powershell - 通过 Powershell 将扩展属性添加到 Azure Active Directory 用户

Question

我已登录到为测试而创建的 Azure AD。我正在尝试向用户添加扩展属性:

我首先向我的应用程序添加了扩展类型:命令:

New-AzureADApplicationExtensionProperty -ObjectID 513aba62-4610-44ef-8be2-5a5e99a5e6bd -DataType "string" -Name "organisationId"

结果:

extension_d939d34ab3f34f5dbb6e4e5c35e5787a_organisationId

应用程序的ObjectId:513aba62-4610-44ef-8be2-5a5e99a5e6bd

然后我检索了扩展属性的 id:命令:

Get-AzureADApplicationExtensionProperty -ObjectId 513aba62-4610-44ef-8be2-5a5e99a5e6bd

现在我尝试将此扩展添加到事件目录中的第一个用户:

$User = Get-AzureADUser -Top 1
Set-AzureADUserExtension -ObjectId $User.ObjectId -ExtensionName extension_d939d34ab3f34f5dbb6e4e5c35e5787a_organisationId -ExtensionValue "12345"

错误:

Set-AzureADUserExtension : Error occurred while executing SetUser 
Code: Request_BadRequest Message: The following extension properties
are not available for the given resource:
extension_d939d34ab3f34f5dbb6e4e5c35e5787a_organisationId. RequestId:
2cbeff0f-5b91-478a-8c64-586a4d23e4c5 DateTimeStamp: Wed, 14 Jun 2017
13:49:02 GMT HttpStatusCode: BadRequest HttpStatusDescription: Bad
Request HttpResponseStatus: Completed At line:2 char:1
+ Set-AzureADUserExtension -ObjectId $User.ObjectId -ExtensionName exte ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : NotSpecified: (:) [Set-AzureADUserExtension], ApiException
     + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD.Graph.PowerShell.Custom.SetAzureADUserExtension

我正在使用这些文档: https://learn.microsoft.com/en-us/powershell/module/azuread/set-azureaduserextension?view=azureadps-2.0

Answer 1

我也遇到了同样的问题。对我来说，为应用程序创建 AzureAD 服务主体似乎可以解决问题。

# CREATE A NEW APP AND SERVICE PRINCIPAL
$MyApp = (New-AzureADApplication -DisplayName "YourNewAppName" -IdentifierUris "https://dummy").ObjectId 
New-AzureADServicePrincipal -AppId (Get-AzureADApplication -SearchString "YourNewAppName").AppId 

# CREATE A NEW EXTENSION PROPERTY IN THE APP
New-AzureADApplicationExtensionProperty -ObjectId $MyApp -Name "YourPropertyName" -DataType "String" -TargetObjects "User" 

# ADD THE NEW EXTENSION PROPERTY WITH A VALUE TO A USER
$aadUser = Get-AzureADUser -ObjectId <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ee97819b9c9b9d8b9cae97819b9c8a81838f8780c08d8183" rel="noreferrer noopener nofollow">[email protected]</a>
Set-AzureADUserExtension -ObjectId $aadUser.ObjectId -ExtensionName "yourExtensionNameReturnedAbove" -ExtensionValue "YourPropertyValue" 

参见:MS PowerShell AzureAD Extension Attributes Sample