将分配到某连接器组的所有 Microsoft Entra 应用程序代理应用移动到另一个连接器组
此 PowerShell 脚本示例会将当前分配给某个连接器组的所有 Microsoft Entra 应用程序代理应用程序移动到其他连接器组。
如果没有 Azure 订阅,请在开始之前创建一个 Azure 免费帐户。
注意
建议使用 Azure Az PowerShell 模块与 Azure 交互。 请参阅安装 Azure PowerShell 以开始使用。 若要了解如何迁移到 Az PowerShell 模块,请参阅 将 Azure PowerShell 从 AzureRM 迁移到 Az。
此示例需要 Microsoft Graph Beta PowerShell 模块 2.10 或更高版本。
示例脚本
# This sample script moves all Microsoft Entra application proxy applications assigned to a specific connector group to another connector group.
#
# .\move-all-apps-to-a-connector-group.ps1 -CurrentConnectorGroupId <ObjectId of the current connector group> -NewConnectorGroupId <ObjectId of the new connector group>
#
# Version 1.0
#
# This script requires PowerShell 5.1 (x64) or beyond and one of the following modules:
#
# Microsoft.Graph.Beta ver 2.10 or newer
#
# Before you begin:
#
# Required Microsoft Entra role: Global Administrator or Application Administrator
# or appropriate custom permissions as documented https://learn.microsoft.com/en-us/azure/active-directory/roles/custom-enterprise-app-permissions
#
#
param(
[parameter(Mandatory=$true)]
[string] $CurrentConnectorGroupId = "null",
[parameter(Mandatory=$true)]
[string] $NewConnectorGroupId = "null"
)
$currentGroupId = $CurrentConnectorGroupId
$newGroupId = $NewConnectorGroupId
$connectorAssignedApp = $null
If (($currentGroupId -eq "null") -or ($newGroupId -eq "null")) {
Write-Host "Parameter is missing." -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host " "
Write-Host ".\move-all-apps-to-a-connector-group.ps1 -CurrentConnectorGroupId <ObjectId of the current connector group> -NewConnectorGroupId <ObjectId of the new connector group>" -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host " "
Exit
}
Import-Module Microsoft.Graph.Beta.Applications
Connect-MgGraph -Scope Directory.ReadWrite.All -NoWelcome
Try {
$temp = Get-MgBetaOnPremisePublishingProfileConnectorGroup -OnPremisesPublishingProfileId "applicationProxy" -ConnectorGroupId $currentGroupId
$temp = Get-MgBetaOnPremisePublishingProfileConnectorGroup -OnPremisesPublishingProfileId "applicationProxy" -ConnectorGroupId $newGroupId
}
Catch {
Write-Host "Possibly, one of the parameters is incorrect." -BackgroundColor "Black" -ForegroundColor "Red"
Write-Host " "
Exit
}
Write-Host "Reading service principals. This operation might take longer..." -BackgroundColor "Black" -ForegroundColor "Green"
$aadapServPrinc = Get-MgBetaServicePrincipal -Top 100000 | where-object {$_.Tags -Contains "WindowsAzureActiveDirectoryOnPremApp"}
Write-Host "Displaying Microsoft Entra application proxy applications moved from the connector Id :",$currentGroupId," to: ",$newGroupId -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host " "
$connectorAssignedApp = Get-MgBetaOnPremisePublishingProfileConnectorGroupApplication -OnPremisesPublishingProfileId "applicationProxy" -ConnectorGroupId $CurrentConnectorGroupId;
$movedApps, $notmovedApps = 0, 0
foreach ($item in $connectorAssignedApp) {
if ($item.AppId -in ($aadapServPrinc.AppId)) {
$item.DisplayName + " (AppId: " + $item.AppId + ")"
$params = @{
"@odata.id" = "https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationProxy/connectorGroups/$NewConnectorGroupId"
}
Set-MgBetaApplicationConnectorGroupByRef -ApplicationId $item.Id -BodyParameter $params
$movedApps = $movedApps + 1
}
else
{
$notmovedApps = $notmovedApps + 1
}
}
Write-Host ("")
Write-Host ("$movedApps apps has been moved to the new connector.") -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host ("$notmovedApps apps could not be moved to the new connector. Finished.") -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host ("")
Write-Host "To disconnect from Microsoft Graph, please use the Disconnect-MgGraph cmdlet."
Write-Host ("")
脚本说明
| Command | 说明 |
|---|---|
| Connect-MgGraph | 连接到 Microsoft Graph |
| Get-MgBetaServicePrincipal | 获取服务主体 |
| Get-MgBetaOnPremisePublishingProfileConnectorGroup | 获取企业应用程序 |
| Get-MgBetaOnPremisePublishingProfileConnectorGroupApplication | 列出分配给连接器组的应用程序 |
| Set-MgBetaApplicationConnectorGroupByRef | 将应用程序分配给连接器组 |