I want to join computers in my organization to Azure AD using a PowerShell script.
I tried using the New-AzureADDevice command
But in the example:
New-AzureADDevice -AccountEnabled $true -DisplayName "My new device" -AlternativeSecurityIds $altsecid -DeviceId $guid -DeviceOSType "OS/2" -DeviceOSVersion "9.3"
can someone explain where parameter AlternativeSecurityIds comes from?
AlternativeSecurityId which consists of three elements whereby only two would be needed for devices.
Reference : https://learn.microsoft.com/en-us/graph/api/resources/alternativesecurityid?view=graph-rest-1.0
AlternativeSecurityIds : {class AlternativeSecurityId {
IdentityProvider:
Key: System.Byte[]
Type: 2
}
}
Key itself is of type described here
X509:[thumbprint]+[publickeyhash]
Type determines the purpose of the key (eg Bitlocker, Windows Hello,Recoverykeys)
$key = [System.Text.Encoding]::Unicode.GetBytes("X509:<SHA1-TP-PUBKEY><Thumbprint>")
$altsecids = New-Object -TypeName PSObject -Property @{
#'IdentityProvider' = 'null'
'Key' = $key
'Type' = "2" }
New-AzureADDevice -AccountEnabled $true -DisplayName '<NAME>' -DeviceOSType 'OS/2' -DeviceOSVersion '9.3' -AlternativeSecurityIds $altsecids -DeviceId (New-Guid)
This is mostly used for internal use and my understanding you will not able to achieve your requirement.
Currently, there is no powershell script/commandlet that can auto join with AAD
There is already an existing Uservoice for the same.
The other option would be able to make use of :
