I'm trying to run the following command (which I have ran before with no issues) ...
# Assign the managed identity access to the app role.
New-AzureADServiceAppRoleAssignment -ObjectId $managedIdentityObjectId
-Id $appRoleId -PrincipalId $managedIdentityObjectId
-ResourceId $serverServicePrincipalObjectId
However, once I insert the values I get the following error ...
New-AzureADServiceAppRoleAssignment: Error occurred while executing NewServicePrincipalAppRoleAssignment Code: Request_BadRequest Message: Not a valid reference update. RequestId: 8ad2de7d-8b74-4cd9-b544-3200bb66a763 DateTimeStamp: Mon, 13 Dec 2021 14:04:52 GMT HttpStatusCode: BadRequest HttpStatusDescription: Bad Request HttpResponseStatus: Completed
Anyone have an idea what 'Not a valid reference update' means?
CodePudding user response:
First, connect to the Azure AD.
Connect-AzureAD
Now use the below command format:
New-AzureADServiceAppRoleAssignment -ObjectId $ServicePrincipalsID -Id $RoleID -PrincipalId $ServicePrincipalsID -ResourceId $APIservicePrincipalID
Note: The ObjectId and PrincipalId are both the MSI-generated service principal's id. Id is the id of the role. ResourceId is the id for the API service principal.
CodePudding user response:
I've realised where I was going wrong. My '-ID' (app role id) and '-PrincipallID' values were incorrect (the wrong way round!). This is all working now.