object id of the user you want to add. You should be able to get that from the portal, or with Get-AzureADUser.

这篇关于如何将所有者添加到 Azure AD 中的注册应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！