1
是否有任何方式(使用PowerShell cmdlet或Graph API)爲Azure Active Directory創建本機應用程序?我正在尋找一種方法來爲我的應用程序自動創建環境如何通過Graph API爲Azure AD創建新的本機應用程序
是否有任何方式(使用PowerShell cmdlet或Graph API)爲Azure Active Directory創建本機應用程序?我正在尋找一種方法來爲我的應用程序自動創建環境如何通過Graph API爲Azure AD創建新的本機應用程序
您可以使用Graph API在您的目錄中創建應用程序。這是PowerShell腳本。
# Adding the AD library to your PowerShell Session.
Add-Type -Path 'C:\Program Files\Microsoft Azure Active Directory Connect\Microsoft.IdentityModel.Clients.ActiveDirectory.dll'
# This is the tenant id of you Azure AD. You can use tenant name instead if you want.
$tenantID = "<your tenant id>"
$authString = "https://login.microsoftonline.com/$tenantID"
# Here, the username must be a user in your organization and with MFA disabled.
# And, it must have permission to create an AD application.
$username = "<your username>"
$password = "<the password of your username>"
# The resource URI for your token.
$resource = "https://graph.windows.net"
# This is the common client id.
$client_id = "1950a258-227b-4e31-a9cf-717495945fc2"
# Create a client credential with the above common client id, username and password.
$creds = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" `
-ArgumentList $username,$password
# Create a authentication context with the above authentication string.
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" `
-ArgumentList $authString
# Acquire access token from server.
$authenticationResult = $authContext.AcquireToken($resource,$client_id,$creds)
# Use the access token to setup headers for your http request.
$authHeader = $authenticationResult.AccessTokenType + " " + $authenticationResult.AccessToken
$headers = @{"Authorization"=$authHeader; "Content-Type"="application/json"}
# Send a request to create a new AD application.
Invoke-RestMethod -Method POST `
-Uri "https://graph.chinacloudapi.cn/$tenantID/applications?api-version=1.6-internal" `
-Headers $headers -InFile ./application.json
如果「Microsoft.IdentityModel.Clients.ActiveDirectory.dll」是在不同的位置,你應該修改的Add-Type
路徑。
在「application.json」中,應該爲應用程序指定參數。這是一個簡單的例子。
{
"odata.type": "Microsoft.DirectoryServices.Application",
"objectType": "Application",
"deletionTimestamp": null,
"allowActAsForAllClients": null,
"appBranding": null,
"appCategory": null,
"appData": null,
"appMetadata": {
"version": 0,
"data": []
},
"appRoles": [],
"availableToOtherTenants": false,
"displayName": "nativeClient",
"encryptedMsiApplicationSecret": null,
"errorUrl": null,
"groupMembershipClaims": null,
"homepage": null,
"identifierUris": [],
"keyCredentials": [],
"knownClientApplications": [],
"logoUrl": null,
"logoutUrl": null,
"oauth2AllowImplicitFlow": false,
"oauth2AllowUrlPathMatching": false,
"oauth2Permissions": [],
"oauth2RequirePostResponse": false,
"passwordCredentials": [],
"publicClient": true,
"recordConsentConditions": null,
"replyUrls": [
"http://www.microsoft.com"
],
"requiredResourceAccess": [
{
"resourceAppId": "00000002-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
"type": "Scope"
}
]
}
],
"samlMetadataUrl": null,
"supportsConvergence": false
}
的「requiredResourceAccess」必須設置酷似上面,否則你的應用程序將無法通過Azure的經典門戶管理。如果您深入瞭解Json文件,您會發現Native Application和Web App Application共享相同的API和屬性。只要您保留大部分字段與上述示例相同,Azure就會爲您創建本機應用程序。但是,當然,您可以修改displayName和replyUrls。