Using New-MgApplicationOwnerByRef in Graph PowerShell

The New-MgApplicationOwnerByRef cmdlet in Microsoft Graph PowerShell is a powerful tool for managing the owners of Azure AD applications. This cmdlet allows administrators to assign one or more owners to an application by referencing their User IDs in a specific URL format. In this article, we will explore the cmdlet's syntax, provide usage examples (including assigning a single owner, multiple owners, and importing owners from a CSV file), offer tips for effective usage, and discuss possible errors and their solutions.

Note: You need Application Ids to work with this cmdlet. Use Get-MgApplication to get the application id.


Cmdlet Syntax

New-MgApplicationOwnerByRef -ApplicationId <String> -BodyParameter <Hashtable>
  • -ApplicationId: The unique identifier (GUID) of the application to which you want to assign an owner.
  • -BodyParameter: A hashtable containing the details of the new owner(s). The @odata.id key must be used, and the owner ID must be provided in a specific URL format.

Usage Examples

Example 1: Assigning a Single Owner to an Application

To assign a single owner to an application, you need to provide the Application ID and the User ID of the new owner. The User ID must be passed in the correct URL format.

$NewOwner = @{
    "@odata.id"= "https://graph.microsoft.com/v1.0/directoryObjects/075b32dd-edb7-47cf-89ef-f3f733683a3f"
}

New-MgApplicationOwnerByRef -ApplicationId "1a2b3c4d-5678-90ab-cdef-1234567890ab" -BodyParameter $NewOwner

Example 2: Assigning Multiple Owners to an Application

If you want to assign multiple owners, you need to run the New-MgApplicationOwnerByRef cmdlet multiple times, each time with a different @odata.id.

$Owner1 = @{
    "@odata.id"= "https://graph.microsoft.com/v1.0/directoryObjects/075b32dd-edb7-47cf-89ef-f3f733683a3f"
}

$Owner2 = @{
    "@odata.id"= "https://graph.microsoft.com/v1.0/directoryObjects/12345678-1234-1234-1234-1234567890ab"
}

New-MgApplicationOwnerByRef -ApplicationId "1a2b3c4d-5678-90ab-cdef-1234567890ab" -BodyParameter $Owner1
New-MgApplicationOwnerByRef -ApplicationId "1a2b3c4d-5678-90ab-cdef-1234567890ab" -BodyParameter $Owner2

Example 3: Assigning Multiple Owners via CSV Import

You can also assign multiple owners by importing User IDs from a CSV file and iterating over each ID.

Sample CSV File (Owners.csv):

UserId
075b32dd-edb7-47cf-89ef-f3f733683a3f
12345678-1234-1234-1234-1234567890ab

PowerShell Script:

$ApplicationId = "1a2b3c4d-5678-90ab-cdef-1234567890ab"
$Owners = Import-Csv -Path "C:\Path\To\Owners.csv"

foreach ($Owner in $Owners) {
    $NewOwner = @{
        "@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/$($Owner.UserId)"
    }
    New-MgApplicationOwnerByRef -ApplicationId $ApplicationId -BodyParameter $NewOwner
}

Cmdlet Tips

  • URL Format: Ensure that the @odata.id is formatted correctly with the User ID included at the end of the URL.
  • Permission Requirements: Make sure you have the necessary permissions to assign owners to the application.
  • Bulk Operations: Use a CSV file for bulk owner assignments to save time and reduce errors.

Possible Errors & Solutions

Error: InvalidAuthenticationToken

Cause: The token used for authentication is invalid or expired.

Solution: Ensure you have a valid authentication token. Run Connect-MgGraph to re-authenticate.

Error: ResourceNotFound

Cause: The specified Application ID or User ID is incorrect.

Solution: Verify that both the Application ID and User IDs are correct and exist in the tenant.

Error: Request_BadRequest

Cause: The @odata.id format is incorrect.

Solution: Ensure that the User ID is correctly formatted in the URL and that it matches the expected format.


Use Cases

  • Delegating Application Management: Assign multiple owners to manage a critical application, ensuring redundancy in management capabilities.
  • Automating Owner Assignments: Automate the process of assigning owners to new applications by integrating this cmdlet into a larger automation script.
  • Bulk Owner Management: Quickly assign or change owners for multiple applications by using a CSV import method.

Conclusion

The New-MgApplicationOwnerByRef cmdlet is an essential tool for managing the ownership of Azure AD applications through Microsoft Graph PowerShell. By understanding the syntax, usage examples, and potential pitfalls, you can effectively use this cmdlet to streamline the management of application owners in your organization. Whether you're assigning a single owner or managing owners in bulk, this cmdlet offers flexibility and control, ensuring your applications are managed by the right people.


Additional Resources:

Graph PowerShell New-MgApplicationOwnerByRef Cmdlet Documentation
Microsoft Graph PowerShell Module Documentation
Microsoft Graph API Documentation

Related Articles:

Using Get-MgDirectoryRole in Graph PowerShell
Using Get-MgUserLicenseDetail in Graph PowerShell
Using Find-GraphMgCommand in Graph PowerShell
Connect to Microsoft 365 Using PowerShell
How to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Using Powershell Graph Filter Query
Using Where-Object In Graph PowerShell
Using Expand Property In Graph PowerShell
Using Select Object In Graph PowerShell
Using -Contains Operator In Graph PowerShell
Add User to Multiple Microsoft 365 Groups Using Graph PowerShell
Get Microsoft 365 User Location Using Graph PowerShell
Import Microsoft 365 Groups from CSV File Using Graph PowerShell
Microsoft 365 Group User Import Using Graph PowerShell

© m365corner.com. All Rights Reserved. Design by HTML Codex