0

I have windows powershell 5.1 script block like the following that successfully retrieves appRoles and oauth2permissions.

import-module -name AzureAD
if ($null -eq $mycredentials) { $mycredentials = Get-Credential }
$azConnectionContext = Connect-AzureAD -Credential $mycredentials
# $svp = Get-AzureADServicePrincipal -Filter "DisplayName -eq 'Microsoft Graph' } # not working, why ???
$svp = Get-AzureADServicePrincipal -All $true | ? { $_.DisplayName -eq 'Microsoft Graph }
$appRoles = $svp.AppRoles; $oauth2permissions = $svp.Oauth2Permissions

I'm trying to convert to powershell core 7 script block like the following and i'm unable to retrive appRoles and oauth2permissions because the PSADServicePrincipal type doesn't expose those properties.

import-module -name Az.Accounts
$azConnectionContext = Connect-AzAccount 
$svp = Get-AzADServicePrincipal -DisplayName 'Microsoft Graph' }
$appRoles = $svp.AppRoles; $oauth2permissions = $svp.Oauth2Permissions  # both of these fail

Question - anyone know how i get at azure ad service principal appRoles and oauth2permissions using powershell core 7.0.3 apis and types?

myusrn
  • 1,050
  • 2
  • 15
  • 29

2 Answers2

2

Instead of:
$svp.AppRoles;

Use:
$svp.AppRole;

$svp.Oauth2Permissions should work. Type should be Microsoft.Azure.PowerShell.Cmdlets.Resources.Models.Api16.OAuth2Permission.

AlfredoRevilla-MSFT
  • 3,171
  • 1
  • 12
  • 18
  • 1
    Try with [Az.Resources 4.0.2 preview.](https://www.powershellgallery.com/packages/Az.Resources/4.0.2-preview) – AlfredoRevilla-MSFT Sep 01 '20 at 00:20
  • Thanks for response and suggestions. Yup with powershell core 7.03 update to Az.Resources 4.0.2. preview i'm now finding Connect.AzAccount; Get-AzADServicePrincipal return service principal(s) expose AppRoles and OAuth2Permissions off of a non-plural property name AppRole and OAuth2Permission. Wonder why this would have been changed since anytime you expect a 0 or many list property its plural and only singular when that's the expected case. – myusrn Sep 01 '20 at 04:27
  • I tried the following command `remove-module -name Az.Resources; install-module -name Az.Resources -RequiredVersion 2.5.0` to remove the 4.0.2 preview and return to the 2.5.0 release and confirm that the preview version of module was in fact required vs just needing to use different property names. When i do that and run calls again `get-module -all | ? { $_.Name -eq "Az.Resources" }` still shows 4.0.2 preview is installed. Am i overlooking step to rollback and test existing generally available 2.5.0 version? – myusrn Sep 01 '20 at 05:24
1

To your last question, remove-module only removes a module for the current session. You need to run Uninstall-Module instead.

There is an Uninstall-AzModule function here that might help you: https://learn.microsoft.com/en-us/powershell/azure/uninstall-az-ps?view=azps-4.6.1

Andrew Stein
  • 11
  • 1