Update readme.md
This commit is contained in:
Родитель
c20ad01a69
Коммит
5453ed1b17
|
@ -30,11 +30,19 @@ $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid
|
|||
|
||||
$GraphAppId = "00000003-0000-0000-c000-000000000000"
|
||||
$PermissionName = "User.ReadWrite.All"
|
||||
$roleName="Password Administrator"
|
||||
|
||||
$GraphServicePrincipal = Get-AzureADServicePrincipal -Filter "appId eq '$GraphAppId'"
|
||||
$AppRole = $GraphServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains "Application"}
|
||||
New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId `
|
||||
-ResourceId $GraphServicePrincipal.ObjectId -Id $AppRole.Id
|
||||
$role = Get-AzureADDirectoryRole | Where {$_.displayName -eq $roleName}
|
||||
if ($role -eq $null) {
|
||||
$roleTemplate = Get-AzureADDirectoryRoleTemplate | Where {$_.displayName -eq $roleName}
|
||||
Enable-AzureADDirectoryRole -RoleTemplateId $roleTemplate.ObjectId
|
||||
$role = Get-AzureADDirectoryRole | Where {$_.displayName -eq $roleName}
|
||||
}
|
||||
Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $MI.ObjectID
|
||||
```
|
||||
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче