C:\> $app = New-AzureRmADApplication -DisplayName "exampleapp" -HomePage "https://www.contoso.org/exampleapp" -IdentifierUris "https://www.contoso.org/exampleapp" -Password "Qwertyu123$"
New-AzureRmADApplication : Resource not found for the segment 'me'.
我可以使用所有者帐户发出相同的命令。问题是这个应用程序几乎拥有Azure的所有权限(包括所有者)
edit - 用于启动Azure会话的命令:
Add-AzureRmAccount -TenantId $env:tenant_id -ServicePrincipal `
-Credential ([pscredential]::new($env:app_id,(ConvertTo-SecureString -String $env:app_key -AsPlainText -Force)))
显然我错过了一些许可,哪一个?
身体:{" odata.error":{ "代码":" Authorization_RequestDenied", " message":{ " lang":" en", "值":"没有足够的权限来完成操作。" }, " requestId":" 9c3bf711-c9ad-4883-a5cf-fa7926ccdf63", " date":" 2017-03-06T10:14:29" }}
答案 0 :(得分:0)
我尝试重现您的错误但失败了,这是我的测试步骤:
请使用小提琴来捕获New-AzureRmADApplication的http请求,你会发现它执行了一个rest api:
您可以使用在线工具(如jwt.io)来解码您的访问令牌,请检查“角色”声明,我将应用权限配置为您显示的图片,角色将是:
" aud"是https://graph.windows.net/。如果有什么我没有注意到的,请告诉我。
答案 1 :(得分:0)
所以我猜这将是一种以某种短暂的失败而闻名的云,我没有改变,但这现在正在发挥作用。
答案 2 :(得分:-1)
我一直在使用这个有效的脚本:
# This script creates an Azure AD application.
# Before running this script you need to install the Azure RM cmdlets as an administrator.
# For this:
# 1) Run Powershell as an administrator
# 2) in the PowerShell window, type: Install-Module AzureRM.Resources
$ErrorActionPreference = 'Stop'
# Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps.
# Look it up in the Azure portal in the "Properties" of the Azure AD.
$script:tenantId = '00000000-0abc-0000-abcd-ef0001111234'
# Variables for the registration of the AAD application for the Web API Service
$script:serviceAadAppName = "exampleapp"
$script:serviceHomePage = "https://www.contoso.org/exampleapp"
$script:serviceAppIdIRI = "https://"+$script:tenantId+"/"+$serviceAadAppName
# Import required modules
Import-Module AzureRM.Resources
# Login to Azure PowerShell (interactive: you'll need to sign-in with creds enabling your to create apps in the tenant)
$creds = Login-AzureRmAccount -TenantId $script:tenantId
# Create the Azure Active Directory Application
# Note that if, at this point, you get an error: "New-AzureRmADApplication : Your Azure credentials have not been set up or have expired, please run Login-AzureRMAccount to set up your Azure credentials"
# then you will need to run Clear-AzureProfile (you might have an expired token)
$serviceApplication = New-AzureRmADApplication -DisplayName $script:serviceAadAppName -HomePage $script:serviceHomePage -IdentifierUris $script:serviceAppIdIRI
# Create the Service Principal and connect it to the Application
$servicePrincipal = New-AzureRmADServicePrincipal -ApplicationId $serviceApplication.ApplicationId$serviceApplication.ApplicationId
然后可以在创建应用程序期间添加更多内容(如凭据),之后(使用Set-AzureRMADApplication)