cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Looking to run a Powershell update for Azure from a list.

Mike_F_MF
Copper Contributor

‎Jun 04 2021 02:10 PM

‎Jun 04 2021 02:10 PM

Looking to run a Powershell update for Azure from a list.

 

c:\Temp\userlist.csv looks like

user@testdomain.com

user2@testdomain.com

 

 

# Assign the values to the variables
$username = get-content -path "c:\Temp\userlist.csv"
$app_name = "custom_app"
$app_role_name = "custom_role"

ForEach-Object{

# Get the user to assign, and the service principal for the app to assign to
$user = Get-AzureADUser -ObjectId "$username"
$sp = Get-AzureADServicePrincipal -Filter "displayName eq '$app_name'"
$appRole = $sp.AppRoles | Where-Object { $_.DisplayName -eq $app_role_name }

# Assign the user to the app role
New-AzureADUserAppRoleAssignment -ObjectId $user.ObjectId -PrincipalId $user.ObjectId -ResourceId $sp.ObjectId -Id $appRole.Id
}

 

I seem to be having a problem on the "$user" line

 

Get-AzureADUser : Error occurred while executing GetUser
Code: Request_ResourceNotFound
Message: Resource 'user@testdomain.com' does not exist or one of its queried reference-property objects are not present.
RequestId: 489b00fe-2e1c-4864-a859-8072555808b0
DateTimeStamp: Fri, 04 Jun 2021 20:54:09 GMT
HttpStatusCode: NotFound
HttpStatusDescription: Not Found
HttpResponseStatus: Completed
At line:8 char:9
+ $user = Get-AzureADUser -ObjectId "$username"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-AzureADUser], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUser

Labels:
603 Views
0 Likes
1 Reply
Reply
1 Reply
AndySvints

‎Jun 07 2021 04:14 PM

‎Jun 07 2021 04:14 PM

Re: Looking to run a Powershell update for Azure from a list.

Hello @Mike_F_MF,

I think you have a problem in your Foreach-Object statement.
If you want to use ForEach-Object you need to pipe (|) some collection to it.
In your case you can run something like this:

$username | ForEach-Object{

# Get the user to assign, and the service principal for the app to assign to
$user = Get-AzureADUser -ObjectId $_
$sp = Get-AzureADServicePrincipal -Filter "displayName eq '$app_name'"
$appRole = $sp.AppRoles | Where-Object { $_.DisplayName -eq $app_role_name }

# Assign the user to the app role
New-AzureADUserAppRoleAssignment -ObjectId $user.ObjectId -PrincipalId $user.ObjectId -ResourceId $sp.ObjectId -Id $appRole.Id
}

Another option would be to use foreach($item in $Collection){...} :

foreach($u in $username){
# Get the user to assign, and the service principal for the app to assign to
$user = Get-AzureADUser -ObjectId $u
$sp = Get-AzureADServicePrincipal -Filter "displayName eq '$app_name'"
$appRole = $sp.AppRoles | Where-Object { $_.DisplayName -eq $app_role_name }

# Assign the user to the app role
New-AzureADUserAppRoleAssignment -ObjectId $user.ObjectId -PrincipalId $user.ObjectId -ResourceId $sp.ObjectId -Id $appRole.Id
}

Hope that helps.

0 Likes
Reply