通過Power Shell向Azure ActiveDirectory用戶添加擴展屬性

Question

我登錄到爲創建測試而創建的Azure AD。我試圖擴展屬性添加到用戶：

我第一次添加的擴展型到我的應用程序： 命令：

New-AzureADApplicationExtensionProperty -ObjectID 513aba62-4610-44ef-8be2-5a5e99a5e6bd -DataType "string" -Name "organisationId" 

結果：

extension_d939d34ab3f34f5dbb6e4e5c35e5787a_organisationId 

的ObjectId應用：513aba62-4610- 44ef-8be2-5a5e99a5e6bd

然後我檢索擴展屬性的ID： 命令：

Get-AzureADApplicationExtensionProperty -ObjectId 513aba62-4610-44ef-8be2-5a5e99a5e6bd 

現在我想在本擴展活動目錄添加到我的第一個用戶：

$User = Get-AzureADUser -Top 1 
Set-AzureADUserExtension -ObjectId $User.ObjectId -ExtensionName extension_d939d34ab3f34f5dbb6e4e5c35e5787a_organisationId -ExtensionValue "12345" 

錯誤：

Set-AzureADUserExtension : Error occurred while executing SetUser 
Code: Request_BadRequest Message: The following extension properties 
are not available for the given resource: 
extension_d939d34ab3f34f5dbb6e4e5c35e5787a_organisationId. RequestId: 
2cbeff0f-5b91-478a-8c64-586a4d23e4c5 DateTimeStamp: Wed, 14 Jun 2017 
13:49:02 GMT HttpStatusCode: BadRequest HttpStatusDescription: Bad 
Request HttpResponseStatus: Completed At line:2 char:1 
+ Set-AzureADUserExtension -ObjectId $User.ObjectId -ExtensionName exte ... 
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : NotSpecified: (:) [Set-AzureADUserExtension], ApiException 
    + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD.Graph.PowerShell.Custom.SetAzureADUserExtension 

我使用這些文檔： https://docs.microsoft.com/en-us/powershell/module/azuread/set-azureaduserextension?view=azureadps-2.0

Answer 1

目前，我們無法使用PowerShell將擴展特性添加到Azure AD用戶。 New-AzureADApplicationExtensionProperty創建擴展屬性不適合用戶，我們可以使用PowerShell命令Get-AzureADUser來檢查它。

PS C:\Users\v-jianye> $d = get-azureaduser -ObjectId 65120ec5-3be1-4365-9d1c-b190414a830f 
PS C:\Users\v-jianye> $d.ExtensionProperty 

Key       Value 
---       ----- 
odata.metadata    https://graph.windows.net/5b47c786-9ca0-4347-9ec8-06590cad075f/$metadata#directoryObjects/Microsoft.DirectoryServices.User/@Element 
odata.type     Microsoft.DirectoryServices.User 
deletionTimestamp 
facsimileTelephoneNumber 
onPremisesDistinguishedName 

PS C:\Users\v-jianye> $c = get-azureaduser -ObjectId 9821a55c-c4c1-46dd-8471-5f99ee8e7c0d 
PS C:\Users\v-jianye> $c.ExtensionProperty 

Key                Value 
---                ----- 
odata.metadata             https://graph.windows.net/5b47c786-9ca0-4347-9ec8-06590cad075f/$metadata#directoryObjects/Microsoft.DirectoryServices.User/@Element 
odata.type              Microsoft.DirectoryServices.User 
deletionTimestamp 
facsimileTelephoneNumber 
onPremisesDistinguishedName 
extension_70e35fde0e05483aa8ace7c8c6d3fb93_whenCreated@odata.type Edm.DateTime 
extension_70e35fde0e05483aa8ace7c8c6d3fb93_whenCreated   12/6/2016 4:06:34 AM 

微軟提供了兩種自定義數據添加到使用擴展的資源，他們是開放擴展和架構擴展。
有關創建開放式擴展的詳細信息，請參閱此link。

Answer 2

我遇到了同樣的問題。 對於我來說，爲應用程序創建一個AzureAD服務主體似乎解決了這個問題。

# CREATE A NEW APP AND SERVICE PRINCIPAL 
$MyApp = (New-AzureADApplication -DisplayName "YourNewAppName" -IdentifierUris "https://dummy").ObjectId 
New-AzureADServicePrincipal -AppId (Get-AzureADApplication -SearchString "YourNewAppName").AppId 

# CREATE A NEW EXTENSION PROPERTY IN THE APP 
New-AzureADApplicationExtensionProperty -ObjectId $MyApp -Name "YourPropertyName" -DataType "String" -TargetObjects "User" 

# ADD THE NEW EXTENSION PROPERTY WITH A VALUE TO A USER 
$aadUser = Get-AzureADUser -ObjectId youruser@yourdomain.com 
Set-AzureADUserExtension -ObjectId $aadUser.ObjectId -ExtensionName "yourExtensionNameReturnedAbove" -ExtensionValue "YourPropertyValue" 

參見：MS PowerShell AzureAD Extension Attributes Sample