- Mastering Identity and Access Management with Microsoft Azure
- Jochen Nickel
- 108字
- 2021-07-02 12:57:17
Scoping administrative roles
In the next step, we assign the user account administrator role. Verify available roles with the following cmdlet:
Get-AzureADDirectoryRoleTemplate
Now, we enable the user account administrator role with the following cmdlet:
Enable-AzureADDirectoryRole -RoleTemplateId fe930be7-5e62-47db-91af-98c3a49a38b1
Set variables and assign the user to the role:
$admins = Get-AzureADDirectoryRole
foreach($i in $admins) {
if($i.DisplayName -eq "User Account Administrator") {
$uaAdmin = $i
}
}
$HRUA = Get-AzureADUser -Filter "UserPrincipalName eq 'Don.Hall@$InitialDomain'"
$uaRoleMemberInfo = New-Object -TypeName Microsoft.Open.AzureAD.Model.RoleMemberInfo -Property @{ ObjectId = $HRUA.ObjectId }
Add-AzureADScopedRoleMembership -RoleObjectId $uaAdmin.ObjectId -ObjectId $HRAU.ObjectId -RoleMemberInfo $uaRoleMemberInfo
The output of the preceding command is as follows:
User Account Administrator assignment
Next, we will test our configuration.