Forum Discussion

Joseph Velliah's avatar
Joseph Velliah
MCT
Nov 09, 2018

Granting permissions for MsolServicePrincipal via powershell script sharepoint online

Hi,

I am trying to automate the process of granting access using SharePoint App-Only via PowerShell script. As explained in the micrsoft article its a three step process:

  1. Create principal using appregnew.aspx page
  2. Granting permissions to the newly created principal using appinv.aspx page 
  3. Trust the app 

I am able to create the principal with the below script but I could not find a way to grant permission via powershell script. I need to update the principal with the below permission and trust the app as tenant admin via powershell script. Is it possible to set permission via PowerShell script? 

 

<AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
    <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
    <AppPermissionRequest Scope="http://sharepoint/social/tenant" Right="FullControl" />
</AppPermissionRequests>

 

 

$credential = Get-Credential
$clientID = "a05cdfc7-e777-42bf-a37a-5db5c5c23e6b"
$newclientsecret = "abP1ylR5VAyjbZPt3BRzP/lIIyAUp0IpdMMNQDJ9jOe="
$appName = "Contoso"
$appUrl = "https://contoso.azurewebsites.net/"
$appDomain = "contoso.azurewebsites.net"

$appId = [System.Guid]::Parse($clientID)

$servicePrincipalName = @("$clientID/$appDomain")
$dtStart = [System.DateTime]::Now
$dtEnd = $dtStart.AddYears(3)

Connect-MsolService -Credential $credential

New-MsolServicePrincipal -serviceprincipalnames $serviceprincipalname -appprincipalid $appid -displayname $appname -type symmetric -usage verify -value $newclientsecret -addresses (new-msolserviceprincipaladdresses -address $appurl) -startdate $dtstart  –enddate $dtend
New-MsolServicePrincipalCredential -appprincipalid $appid -type symmetric -usage sign -value $newclientsecret -startdate $dtstart  –enddate $dtend
New-MsolServicePrincipalCredential -appprincipalid $appid -type password -usage verify -value $newclientsecret -startdate $dtstart  –enddate $dtend

 

powershell
SharePoint Online