Looking to run a Powershell update for Azure from a list.

%3CLINGO-SUB%20id%3D%22lingo-sub-2417704%22%20slang%3D%22en-US%22%3ELooking%20to%20run%20a%20Powershell%20update%20for%20Azure%20from%20a%20list.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2417704%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ec%3A%5CTemp%5Cuserlist.csv%20looks%20like%3C%2FP%3E%3CP%3Euser%40testdomain.com%3C%2FP%3E%3CP%3E%3CA%20href%3D%22mailto%3Auser2%40domain.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Euser2%40testdomain.com%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23%20Assign%20the%20values%20to%20the%20variables%3CBR%20%2F%3E%24username%20%3D%20get-content%20-path%20%22c%3A%5CTemp%5Cuserlist.csv%22%3CBR%20%2F%3E%24app_name%20%3D%20%22custom_app%22%3CBR%20%2F%3E%24app_role_name%20%3D%20%22custom_role%22%3C%2FP%3E%3CP%3EForEach-Object%7B%3C%2FP%3E%3CP%3E%23%20Get%20the%20user%20to%20assign%2C%20and%20the%20service%20principal%20for%20the%20app%20to%20assign%20to%3CBR%20%2F%3E%24user%20%3D%20Get-AzureADUser%20-ObjectId%20%22%24username%22%3CBR%20%2F%3E%24sp%20%3D%20Get-AzureADServicePrincipal%20-Filter%20%22displayName%20eq%20'%24app_name'%22%3CBR%20%2F%3E%24appRole%20%3D%20%24sp.AppRoles%20%7C%20Where-Object%20%7B%20%24_.DisplayName%20-eq%20%24app_role_name%20%7D%3C%2FP%3E%3CP%3E%23%20Assign%20the%20user%20to%20the%20app%20role%3CBR%20%2F%3ENew-AzureADUserAppRoleAssignment%20-ObjectId%20%24user.ObjectId%20-PrincipalId%20%24user.ObjectId%20-ResourceId%20%24sp.ObjectId%20-Id%20%24appRole.Id%3CBR%20%2F%3E%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20seem%20to%20be%20having%20a%20problem%20on%20the%20%22%24user%22%20line%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGet-AzureADUser%20%3A%20Error%20occurred%20while%20executing%20GetUser%3CBR%20%2F%3ECode%3A%20Request_ResourceNotFound%3CBR%20%2F%3EMessage%3A%20Resource%20'user%40testdomain.com'%20does%20not%20exist%20or%20one%20of%20its%20queried%20reference-property%20objects%20are%20not%20present.%3CBR%20%2F%3ERequestId%3A%20489b00fe-2e1c-4864-a859-8072555808b0%3CBR%20%2F%3EDateTimeStamp%3A%20Fri%2C%2004%20Jun%202021%2020%3A54%3A09%20GMT%3CBR%20%2F%3EHttpStatusCode%3A%20NotFound%3CBR%20%2F%3EHttpStatusDescription%3A%20Not%20Found%3CBR%20%2F%3EHttpResponseStatus%3A%20Completed%3CBR%20%2F%3EAt%20line%3A8%20char%3A9%3CBR%20%2F%3E%2B%20%24user%20%3D%20Get-AzureADUser%20-ObjectId%20%22%24username%22%3CBR%20%2F%3E%2B%20~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~%3CBR%20%2F%3E%2B%20CategoryInfo%20%3A%20NotSpecified%3A%20(%3A)%20%5BGet-AzureADUser%5D%2C%20ApiException%3CBR%20%2F%3E%2B%20FullyQualifiedErrorId%20%3A%20Microsoft.Open.AzureAD16.Client.ApiException%2CMicrosoft.Open.AzureAD16.PowerShell.GetUser%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2417704%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2424187%22%20slang%3D%22en-US%22%3ERe%3A%20Looking%20to%20run%20a%20Powershell%20update%20for%20Azure%20from%20a%20list.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2424187%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1071483%22%20target%3D%22_blank%22%3E%40Mike_F_MF%3C%2FA%3E%2C%3C%2FP%3E%3CP%3EI%20think%20you%20have%20a%20problem%20in%20your%20%3CSTRONG%3EForeach-Object%3C%2FSTRONG%3E%20statement.%3CBR%20%2F%3EIf%20you%20want%20to%20use%20%3CSTRONG%3EForEach-Object%3C%2FSTRONG%3E%20you%20need%20to%20pipe%26nbsp%3B%3CSTRONG%3E(%7C)%3C%2FSTRONG%3E%20some%20collection%20to%20it.%3CBR%20%2F%3EIn%20your%20case%20you%20can%20run%20something%20like%20this%3A%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3E%24username%20%7C%20ForEach-Object%7B%0A%0A%23%20Get%20the%20user%20to%20assign%2C%20and%20the%20service%20principal%20for%20the%20app%20to%20assign%20to%0A%24user%20%3D%20Get-AzureADUser%20-ObjectId%20%24_%0A%24sp%20%3D%20Get-AzureADServicePrincipal%20-Filter%20%22displayName%20eq%20'%24app_name'%22%0A%24appRole%20%3D%20%24sp.AppRoles%20%7C%20Where-Object%20%7B%20%24_.DisplayName%20-eq%20%24app_role_name%20%7D%0A%0A%23%20Assign%20the%20user%20to%20the%20app%20role%0ANew-AzureADUserAppRoleAssignment%20-ObjectId%20%24user.ObjectId%20-PrincipalId%20%24user.ObjectId%20-ResourceId%20%24sp.ObjectId%20-Id%20%24appRole.Id%0A%7D%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3EAnother%20option%20would%20be%20to%20use%20%3CSTRONG%3Eforeach(%24item%20in%20%24Collection)%7B...%7D%20%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3Eforeach(%24u%20in%20%24username)%7B%0A%23%20Get%20the%20user%20to%20assign%2C%20and%20the%20service%20principal%20for%20the%20app%20to%20assign%20to%0A%24user%20%3D%20Get-AzureADUser%20-ObjectId%20%24u%0A%24sp%20%3D%20Get-AzureADServicePrincipal%20-Filter%20%22displayName%20eq%20'%24app_name'%22%0A%24appRole%20%3D%20%24sp.AppRoles%20%7C%20Where-Object%20%7B%20%24_.DisplayName%20-eq%20%24app_role_name%20%7D%0A%0A%23%20Assign%20the%20user%20to%20the%20app%20role%0ANew-AzureADUserAppRoleAssignment%20-ObjectId%20%24user.ObjectId%20-PrincipalId%20%24user.ObjectId%20-ResourceId%20%24sp.ObjectId%20-Id%20%24appRole.Id%0A%7D%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3EHope%20that%20helps.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Regular Visitor

 

c:\Temp\userlist.csv looks like

user@testdomain.com

user2@testdomain.com

 

 

# Assign the values to the variables
$username = get-content -path "c:\Temp\userlist.csv"
$app_name = "custom_app"
$app_role_name = "custom_role"

ForEach-Object{

# Get the user to assign, and the service principal for the app to assign to
$user = Get-AzureADUser -ObjectId "$username"
$sp = Get-AzureADServicePrincipal -Filter "displayName eq '$app_name'"
$appRole = $sp.AppRoles | Where-Object { $_.DisplayName -eq $app_role_name }

# Assign the user to the app role
New-AzureADUserAppRoleAssignment -ObjectId $user.ObjectId -PrincipalId $user.ObjectId -ResourceId $sp.ObjectId -Id $appRole.Id
}

 

I seem to be having a problem on the "$user" line

 

Get-AzureADUser : Error occurred while executing GetUser
Code: Request_ResourceNotFound
Message: Resource 'user@testdomain.com' does not exist or one of its queried reference-property objects are not present.
RequestId: 489b00fe-2e1c-4864-a859-8072555808b0
DateTimeStamp: Fri, 04 Jun 2021 20:54:09 GMT
HttpStatusCode: NotFound
HttpStatusDescription: Not Found
HttpResponseStatus: Completed
At line:8 char:9
+ $user = Get-AzureADUser -ObjectId "$username"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-AzureADUser], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUser

1 Reply

Hello @Mike_F_MF,

I think you have a problem in your Foreach-Object statement.
If you want to use ForEach-Object you need to pipe (|) some collection to it.
In your case you can run something like this:

$username | ForEach-Object{

# Get the user to assign, and the service principal for the app to assign to
$user = Get-AzureADUser -ObjectId $_
$sp = Get-AzureADServicePrincipal -Filter "displayName eq '$app_name'"
$appRole = $sp.AppRoles | Where-Object { $_.DisplayName -eq $app_role_name }

# Assign the user to the app role
New-AzureADUserAppRoleAssignment -ObjectId $user.ObjectId -PrincipalId $user.ObjectId -ResourceId $sp.ObjectId -Id $appRole.Id
}

Another option would be to use foreach($item in $Collection){...} :

foreach($u in $username){
# Get the user to assign, and the service principal for the app to assign to
$user = Get-AzureADUser -ObjectId $u
$sp = Get-AzureADServicePrincipal -Filter "displayName eq '$app_name'"
$appRole = $sp.AppRoles | Where-Object { $_.DisplayName -eq $app_role_name }

# Assign the user to the app role
New-AzureADUserAppRoleAssignment -ObjectId $user.ObjectId -PrincipalId $user.ObjectId -ResourceId $sp.ObjectId -Id $appRole.Id
}

Hope that helps.