how do i add a computer device to an existing AAD security group? I create a token with this
$Body = @{
'tenant' = $TenantId
'client_id' = $ClientId
'scope' = 'https://graph.microsoft.com/.default'
'client_secret' = $ClientSecret
'grant_type' = 'client_credentials'
}
$Params = @{
'Uri' = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"
'Method' = 'Post'
'Body' = $Body
'ContentType' = 'application/x-www-form-urlencoded'
}
$AuthResponse = Invoke-RestMethod @Params
$Headers = @{
'Authorization' = "Bearer $($AuthResponse.access_token)"
}
After that i can make queries to the Graph API. Fetching group information
Invoke-RestMethod -Uri 'https://graph.microsoft.com/v1.0/groups/<GUID_group>' -Headers $Headers
Getting the correct result with all information of the group.
The microsoft documentatios says to add a member use this:
https://graph.microsoft.com/v1.0/groups/{id}/members/$ref
But where i do define the ObjectID of the computer device? If i run the request like above, nothing will happen, like described in the microsoft docs.
This one also would not work:
https://graph.microsoft.com/v1.0/groups/<GUID_group>/members/<GUID_computer>
Then it says that the group does not exists
"error": {
"code": "Request_ResourceNotFound",
"message": "Resource '<GUID_group>' does not exist or one of its queried reference-property objects are not present.",
"innerError": {
"date": "2020-08-25T12:47:10",
"request-id": "bc728016..."
}
}
Neither GET nor POST works.
Any ideas or is more information needed?
Maybe i am using the wrong query to accomplish what i want to do. I took a look at the directoryObject querys, but everytime i got refered to the Add member to group Site
Thanks!
"You can add users, organizational contacts, service principals or other groups."From the linked documentation.directoyObject, an i think a device/computer is a directoryObject. Maybe its the wrong query. Thats because i'm asking. Thanks for the reply :-)