How to use New-AzureADGroupAppRoleAssignment in Azure Active Directory

Application roles in Azure Active Directory (Azure AD) allow administrators to club permissions of an application into a single collective and assign it to resources. This allows them to decide who has control over certain data and functions of the application. Application roles can be assigned to Azure AD groups for granting permissions over an application to multiple members conveniently. The cmdlet New-AzureADGroupAppRoleAssignment allows us to assign existing application roles to an Azure AD group.

Azure PowerShell syntax

 Copied
New-AzureADGroupAppRoleAssignment
-ObjectId <String>
[-InformationAction <ActionPreference>]
[-InformationVariable <String>]
-Id <String>
-PrincipalId <String>
-ResourceId <String>
[<CommonParameters>]
Click to copy entire script

Example:

The following is an example script for retrieving a list of the application roles assigned to an Azure AD group.

 Copied
New-AzureADGroupAppRoleAssignment -ObjectId <GroupID> -Id <AppRoleID> -PrincipalId <principalID> -ResourceId <resourceID>
Click to copy entire script

where <GroupID> denotes the ObjectID of the Azure AD group for which the application roles should be assigned to, <AppRoleId> denotes the objectID of the application role to be assigned to the Azure AD group, <principalID> refers to the objectID of the Azure AD group for which the application roles should be assigned to ,and <resourceId> refers to the ObjectID of the enterprise application object for which the role is created for.

About ManageEngine ADManager Plus

ManageEngine ADManager Plus is a unified Active Directory (AD), Microsoft 365, Exchange, and Google Workspace management and reporting solution. With ADManager Plus, you can use the following features to improve your organizational workflow:

  • 360 degree user provisioning for Azure AD and other directory services like Active Directory and Google Workspace.
  • Pre-packaged reports with built-in management actions for increased productivity of administrators.
  • Automation for routine tasks like stale group cleanup, bulk user provisioning, and more.
  • Reset passwords, unlock user accounts, and create custom reports in bulk swiftly without PowerShell scripts.
  • Approval-based workflow for Azure AD management.

Simplify Azure AD management and reporting with ADManager Plus

  Get 30-day free trial.
  • Embark on your script-free AD management, reporting, and automation journey with ADManager Plus.
  •  
  • By clicking 'Start your free trial now', you agree to processing of personal data according to the Privacy Policy.
  • Thanks
  • Your download should begin automatically in 15 seconds. If not, click here to download manually.

Related Powershell How-to Guides:

The one-stop solution toActive Directory Management and Reporting

Email Download Link