如何访问AzureAd - >用户和组 - 用户设置

时间:2017-06-06 08:16:57

标签: powershell azure-active-directory

我想访问

  

Azure门户 - > Azure Active Directory - >用户设置

通过powershell命令行开关。

目前我已尝试

  

GET-MsolCompanyInformation

提供有关这些设置的有限数据。并非所有设置访问(true / false)都会出现此命令行开关。

是否有人可以通过这些命令行管理器获取是否为租户启用/禁用这些设置?

1 个答案:

答案 0 :(得分:1)

目前,没有命令可以在msol powershell moduleAzure AD powershell module v2中列出这些信息。

作为一种解决方法,我们可以使用角色来控制这些权限。

我们可以使用Azure AD powershell V2列出角色:Get-AzureADDirectoryRole。 然后我们可以使用此命令列出此角色的成员:Get-​Azure​AD​Directory​Role​Member

要创建角色,我们可以使用此命令列出角色模板Get-AzureADDirectoryRoleTemplate

PS C:\Users> Get-AzureADDirectoryRoleTemplate

ObjectId                             DisplayName                        Description
--------                             -----------                        -----------
729827e3-9c14-49f7-bb1b-9608f156bbb8 Helpdesk Administrator             Helpdesk Administrator has access to perform common helpdesk related tasks.
f023fd81-a637-4b56-95fd-791ac0226033 Service Support Administrator      Service Support Administrator has access to perform common support tasks.
b0f54661-2d74-4c50-afa3-1ec803f12efe Billing Administrator              Billing Administrator has access to perform common billing related tasks.
4ba39ca4-527c-499a-b93d-d9b492c50246 Partner Tier1 Support              Allows ability to perform tier1 support tasks.
e00e864a-17c5-4a4b-9c06-f5b95a8d5bd8 Partner Tier2 Support              Allows ability to perform tier2 support tasks.
88d8e3e3-8f55-4a1e-953a-9b9898b8876b Directory Readers                  Allows access to various read only tasks in the directory.
29232cdf-9323-42fd-ade2-1d097af3e4de Exchange Service Administrator     Exchange Service Administrator.
75941009-915a-4869-abe7-691bff18279e Lync Service Administrator         Lync Service Administrator.
fe930be7-5e62-47db-91af-98c3a49a38b1 User Account Administrator         User Account Administrator has access to perform common user management related tasks.
9360feb5-f418-4baa-8175-e2a00bac4301 Directory Writers                  Allows access read tasks and a subset of write tasks in the directory.
62e90394-69f5-4237-9190-012177145e10 Company Administrator              Company Administrator role has full access to perform any operation in the company scope.
a0b1b346-4d3e-4e8b-98f8-753987be4970 User                               Every user is implicitly considered to be a member of the User Role.
f28a1f50-f6e7-4571-818b-6a12f2af6b6c SharePoint Service Administrator   SharePoint Service Administrator.
d405c6df-0af8-4e3b-95e4-4d06e542189e Device Users                       Device Users
9f06204d-73c1-4d4c-880a-6edb90606fd8 Device Administrators              Device Administrators
9c094953-4995-41c8-84c8-3ebb9b32c93f Device Join                        Device Join
c34f683f-4d5a-4403-affd-6615e00e3a7f Workplace Device Join              Workplace Device Join
17315797-102d-40b4-93e0-432062caca18 Compliance Administrator           Compliance administrator.
d29b2b05-8046-44ba-8758-1e26182fcf32 Directory Synchronization Accounts Directory Synchronization Accounts
2b499bcd-da44-4968-8aec-78e1674fa64d Device Managers                    Allows access to read and edit device properties.
9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3 Application Administrator          Application Administrator role has access to perform common application management related tasks.
cf1c38e5-3621-4004-a7cb-879624dced7c Application Developer              Application Developer role has ability to create single-tenant applications.
5d6b6bb7-de71-4623-b4af-96380a352509 Security Reader                    Security Reader allows ability to read security information and reports.
194ae4cb-b126-40b2-bd5b-6091b380977d Security Administrator             Security Administrator allows ability to read and manage security configuration and reports.
e8611ab8-c189-46e8-94e1-60213ab1f814 Privileged Role Administrator      Privileged Role Administrator has access to perform common role management related tasks.
3a2c62db-5318-420d-8d74-23affee5d9d5 Intune Service Administrator       Intune Service Administrator has full access in the Intune Service.
158c047a-c907-4556-b7ef-446551a6b5f7 Cloud Application Administrator    Cloud Application Administrator has the ability to create applications and update all cloud properties of applications.
5c4f9dcd-47dc-4cf7-8c9a-9e4207cbfc91 Customer LockBox Access Approver   Customer LockBox Access Approver has approval access to user data requests.
44367163-eba1-44c3-98af-f5787879f96a CRM Service Administrator          CRM Service Administrator has full access in the CRM Service.
a9ea8996-122f-4c74-9520-8edcd192826c Power BI Service Administrator     Full access in the Power BI Service.
95e79109-95c0-4d8e-aee3-d01accf2d47b Guest Inviter                      Guest Inviter has access to invite guest users.
b1be1c3e-b65d-4f19-8427-f6fa0d97feb9 Conditional Access Administrator   Allows management of all conditional access capabilities.

有关Azure AD powershell V2的更多信息,请参阅此link