删除 Azure MS Graph SDK 的 MgRoleManagementDirectoryRoleEligibilitySchedule

问题描述 投票:0回答:1

我想删除用户(我)的 EntraID (AzureAD) 角色。 我尝试使用 Remove-MgRoleManagementDirectoryRoleEligibilitySchedule 命令。

我通过以下方式获取 UnifiedRoleEligibilityScheduleId:

$SearchId = Get-MgRoleManagementDirectoryRoleEligibilitySchedule -Filter "PrincipalId eq '$($me.Id)'"

我可以通过以下方式验证我的身份:

Get-MgRoleManagementDirectoryRoleEligibilitySchedule -UnifiedRoleEligibilityScheduleId $SearchId.Id

但是当我使用时

Remove-MgRoleManagementDirectoryRoleEligibilitySchedule -UnifiedRoleEligibilityScheduleId $SearchId.Id

我有这个错误:

DEBUG
DEBUG: [Authentication]: - Scopes: [...,RoleManagement.ReadWrite.Directory,...]
...
HTTP Method:
DELETE
Absolute Uri:
https://graph.microsoft.com/v1.0/roleManagement/directory/roleEligibilitySchedules/$SearchId.Id
...
"message": "{\"message\":\"No HTTP resource was found that matches the request URI 'https://api.azrbac.mspim.azure.com/api/v3/roleManagement/directory/roleEligibilitySchedules('$SearchId.Id')?'.\"}"

命令Remove-MgRoleManagementDirectoryRoleEligibilitySchedule真的有用吗? 谢谢!

azure charts
1个回答
0
投票

我分配了一个 Entra ID (Azure AD) 资格角色 “应用程序管理员” 分配给我:

enter image description here

当我运行相同的命令来删除上述资格分配时,我也遇到了相同的错误,如下所示:

$SearchId = Get-MgRoleManagementDirectoryRoleEligibilitySchedule -Filter "PrincipalId eq 'userId'"
Get-MgRoleManagementDirectoryRoleEligibilitySchedule -UnifiedRoleEligibilityScheduleId $SearchId.Id
Remove-MgRoleManagementDirectoryRoleEligibilitySchedule -UnifiedRoleEligibilityScheduleId $SearchId.Id

回复:

enter image description here

请注意,Microsoft Graph PowerShell SDK 在执行代码时会调用后端的 MS Graph API 查询。您可以通过在命令末尾添加 -Debug

确认
,如下所示:

Remove-MgRoleManagementDirectoryRoleEligibilitySchedule -UnifiedRoleEligibilityScheduleId $SearchId.Id -Debug

回复:

enter image description here

当前在后端运行的命令

不存在
DELETE API 调用会抛出错误“404 Not Found”

或者,使用以下 PowerShell 脚本来删除资格角色,如下所示:

Import-Module Microsoft.Graph.Identity.Governance

$params = @{
    action = "adminRemove"
    roleDefinitionId = "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3" #Application admin role ID
    directoryScopeId = "/"
    principalId = "userId"
}

New-MgRoleManagementDirectoryRoleEligibilityScheduleRequest -BodyParameter $params

回复:

enter image description here

当我在门户中检查相同内容时,资格角色已成功删除,如下所示:

enter image description here

参考: 创建 roleEligibilityScheduleRequest - Microsoft Graph

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.