Question

我已登录到我为测试创建的Azure AD。我正在尝试向用户添加扩展属性：

我首先在我的应用程序中添加了扩展类型：命令：

New-AzureADApplicationExtensionProperty -ObjectID 513aba62-4610-44ef-8be2-5a5e99a5e6bd -DataType "string" -Name "organisationId"

结果：

extension_d939d34ab3f34f5dbb6e4e5c35e5787a_organisationId

应用对象ID：513aba62-4610-44ef-8be2-5a5e99a5e6bd

然后我检索了扩展属性的id：命令：

Get-AzureADApplicationExtensionProperty -ObjectId 513aba62-4610-44ef-8be2-5a5e99a5e6bd

现在我正在尝试将此扩展名添加到我在活动目录中的第一个用户：

$User = Get-AzureADUser -Top 1
Set-AzureADUserExtension -ObjectId $User.ObjectId -ExtensionName extension_d939d34ab3f34f5dbb6e4e5c35e5787a_organisationId -ExtensionValue "12345"

错误：

Set-AzureADUserExtension : Error occurred while executing SetUser 
Code: Request_BadRequest Message: The following extension properties
are not available for the given resource:
extension_d939d34ab3f34f5dbb6e4e5c35e5787a_organisationId. RequestId:
2cbeff0f-5b91-478a-8c64-586a4d23e4c5 DateTimeStamp: Wed, 14 Jun 2017
13:49:02 GMT HttpStatusCode: BadRequest HttpStatusDescription: Bad
Request HttpResponseStatus: Completed At line:2 char:1
+ Set-AzureADUserExtension -ObjectId $User.ObjectId -ExtensionName exte ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : NotSpecified: (:) [Set-AzureADUserExtension], ApiException
     + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD.Graph.PowerShell.Custom.SetAzureADUserExtension

我正在使用这些文档： https://docs.microsoft.com/en-us/powershell/module/azuread/set-azureaduserextension?view=azureadps-2.0

Answer 1

我遇到了同样的问题。对我来说，为应用程序创建AzureAD服务主体似乎解决了这个问题。

# CREATE A NEW APP AND SERVICE PRINCIPAL
$MyApp = (New-AzureADApplication -DisplayName "YourNewAppName" -IdentifierUris "https://dummy").ObjectId 
New-AzureADServicePrincipal -AppId (Get-AzureADApplication -SearchString "YourNewAppName").AppId 

# CREATE A NEW EXTENSION PROPERTY IN THE APP
New-AzureADApplicationExtensionProperty -ObjectId $MyApp -Name "YourPropertyName" -DataType "String" -TargetObjects "User" 

# ADD THE NEW EXTENSION PROPERTY WITH A VALUE TO A USER
$aadUser = Get-AzureADUser -ObjectId youruser@yourdomain.com
Set-AzureADUserExtension -ObjectId $aadUser.ObjectId -ExtensionName "yourExtensionNameReturnedAbove" -ExtensionValue "YourPropertyValue"

请参阅：MS PowerShell AzureAD Extension Attributes Sample

Answer 2

目前，我们无法使用PowerShell向Azure AD用户添加扩展属性。 New-AzureADApplicationExtensionProperty创建扩展属性不适合用户，我们可以使用PowerShell命令Get-AzureADUser进行检查。

PS C:\Users\v-jianye> $d = get-azureaduser -ObjectId 65120ec5-3be1-4365-9d1c-b190414a830f
PS C:\Users\v-jianye> $d.ExtensionProperty

Key                         Value
---                         -----
odata.metadata              https://graph.windows.net/5b47c786-9ca0-4347-9ec8-06590cad075f/$metadata#directoryObjects/Microsoft.DirectoryServices.User/@Element
odata.type                  Microsoft.DirectoryServices.User
deletionTimestamp
facsimileTelephoneNumber
onPremisesDistinguishedName

PS C:\Users\v-jianye> $c = get-azureaduser -ObjectId 9821a55c-c4c1-46dd-8471-5f99ee8e7c0d
PS C:\Users\v-jianye> $c.ExtensionProperty

Key                                                               Value
---                                                               -----
odata.metadata                                                    https://graph.windows.net/5b47c786-9ca0-4347-9ec8-06590cad075f/$metadata#directoryObjects/Microsoft.DirectoryServices.User/@Element
odata.type                                                        Microsoft.DirectoryServices.User
deletionTimestamp
facsimileTelephoneNumber
onPremisesDistinguishedName
extension_70e35fde0e05483aa8ace7c8c6d3fb93_whenCreated@odata.type Edm.DateTime
extension_70e35fde0e05483aa8ace7c8c6d3fb93_whenCreated            12/6/2016 4:06:34 AM

Microsoft提供了两种使用扩展程序向资源添加自定义数据的方法，它们是开放扩展程序和架构扩展程序。
有关创建开放式扩展程序的详细信息，请参阅此link。

通过Power Shell将扩展属性添加到Azure ActiveDirectory用户

2 个答案: