我想通过从PowerShell调用MS Graph来获取Azure AD组的display name和createdDateTime。
为此,我使用下面的PS脚本:
$Body = @{
client_id = "app_id"
client_secret = "secret"
scope = "https://graph.microsoft.com/.default"
grant_type = 'client_credentials'
}
$Connect_Graph = Invoke-RestMethod -Uri "https://login.microsoftonline.com/my_tenant_id/oauth2/v2.0/token" -Method Post -Body $Body
$token = $Connect_Graph.access_token
$query = "https://graph.microsoft.com/v1.0/groups/"
$groups = (Invoke-RestMethod -Headers @{Authorization = "Bearer $($token)"} -Uri $query -Method Get).value | Select displayName, createdDateTime字符串
失败,错误代码为403 Forbidden
Invoke-RestMethod : The remote server returned an error: (403) Forbidden.
At C:\Users\script.ps1:13 char:12
+ $groups = (Invoke-RestMethod -Headers @{Authorization = "Bearer $($to ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand型
我已授予Group.Read.All和Directory.Read.All的权限.
1条答案
按热度按时间dw1jzc5e1#
请检查您授予**
Group.Read.All和Directory.Read.All**的权限类型。的数据
为了解决错误,我为**
Group.Read.All和Directory.Read.All授予了应用权限**,并执行了以下脚本:字符串
我成功地得到了如下结果:
的