Skip to content

Commit dfaf190

Browse files
bhaimicrosoftbhaimicrosoft
committed
Updated custom-create document with MgGraph commands
1 parent 6ab7d1f commit dfaf190

File tree

1 file changed

+8
-8
lines changed

1 file changed

+8
-8
lines changed

articles/active-directory/roles/custom-create.md

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -59,10 +59,10 @@ Your custom role will show up in the list of available roles to assign.
5959

6060
### Connect to Azure
6161

62-
To connect to Azure Active Directory, use the following command:
62+
To connect to Microsoft Graph PowerShell, use the following command:
6363

6464
``` PowerShell
65-
Connect-AzureAD
65+
Connect-MgGraph -Scopes "RoleManagement.Read.All"
6666
```
6767

6868
### Create the custom role
@@ -81,10 +81,10 @@ $allowedResourceAction =
8181
"microsoft.directory/applications/basic/update",
8282
"microsoft.directory/applications/credentials/update"
8383
)
84-
$rolePermissions = @{'allowedResourceActions'= $allowedResourceAction}
84+
$rolePermissions = @(@{AllowedResourceActions= $allowedResourceAction})
8585
8686
# Create new custom admin role
87-
$customAdmin = New-AzureADMSRoleDefinition -RolePermissions $rolePermissions -DisplayName $displayName -Description $description -TemplateId $templateId -IsEnabled $true
87+
$customAdmin = New-MgRoleManagementDirectoryRoleDefinition -RolePermissions $rolePermissions -DisplayName $displayName -IsEnabled -Description $description -TemplateId $templateId
8888
```
8989

9090
### Assign the custom role using PowerShell
@@ -93,15 +93,15 @@ Assign the role using the below PowerShell script:
9393

9494
``` PowerShell
9595
# Get the user and role definition you want to link
96-
$user = Get-AzureADUser -Filter "userPrincipalName eq '[email protected]'"
97-
$roleDefinition = Get-AzureADMSRoleDefinition -Filter "displayName eq 'Application Support Administrator'"
96+
$user = Get-MgUser -Filter "userPrincipalName eq '[email protected]'"
97+
$roleDefinition = Get-MgRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq 'Application Support Administrator'"
9898
9999
# Get app registration and construct resource scope for assignment.
100-
$appRegistration = Get-AzureADApplication -Filter "displayName eq 'f/128 Filter Photos'"
100+
$appRegistration = Get-MgApplication -Filter "Displayname eq 'POSTMAN'"
101101
$resourceScope = '/' + $appRegistration.objectId
102102
103103
# Create a scoped role assignment
104-
$roleAssignment = New-AzureADMSRoleAssignment -DirectoryScopeId $resourceScope -RoleDefinitionId $roleDefinition.Id -PrincipalId $user.objectId
104+
$roleAssignment = New-MgRoleManagementDirectoryRoleAssignment -DirectoryScopeId $resourcescope -RoleDefinitionId $roledefinition.Id -PrincipalId $user.Id
105105
```
106106

107107
## Create a role with the Microsoft Graph API

0 commit comments

Comments
 (0)