我正在尝试在 Azure AD B2C 目录中创建本地用户,该目录可在创建后立即用于身份验证。
Connect-AzureAD -TenantId $targetB2cTenant
$passwordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$passwordProfile.Password = "Test-User-Password-Here"
$userName = "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="da8ebfa9ae8fa9bfa89a97a38ebfa9ae98e8998ebfb4bbb4aef4b5b4b7b3b9a8b5a9b5bcaef4b9b5b7" rel="noreferrer noopener nofollow">[email protected]</a>"
$signInNames = @(
(New-Object `
Microsoft.Open.AzureAD.Model.SignInName `
-Property @{Type = "userName"; Value = $userName})
)
$newUser = New-AzureADUser -AccountEnabled $True -DisplayName "testpowershellusercreation" -PasswordProfile $passwordProfile -SignInNames $signInNames -CreationType "LocalAccount"
Disconnect-AzureAD
通过阅读文档,我需要将 CreationType 参数指定为“LocalAccount”:
https://learn.microsoft.com/en-us/powershell/module/azuread/new-azureaduser?view=azureadps-2.0
Creating a B2C user with MFA that can immediately login
但是,当我运行 powershell 代码时,我收到以下错误:
New-AzureADUser : Error occurred while executing NewUser
Code: Request_BadRequest
Message: One or more properties contains invalid values.
当我删除 -CreationType 参数时,不会出现此错误消息。
使用 Powershell 在 B2C 目录中创建本地帐户的正确方法是什么?
最佳答案
类型“userName”的登录名不能在value属性中包含“@”字符。
即您无法将其设置为电子邮件地址。
您可能还想为新用户设置以下参数:
$passwordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$passwordProfile.ForceChangePasswordNextLogin = $False
$passwordProfile.Password = "<Password>"
$newUser = New-AzureADUser ... -PasswordPolicies "DisablePasswordExpiration"
关于powershell - 使用 Powershell New-AzureADUser 创建 Azure AD B2C 本地帐户用户,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49278109/