我正在尝试编写一个PowerShell脚本,该脚本允许我更新Intune[430ish设备]中设备的所有名称,以反映我们的资产标签。当他们被导入到我们的租户中时,他们得到了设备的serialNumber作为他们的设备名称。API的所有权限都已应用:
API Permissions:
Device Read
Device Read all
DeviceManagementApps.ReadAll
DeviceManagementApps.ReadWriteAll
DeviceManagementConfiguration.ReadAll
DeviceManagementConfiguration.ReadWriteAll
DeviceManagementManagedDevices.PrivilegedOperations.All
DeviceManagementManagedDevices.ReadAll
DeviceManagementManagedDevices.ReadWriteAll
DeviceManagementRBAC.ReadAll
DeviceManagementRBAC.ReadWriteALL
DeviceManagementServiceConfig.ReadAll
DeviceManagementServiceConfig.ReadWriteAll
User Read
这是我所能得到的代码,但我仍然得到以下错误[我为丑陋或格式错误的代码道歉,我没有接受过正式的培训,都是使用谷歌傅学习的!]:
# Setting variables for connecting to the MS API
$ApplicationID = "xxxxxxxxxxxxxxxxxxxxxxxxxxx"
$TenantDomainName = "contoso.com"
$AccessSecret = Read-Host "Enter Secret"
# Connect to MSGraph command to run
Connect-MSGraph
# Setting the body of the json
$Body = @{
Grant_Type = "client_credentials"
Scope = "https://graph.microsoft.com/.default"
client_Id = $ApplicationID
Client_Secret = $AccessSecret
}
# Authenticating the connection to MSGraph
$ConnectGraph = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantDomainName/oauth2/v2.0/token" `
-Method POST -Body $Body
$token = $ConnectGraph.access_token
# Importing the CSV of device information
$csvfile = "C:<Path to file>"
Import-Csv $csvfile | ForEach-Object {
$serialNumber = $_.serialNumber;
$tag = $_.tag;
$deviceId = $serialNumber
Write-Host "Renaming machine from: $deviceID to: $tag" -ForegroundColor Cyan
# Getting the Device from the CSV and then putting it into MSGraph compatible Json
$DeviceToRename = Get-IntuneManagedDevice -Filter ("serialNumber eq '$serialNumber'")
Foreach ($Device in $DeviceToRename) {
$Resource = "deviceManagement/managedDevices('$DeviceId')/setDeviceName"
$graphApiVersion = "Beta"
$uri = "https://graph.microsoft.com/beta/deviceManagement/managedDevices/executeAction"
#This JSON format doesnt work
# $JSONPayload = @"
# { <NEW>
# "body": <NEW>
# {
# action: "setDeviceName",
# actionName: "setDeviceName",
# deviceName: "$tag",
# realaction: "setDeviceName",
# restartNow: false
# }
# } <NEW>
#"@
#Don't know if this works properly either?
$JSONPayload = @"
{
"@odata.type": "#microsoft.graph.managedDevice",
"actionName": "setDeviceName",
"deviceName": "$tag"
}
"@
# Writing out to check if this is working correctly
Write-Host $JSONPayload
# Converting $JSONPayload to an actual workable JSON
$convertedJSON = ConvertTo-Json $JSONPayload
try {
Invoke-MSGraphRequest -Url $uri -HttpMethod PATCH -Body $JSONPayload -ContentType "application/Json" -Verbose
} catch {
# Dig into the exception to get the Response details.
Write-Host "StatusCode:" "$_.Exception.Response.StatusCode.value__"
Write-Host "StatusDescription:" "$_.Exception.Response.StatusDescription"
Write-Host "StatusCode2:" "$_.ErrorDetails.Message"
}
}
}
错误响应:
StatusCode: A parameter cannot be found that matches parameter name 'Body'..Exception.Response.StatusCode.value__
StatusDescription: A parameter cannot be found that matches parameter name 'Body'..Exception.Response.StatusDescription
StatusCode2: A parameter cannot be found that matches parameter name 'Body'..ErrorDetails.Message
感谢
Tom
几个月前,我在从powershell runbook over图中操作intune设备时遇到了类似的问题。在我的案例中,json主体是个问题。我必须首先将主体定义为hashtable,然后将其转换为json。试试这样的东西:
# JSONPayload as hashtable instead of string
$JSONPayload = @{
"@odata.type" = "#microsoft.graph.managedDevice"
"actionName" = "setDeviceName"
"deviceName" = "$tag"
}
# Writing out to check if this is working correctly
$JSONPayload
# Converting $JSONPayload to an actual workable JSON
$convertedJSON = $JSONPayload | ConvertTo-Json
然后将$convertedJSON作为body传递给图形调用:
Invoke-MSGraphRequest -Url $uri -HttpMethod POST -Content $convertedJSON -Verbose
EDIT:您正在使用http方法PATCH调用端点/deviceManagement/managedDevices/executeAction。根据ms-docs的这篇文章,您必须使用http方法POST来调用端点。
我目前正在为一位客户测试这一点,并将发布我的结果。
这假设你知道如何创建azure应用程序注册,如果没有看到这篇文章:https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
我正在使用API获取自动驾驶设备列表:
$autoPilotUri ="https://graph.microsoft.com/v1.0/deviceManagement/windowsAutopilotDeviceIdentities"
$AutoPilotInventory = ( Invoke-GraphRequest -Uri $autoPiloturi -Method Get -Headers $header -ContentType "application/json" -ErrorAction Stop )
循环库存(您需要设置新名称等(:
foreach ($device in $AutoPilotInventory | where-object {$_.enrollmentState -eq "enrolled"}) {
$mgdDevice = Get-MgDeviceManagementManagedDevice -managedDeviceId $device.managedDeviceId
$updatedName = $someNewNamingcovention
Set-MgDeviceManagementManagedDeviceName -managedDeviceId $device.managedDeviceId -DeviceName $updatedName
}
更新:成功了。已重命名Intune、AutoPilot、AzureAD设备名称。它确实需要重新启动设备,才能在门户中显示更新后的名称。作业将显示为已完成,但在设备重新启动之前,名称不会更新,这是有意义的。