时间戳

首页 > 解决方案 > 如何使用 PowerShell 为 Azure-AD 设备对象添加扩展属性?

azure - 如何使用 PowerShell 为 Azure-AD 设备对象添加扩展属性?

问题描述

我想使用 Power-Shell 在 Azure AD 中添加设备对象的扩展属性。我进行了很多搜索,但只找到了用户对象的示例。我已经编写了一个脚本,并且它成功地用于用户对象,但无法为设备设置扩展属性。

一个命令Set-AzureADUserExtension

存在于用户但对于设备,没有这样的命令,例如

Set-AzureADDeviceExtension

(没有类似的命令存在)。谁能帮我实现这一点?如何设置设备对象的扩展属性?我想实现这样的目标:

New-AzureADApplicationExtensionProperty -ObjectId $MyApp -Name "MyNewProperty" -DataType "String" -TargetObjects "Device";

Set-AzureADDeviceExtension -ObjectId $deviceId -ExtensionName "extension_0380f0f700c040b5aa577c9268940b53_MyNewProperty" -ExtensionValue "MyNewValue";

标签: azurepowershellazure-active-directoryazure-ad-powershell-v2

解决方案

我一直在寻找完全相同的东西,当时和今天我也没有找到任何东西。我不得不使用 Microsoft Graph API 向设备对象添加新的扩展。咨询也是一样。

步骤 1:安装或导入 azure 模块。

Install-Module AzureAD
or
Import-Module AzureAD

第 2 步:搜索 Object 并保存 ObjectID。

$ObjectID = (Get-AzureADDevice -SearchString 'Object-Name').ObjectId

注意:请求中的“id”是设备的“id”属性,而不是“deviceId”属性。

第 3 步:创建应用程序

https://portal.azure.com - Azure Active Directory - App registrations - New registration

第 4 步:配置应用程序

https://portal.azure.com - Azure Active Directory - App registrations - YourAppName

  1. 证书和机密 - 新的客户端机密

    • 保存客户端密码值

  2. API 权限 - 添加权限 - Microsoft Graph - 委派权限

    • Directory.AccessAsUser.All

第 5 步:获取 access_token

## Directory.AccessAsUser.All : Minimun privilege for Get, add, update and delete extensions. (https://docs.microsoft.com/en-us/graph/api/opentypeextension-post-opentypeextension?view=graph-rest-1.0)
$scopes = "Directory.AccessAsUser.All"
$redirectURL = "https://login.microsoftonline.com/common/oauth2/nativeclient"

$clientID = "YourAppIdClient"

$clientSecret = [System.Web.HttpUtility]::UrlEncode("YourAppClientSecret")

$authorizeUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"

$requestUrl = $authorizeUrl + "?scope=$scopes"
$requestUrl += "&response_type=code"
$requestUrl += "&client_id=$clientID"
$requestUrl += "&redirect_uri=$redirectURL"
$requestUrl += "&response_mode=query"   

Write-Host
Write-Host "Copy the following URL and paste the following into your browser:"
Write-Host
Write-Host $requestUrl -ForegroundColor Cyan
Write-Host
Write-Host "Copy the code querystring value from the browser and paste it below."
Write-Host
$code = Read-Host -Prompt "Enter the code"

$body = "client_id=$clientID&client_secret=$clientSecret&scope=$scopes&grant_type=authorization_code&code=$code&redirect_uri=$redirectURL"

$tokenUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/token"

$response = Invoke-RestMethod -Method Post -Uri $tokenUrl -Headers @{"Content-Type" = "application/x-www-form-urlencoded"} -Body $body

$token = $response.access_token

获取扩展设备

$apiUrl = 'https://graph.microsoft.com/v1.0/devices/<ID-Object>/extensions'   ## change <ID-Object> for your ObjectID.
(https://docs.microsoft.com/en-us/graph/api/device-get?view=graph-rest-1.0&tabs=cs)
$Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $accessToken"} -Uri $apiUrl -Method Get
$Data.Value | fl

添加扩展设备

$apiUrl = 'https://graph.microsoft.com/v1.0/devices/<ID-Object>/extensions'
$body = '{
  "@odata.type": "microsoft.graph.openTypeExtension",
  "id": "test.extension",
  "name_extension": "example"
  }'
Invoke-RestMethod -Headers @{Authorization = "Bearer $token"; "Content-type" = "application/json"} -Uri $apiUrl -Method Post -Body $body

更新扩展设备

## Actualizar datos de una extensión
$apiUrl = 'https://graph.microsoft.com/v1.0/devices/<ID-Object>/extensions/test.extension' ## Extension ID to update
$body = '{
  "@odata.type": "microsoft.graph.openTypeExtension",
  "id": "test.extension",
  "name_extension": "new_value"
  }'
Invoke-RestMethod -Headers @{Authorization = "Bearer $token"; "Content-type" = "application/json"} -Uri $apiUrl -Method Patch -Body $body

删除扩展设备

$apiUrl = 'https://graph.microsoft.com/v1.0/devices/<ID-Object>/extensions/test.extension'
Invoke-RestMethod -Headers @{Authorization = "Bearer $token"; "Content-type" = "application/json"} -Uri $apiUrl -Method Delete

推荐阅读