我正在尝试过滤掉至少分配了一名所有者的 EntraID 应用程序。
根据 Microsoft 文档,所有者支持基于计数的过滤器。
应用程序所有者的目录对象。只读。可空。支持 $expand、$filter (/$count eq 0、/$count ne 0、/$count eq 1、/$count ne 1) 和 $select 嵌套在 $expand 中。
这是我正在尝试的查询。感谢对此的任何帮助。
干杯!
这个好像不是一个请求就能实现的,需要两个请求
## step 1: get graph token
$tenantId = ""
$clientId = ""
$clientSecret = ""
$headers = @{
"Content-Type" = "application/x-www-form-urlencoded"
}
$uri = "https://login.microsoftonline.com/{0}/oauth2/v2.0/token" -f $tenantId
$body = @{
grant_type = "client_credentials"
scope = "https://graph.microsoft.com/.default"
client_id = $clientId
client_secret = $clientSecret
}
$token = $(Invoke-RestMethod -Method Post -Uri $uri -Body $body -Headers $headers).access_token
## step 2: list all applications
$headers2 = @{
"Content-Type" = "application/json"
"Authorization" = "Bearer " + $token
}
$allAppIdUri = "https://graph.microsoft.com/v1.0/applications"
$allAppId = Invoke-RestMethod -Method Get -Uri $allAppIdUri -Headers $headers2
## step 3: foreach all the applications and find out the owner details
$owners = @()
foreach($item in $allAppId.value){
$ownerUri = "https://graph.microsoft.com/v1.0/applications/{0}/owners" -f $item.id
$res = Invoke-RestMethod -Method Get -Uri $ownerUri -Headers $headers2
if($($null -ne $res.value) -and $($res.value.Count -gt 1)){
$tmp = @{
id = $item.id
name = $item.displayName
owners = $res.value
onwersCount = $res.value.Count
}
$owners += $tmp
}
}
$owners | Format-Table