Azure AD - 将服务主体启用为应用程序管理员 [英] Azure AD - enable the service principal as a an application administrator
本文介绍了Azure AD - 将服务主体启用为应用程序管理员的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想知道如何在 Azure AD 中拥有一个 ServicePrincipal,它能够更改不属于它的应用注册,例如删除应用或旋转其键.有人告诉我,如果 SP 具有应用程序管理员"角色,那么它应该有足够的权限来执行此操作.
I'd like to know how to have a ServicePrincipal in Azure AD that will be able to alter app registrations that it doesn't own, like remove an app or rotate its keys. I was told that if SP has "Application administrator" role then it should have enough permissions to do so.
那么我怎样才能在 Powershell 中实现这一点呢?
So how would I be able to achieve this in Powershell?
推荐答案
我想你正在寻找 Add-AzureADDirectoryRoleMember
PowerShell cmdlet.
I think you are looking for the Add-AzureADDirectoryRoleMember
PowerShell cmdlet.
这是一个例子:
# Fetch role instance
$role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Application Administrator'}
# If role instance does not exist, instantiate it based on the role template
if ($role -eq $null) {
# Instantiate an instance of the role template
$roleTemplate = Get-AzureADDirectoryRoleTemplate | Where-Object {$_.displayName -eq 'Application Administrator'}
Enable-AzureADDirectoryRole -RoleTemplateId $roleTemplate.ObjectId
# Fetch role
$role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Application Administrator'}
}
# Add the SP to role
Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId <ObjectID of your SP>
这篇关于Azure AD - 将服务主体启用为应用程序管理员的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文