AAD PowerShell v2 Add-MsolRoleMember equivalent

1
votes

I try to switch from the AAD v1 PowerShell Module (MSOnline) to v2.

I can't find an equivalent cmdlet for Add-MsolRoleMember to assign a role to a service principal (not an user). Like:

Add-MsolRoleMember -RoleObjectId 88d8e3e3-8f55-4a1e-953a-9b9898b8876b -RoleMemberObjectId 'MyServicePrincipalObjectId' -RoleMemberType servicePrincipal
1
powershellazureazure-active-directory
New-AzureRmRoleAssignment ?4c74356b41
@4c74356b41 Thats the ARM module, not AAD V2Martin Brandl
ok, i wasn't even aware that exists, how about this one: New-AzureADServiceAppRoleAssignment?4c74356b41

1 Answers

1
votes

It is now called Add-AzureADDirectoryRoleMember.

NAME

Add-AzureADDirectoryRoleMember

SYNOPSIS

Add a member to a directory role

Example:

Add-AzureADDirectoryRoleMember -ObjectId <role id> -RefObjectId <service principal object id>

The command only expects a directory object id, no matter what its documentation says about adding a user to a role.

As noted by @rcabr, you may need to run this first:

Enable-AzureADDirectoryRole -RoleTemplateId 88d8e3e3-8f55-4a1e-953a-9b9898b8876b

You can then use the resulting object id in the next command.

The command I run:

Add-AzureADDirectoryRoleMember -ObjectId afbba7aa-c743-406a-907a-4357c6b13415 -RefObjectId 6e56b47c-4c6e-40f5-aa95-16a0b1cb44fc