Missing Microsoft Graph ServicePrincipal

TL TR We create an AAD application using the Microsoft Graph API. The application has some required ResourceAccess entries where access to Microsoft graphics is required. After creating the application, we want to assign roles to the main service using the appRoleAssignments object. An object requires an Id resource, which is an object resource (such as a Microsoft graph) that I am trying to determine.

We use the https://graph.windows.net/<tenant>/servicePrincipals?api-version=1.6Graph API itself to get service participants using:, but somehow Microsoft Graph is missing:

Windows Azure Active Directory      
Microsoft App Access Panel          
Azure Classic Portal                
Microsoft.SMIT                      
Office 365 Configure                
Windows Azure Service Management API
Microsoft.SupportTicketSubmission   
Azure ESTS Service                  
Signup                              
Microsoft password reset service  

I need to define an ObjectId for a Microsoft Graph Service Principal . Starting with fresh AAD, there seems to be no Microsoft Graph Principal:

Get-MsolServicePrincipal -AppPrincipalId 00000003-0000-0000-c000-000000000000

Output

Get-MsolServicePrincipal : Service principal was not found.

ObjectId Microsoft Graph ( API graph.windows.net)?


1:

, :

POST: https://graph.windows.net/{tenantId}/servicePrincipals?api-version=1.6

Authorization: Bearer {access_token}

{
  "appId": "00000003-0000-0000-c000-000000000000",
  "accountEnabled": true
}

400 ( ):

enter image description here

+4
2

ObjectId Microsoft Graph Service Principal. AAD, , Microsoft Graph Principal:

(Microsoft Graph), , , . .

Microsoft Graph, Microsoft Graph , :

enter image description here

Get-MsolServicePrincipal ( . , ).

, .

Update

POST: https://graph.windows.net/{tenantId}/servicePrincipals?api-version=1.6

Authorization: Bearer {access_token}

{
  "appId": "00000003-0000-0000-c000-000000000000",
  "accountEnabled": true
}

Update2

REST (1950a258-227b-4e31-a9cf-717495945fc2), Microsoft, . Microsoft , New-AzureRMADServicePrincipal.

# :

try
{
    var userName = "";
    var password = "";
    var securePassword = new SecureString();
    foreach (char c in password)
    {
        securePassword.AppendChar(c);
    }

    // Create Initial Session State for runspace.
    InitialSessionState initialSession = InitialSessionState.CreateDefault();
    // Create credential object.
    PSCredential credential = new PSCredential(userName, securePassword);
    // Create command to Log in to Azure.
    Command connectCommand = new Command("Login-AzureRmAccount");
    connectCommand.Parameters.Add((new CommandParameter("Credential", credential)));
    // Create command to create service principal.
    Command createSP = new Command("New-AzureRMADServicePrincipal");
    createSP.Parameters.Add(new CommandParameter("ApplicationId", "00000003-0000-0000-c000-000000000000"));
    using (Runspace psRunSpace = RunspaceFactory.CreateRunspace(initialSession))
    {
        // Open runspace.
        psRunSpace.Open();

        //Iterate through each command and executes it.
        foreach (var com in new Command[] { connectCommand, createSP})
        {
            var pipe = psRunSpace.CreatePipeline();
            pipe.Commands.Add(com);
            pipe.Invoke();

        }
        // Close the runspace.
        psRunSpace.Close();
    }
}
catch (Exception)
{
    throw;
}
+3
Get-MsolServicePrincipal -All | ? {$_.Displayname -match 'graph'} | ft ObjectID,AppprincipalID,DisplayName -AutoSize
0

Source: https://habr.com/ru/post/1674287/


All Articles