fixes

asudbring · asudbring · commit 642811285a9c · 2024-04-24T14:20:31.000-07:00
diff --git a/articles/virtual-network/create-peering-different-subscriptions-service-principal.md b/articles/virtual-network/create-peering-different-subscriptions-service-principal.md
@@ -254,7 +254,7 @@ Create **spn1-peer-vnet** with a scope to the virtual network created in the pre
 1. The service principal must have **User.Read.All** permissions to the directory. Use [Get-AzureADApplication](/powershell/module/azuread/get-azureadapplication), [Set-AzureADApplication](/powershell/module/azuread/set-azureadapplication), and [New-AzureADUserAppRoleAssignment](/powershell/module/azuread/new-azureaduserapproleassignment) to add the Microsoft Graph permissions of **User.Read.all** to the service principal.
 
     ```azurepowershell
-    $appId1 = Get-AzureADApplication -Filter "DisplayName eq 'spn-1-peer-vnet'" | Select-Object ObjectId
+    $appId1 = Get-AzureADApplication -Filter "DisplayName eq 'spn-1-peer-vnet'"
 
     # Define the permission
     $apiPermission = New-Object -TypeName Microsoft.Open.AzureAD.Model.RequiredResourceAccess
@@ -263,46 +263,18 @@ Create **spn1-peer-vnet** with a scope to the virtual network created in the pre
     $apiPermission.ResourceAccess = $resourceAccess
 
     # Get the application
-    $app = Get-AzureADApplication -ObjectId $appid1.ObjectId
+    $app = Get-AzureADApplication -ObjectId $appId1.ObjectId
 
     # Add the permission
     $app.RequiredResourceAccess.Add($apiPermission)
 
     # Update the application
-    Set-AzureADApplication -ObjectId $appid1.ObjectId -RequiredResourceAccess $app.RequiredResourceAccess
+    Set-AzureADApplication -ObjectId $appId1.ObjectId -RequiredResourceAccess $app.RequiredResourceAccess
 
-
-
-
-
-    # Add permission
-
-    $apiPermission = New-Object -TypeName 'Microsoft.Open.AzureAD.Model.RequiredResourceAccess'
-   
-    $apiPermission.ResourceAppId = "00000003-0000-0000-c000-000000000000"
     
-    $access = @{
-        TypeName = 'Microsoft.Open.AzureAD.Model.ResourceAccess'
-        Property = @{
-            Id = "e1fe6dd8-ba31-4d61-89e7-88639da4683d"
-            Type = "Scope"
-        }
-    }
-    $resourceAccess = New-Object @access
-
-    $apiPermission.ResourceAccess = $resourceAccess
 
-    $appId1 = Get-AzureADApplication -Filter "DisplayName eq 'spn-1-peer-vnet'" | Select-Object ObjectId
 
-    $app = Get-AzureADApplication -ObjectId $appid1.ObjectId
     
-    $app.RequiredResourceAccess.Add($apiPermission)
-    
-    $setapp = @{
-        ObjectId = $appid1.ObjectId
-        RequiredResourceAccess = $app.RequiredResourceAccess
-    }
-    Set-AzureADApplication @setapp
 
     # Grant permission
     $sp = Get-AzureADServicePrincipal -Filter "appId eq '00000003-0000-0000-c000-000000000000'"
@@ -311,7 +283,7 @@ Create **spn1-peer-vnet** with a scope to the virtual network created in the pre
     $userReadPermission = $sp.AppRoles | Where-Object {$_.Value -eq 'User.Read.All'}
 
     # Grant the permission
-    New-AzureADUserAppRoleAssignment -ObjectId $app -PrincipalId $app -ResourceId $sp.ObjectId -Id $userReadPermission.Id
+    New-AzureADUserAppRoleAssignment -ObjectId $appId1.ObjectId -PrincipalId $appId1.ObjectId -ResourceId $sp.ObjectId -Id $userReadPermission.Id
     ```
 
 ---
