I am able to add service principals and individual users to Azure Active Directory group with command:
Add-AzADGroupMember -TargetGroupObjectId GROUPID -MemberObjectId MEMBERID
I'm giving the user assigned managed identity principal id from the portal as MemberObjectId. I suppose the ID is something else, but what it is and how to get it? I have tried client id as well, with no luck.
When I try to run the same command with user assigned managed id, it fails with the error:
Line | 143 | Az.MSGraph.internal\New-AzADGroupGraphRefMember @PSBoundP … | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Resource 'XXXXX-...' does not exist or one of its queried reference-property objects | are not present.
CodePudding user response:
I tried to reproduce the same in my environment and got below results
I have one User Assigned Managed Identity named UserassignedMI like below:
To add the above identity to Azure AD group, I ran the same command as you by giving Client ID and got same error as below:
Add-AzADGroupMember -TargetGroupObjectId <GroupID> -MemberObjectId <Client ID>
Response:
But when I used Object (principal) ID for -MemberObjectID, it worked and gave results successfully like below:
Add-AzADGroupMember -TargetGroupObjectId <GroupID> -MemberObjectId <Object (principal) ID>
Get-AzADGroupMember -GroupObjectId <GroupID>
Response:
When I checked the same in Portal, managed identity added to the group successfully like below:
