This is just to explain to myself how to add Azure AD Application as owner of another AD Application because I have searched to many times for it.
You can’t do this as Global Admin. You need to be a normal user that is of course owner of the AD Application that you want to change.
This script uses both AzureAD and AzureRM PowerShell modules because on this moment not everything is available in AzureRM.
First get the owners of the application where you want to add the owner to. Check if it’s not already there.
Get-AzureADApplicationOwner -ObjectId $objectIdOfApplicationToChange
Then get the service principal object id (property id) of the Azure AD Application
Get-AzureRmADApplication -ObjectId $objectIdOfApplicationThatNeedsToBeAdded | Get-AzureRmADServicePrincipal
The result will be the ApplicationId, DisplayName, Id and Type. Copy the Id property (ObjectId) to add it as owner. You can also use the following shortcut:
(Get-AzureRmADApplication -ObjectId $objectIdOfApplicationThatNeedsToBeAdded | Get-AzureRmADServicePrincipal).Id
Add the new ObjectId as owner:
Add-AzureADApplicationOwner -ObjectId $objectIdOfApplicationToChange -RefObjectId $objectIdOfOtherAppServicePrincipal
Check if the new owner is set (you can check this as well in the portal):
Get-AzureADApplicationOwner -ObjectId $objectIdOfApplicationToChange
Oneliner
Or everything in one line:
$objectIdOfApplicationToChange = "976876-6567-49e0-ab8c-e40848205883" $objectIdOfApplicationThatNeedsToBeAdded = "98098897-86b9-4dc5-b447-c94138db3a61" Add-AzureADApplicationOwner -ObjectId $objectIdOfApplicationToChange -RefObjectId (Get-AzureRmADApplication -ObjectId $objectIdOfApplicationThatNeedsToBeAdded | Get-AzureRmADServicePrincipal).Id
Thanks, this helped me a lot!!!!!
Your welcome!
Maybe interesting for you: https://github.com/LockTar/AzureAdApplicationManagement
way to automate your app registrations in an azure pipeline
Hello
It seems not working anymore ?
I get an error message
Message: The reference target ‘Application_xxxxx’ of type ‘Application’ is invalid for the ‘owners’ reference.
tried it yesterday and besides some warnings about ending support next year it worked just fine (had to install some packages and do a login before, though)
If I’m not mistaking, you can already do this with the new modules. I thought I checked it a few months back.