Azure PowerShell 中 Azure AD 至 Microsoft Graph 的移轉變更
Az.Resources PowerShell 模組的 Azure PowerShell 5.1.0 版本引進了與身分識別有關的指令變更。 依賴 Azure AD Graph 的 Cmdlet 正在轉換至 Microsoft Graph。 為了確保順利轉換,此變更是因應 Azure AD Graph即將淘汰的
下列範例會安裝最新版的 Az.Resources Azure PowerShell 模組。
Install-Module -Name Az.Resources -Repository PSGallery -Scope CurrentUser
如需變更清單,請參閱下列資訊。
應用
Get-AzAdApplication
輸出類型已從
Microsoft.Azure.Commands.ActiveDirectory.PSADApplication變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphApplication不支持參數
IncludeTotalCount,且已移除
New-AzAdApplication
輸出類型已從
Microsoft.Azure.Commands.ActiveDirectory.PSADApplication變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphApplication已移除參數
Password,不再支援自定義密碼,伺服器會在建立時指派秘密文字
Remove-AzAdApplication
- 參數
InputObject的輸入類型已從Microsoft.Azure.Commands.ActiveDirectory.PSADApplication變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphApplication
Update-AzAdApplication
參數
InputObject的輸入類型已從Microsoft.Azure.Commands.ActiveDirectory.PSADApplication變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphApplication輸出類型已從
Microsoft.Azure.Commands.ActiveDirectory.PSADApplication變更為System.Boolean
應用程式對象的變更
ObjectId已由Id取代HomePage已由HomepageUrl取代於Web元素中ApplicationId已由AppId取代AvailableToOtherTenants(布林值)被SignInAudience(包含 4 個值的字串:'AzureADMyOrg'、'AzureADMultipleOrgs'、'AzureADandPersonalMicrosoftAccount'、'PersonalMicrosoftAccount')更換。AzureADMultipleOrgs 相當於 AvailableToOtherTenants:$true
AzureAdMyOrg 相當於 AvailableToOtherTenants:$false 或 $null
ApiPermissions已由RequiredResourceAccess取代ReplyUrls已在Web元素中被RedirectUris取代ObjectType已由OdataType取代
應用程式認證
Get-AzAdAppCredential
參數
ApplicationObject的輸入類型已從Microsoft.Azure.Commands.ActiveDirectory.PSADApplication變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphApplication輸出類型已從
Microsoft.Azure.Commands.ActiveDirectory. PSADCredential變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphKeyCredential和Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphPasswordCredential
New-AzAdAppCredential
參數
ApplicationObject的輸入類型已從Microsoft.Azure.Commands.ActiveDirectory.PSADApplication變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphApplication輸出類型已從
Microsoft.Azure.Commands.ActiveDirectory. PSADCredential變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphKeyCredential和Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphPasswordCredential已移除參數
Password,不再支援自定義密碼,伺服器會在建立時指派秘密文字
Remove-AzAdAppCredential
- 參數
ApplicationObject的輸入類型已從Microsoft.Azure.Commands.ActiveDirectory.PSADApplication變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphApplication
應用程式認證對象的變更
密碼憑證
-
Password已由SecretText取代
密鑰憑證
- 已移除
CertValue
ServicePrincipal
Get-AzAdServicePrincipal
輸出類型已從
Microsoft.Azure.Commands.ActiveDirectory.PSADServicePrincipal變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphServicePrincipal不支持參數
IncludeTotalCount,且已移除。
New-AzAdServicePrincipal
輸出類型已從
Microsoft.Azure.Commands.ActiveDirectory.PSADServicePrincipal變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphServicePrincipal參數集
ApplicationWithoutCredentialParameterSet、ApplicationWithPasswordPlainParameterSet、DisplayNameWithoutCredentialParameterSet、DisplayNameWithPasswordPlainParameterSet已移除,因為這些原始參數集無法運作。當因為安全性考慮而未提供參數
-Role時,不會將角色contributor指派為預設值。已移除參數
SkipAssignment。
Remove-AzAdServicePrincipal
參數
ApplicationObject的輸入類型已從Microsoft.Azure.Commands.ActiveDirectory.PSADApplication變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphApplication參數
InputObject的輸入類型已從Microsoft.Azure.Commands.ActiveDirectory.PSADServicePrincipal變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphServicePrincipal
Update-AzAdServicePrincipal
參數
InputObject的輸入類型已從Microsoft.Azure.Commands.ActiveDirectory.PSADServicePrincipal變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphServicePrincipal輸出類型已從
Microsoft.Azure.Commands.ActiveDirectory.PSADServicePrincipal變更為System.Boolean
服務主體對象的變更
ApplicationId已由AppId取代ObjectType已由OdataType取代
ServicePrincipal 認證
Get-AzAdSpCredential
參數
ServicePrincipalObject的輸入類型已從Microsoft.Azure.Commands.ActiveDirectory.PSADServicePrincipal變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphServicePrincipal輸出類型已從
Microsoft.Azure.Commands.ActiveDirectory. PSADCredential變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphKeyCredential和Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphPasswordCredential
New-AzAdSpCredential
參數
ServicePrincipalObject的輸入類型已從Microsoft.Azure.Commands.ActiveDirectory.PSADServicePrincipal變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphServicePrincipal輸出類型已從
Microsoft.Azure.Commands.ActiveDirectory. PSADCredential變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphKeyCredential和Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphPasswordCredential
Remove-AzAdSpCredential
- 參數
ServicePrincipalObject的輸入類型已從Microsoft.Azure.Commands.ActiveDirectory.PSADServicePrincipal變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphServicePrincipal
ServicePrincipal 憑證物件的變更
密碼憑證
-
Password已由SecretText取代
金鑰憑證
- 已移除
CertValue
使用者
Get-AzAdUser
輸出類型已從
Microsoft.Azure.Commands.ActiveDirectory.PSADUser變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphUser不支持參數
IncludeTotalCount,且已移除
New-AzAdUser
- 輸出類型已從
Microsoft.Azure.Commands.ActiveDirectory.PSADUser變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphUser
Remove-AzAdUser
- 參數
InputObject的輸入類型已從Microsoft.Azure.Commands.ActiveDirectory.PSADUser變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphUser
Update-AzAdUser
參數
InputObject的輸入類型已從Microsoft.Azure.Commands.ActiveDirectory.PSADUser變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphUser輸出類型已從
Microsoft.Azure.Commands.ActiveDirectory.PSADUser變更為System.Boolean
用戶對象的變更
ObjectType已由OdataType取代ImmutableId已由OnpremisesImmutableId取代
群
Get-AzAdGroup
輸出類型已從
Microsoft.Azure.Commands.ActiveDirectory.PSADGroup變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphGroup不支持參數
IncludeTotalCount,且已移除
New-AzAdGroup
- 輸出類型已從
Microsoft.Azure.Commands.ActiveDirectory.PSADGroup變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphGroup
Remove-AzAdGroup
- 參數
InputObject的輸入類型已從Microsoft.Azure.Commands.ActiveDirectory.PSADGroup變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphGroup
群組物件的變更
-
ObjectType已由OdataType取代
群組成員
Get-AzAdGroupMember
輸出類型已從
Microsoft.Azure.Commands.ActiveDirectory.PSADObject變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphDirectoryObject已移除參數
IncludeTotalCount參數
GroupObject的輸入類型已從Microsoft.Azure.Commands.ActiveDirectory.PSADGroup變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphGroup
重要
由於目前 Graph API 的限制,Az 7.x 中的 Get-AzAdGroupMember 不會傳回服務主體。 若需要替代方案,請參閱 針對 Az PowerShell 模組進行疑難解答。
Add-AzAdGroupMember
- 參數
GroupObject的輸入類型已從Microsoft.Azure.Commands.ActiveDirectory.PSADGroup變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphGroup
Remove-AzAdGroupMember
- 參數
GroupObject的輸入類型已從Microsoft.Azure.Commands.ActiveDirectory.PSADGroup變更為Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphGroup
