Mastering Identity and Access Management with Microsoft Azure
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Scoping administrative roles

In the next step, we assign the user account administrator role. Verify available roles with the following cmdlet:

Get-AzureADDirectoryRoleTemplate

Now, we enable the user account administrator role with the following cmdlet:

Enable-AzureADDirectoryRole -RoleTemplateId fe930be7-5e62-47db-91af-98c3a49a38b1

Set variables and assign the user to the role:

$admins = Get-AzureADDirectoryRole
foreach($i in $admins) {
    if($i.DisplayName -eq "User Account Administrator") {
        $uaAdmin = $i
       }
    }

$HRUA = Get-AzureADUser -Filter "UserPrincipalName eq 'Don.Hall@$InitialDomain'"
$uaRoleMemberInfo = New-Object -TypeName Microsoft.Open.AzureAD.Model.RoleMemberInfo -Property @{ ObjectId = $HRUA.ObjectId }
Add-AzureADScopedRoleMembership -RoleObjectId $uaAdmin.ObjectId -ObjectId $HRAU.ObjectId -RoleMemberInfo $uaRoleMemberInfo

The output of the preceding command is as follows:

User Account Administrator assignment

Next, we will test our configuration.

本周热推:
大模型安全、监管与合规黑客攻防与电脑安全从新手到高手(微视频+火力升级版)黑客攻防从入门到精通(Web技术实战篇)Web漏洞搜索社会工程:安全体系中的人性漏洞
上一章目录下一章